-
Notifications
You must be signed in to change notification settings - Fork 42
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Address CVE in Alpine base image (#496)
Signed-off-by: Leonard Goodell <[email protected]> Co-authored-by: Leonard Goodell <[email protected]>
- Loading branch information
1 parent
9ba2c33
commit b5fd43a
Showing
2 changed files
with
9 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,7 +19,11 @@ FROM ${BASE} | |
LABEL maintainer="IOTech <[email protected]>" | ||
RUN wget https://iotech.jfrog.io/artifactory/api/security/keypair/public/repositories/alpine-release -O /etc/apk/keys/alpine.dev.rsa.pub | ||
RUN echo 'https://iotech.jfrog.io/artifactory/alpine-release/v3.18/main' >> /etc/apk/repositories | ||
RUN apk add --update --no-cache binutils gcc libc-dev make git cmake yaml-dev curl-dev libmicrohttpd-dev util-linux-dev ncurses-dev libcbor-dev iotech-paho-mqtt-c-dev-1.3 hiredis-dev iotech-iot-1.5-dev && mkdir -p /edgex-c-sdk/build | ||
|
||
RUN apk add --update --no-cache binutils gcc libc-dev make git cmake yaml-dev curl-dev libmicrohttpd-dev util-linux-dev ncurses-dev libcbor-dev iotech-paho-mqtt-c-dev-1.3 hiredis-dev iotech-iot-1.5-dev dumb-init && mkdir -p /edgex-c-sdk/build | ||
# Ensure using latest versions of all installed packages to avoid any recent CVEs | ||
RUN apk --no-cache upgrade | ||
|
||
COPY VERSION /edgex-c-sdk/ | ||
COPY src /edgex-c-sdk/src/ | ||
COPY include /edgex-c-sdk/include/ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -36,7 +36,10 @@ LABEL maintainer="IOTech <[email protected]>" | |
|
||
RUN wget https://iotech.jfrog.io/artifactory/api/security/keypair/public/repositories/alpine-release -O /etc/apk/keys/alpine.dev.rsa.pub | ||
RUN echo 'https://iotech.jfrog.io/artifactory/alpine-release/v3.18/main' >> /etc/apk/repositories | ||
RUN apk add --update --no-cache binutils gcc libc-dev make git cmake yaml curl libmicrohttpd libuuid libcbor iotech-paho-mqtt-c-dev-1.3 iotech-iot-1.5 hiredis-dev | ||
|
||
RUN apk add --update --no-cache binutils gcc libc-dev make git cmake yaml curl libmicrohttpd libuuid libcbor iotech-paho-mqtt-c-dev-1.3 iotech-iot-1.5 hiredis-dev dumb-init | ||
# Ensure using latest versions of all installed packages to avoid any recent CVEs | ||
RUN apk --no-cache upgrade | ||
|
||
COPY --from=builder /usr/local/include/edgex /usr/local/include/edgex | ||
COPY --from=builder /usr/local/lib /usr/local/lib | ||
|