From efc8eaadf3e0be5b8b8b1900f46d379442cf0e26 Mon Sep 17 00:00:00 2001 From: Sunny Song Date: Wed, 1 Mar 2023 00:23:23 +0000 Subject: [PATCH 1/2] Fix for CVEs --- Dockerfile | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 531b66a4b..2e24ad2b7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ ADD . . RUN GOARCH=$(echo $TARGETPLATFORM | cut -f2 -d '/') GCE_PD_CSI_STAGING_VERSION=$STAGINGVERSION make gce-pd-driver # Start from Kubernetes Debian base. -FROM k8s.gcr.io/build-image/debian-base:buster-v1.9.0 as debian +FROM gke.gcr.io/debian-base:bullseye-v1.4.3-gke.0 as debian # Install necessary dependencies # google_nvme_id script depends on the following packages: nvme-cli, xxd, bash RUN clean-install util-linux e2fsprogs mount ca-certificates udev xfsprogs nvme-cli xxd bash @@ -74,28 +74,30 @@ COPY --from=debian /bin/ln /bin/ln COPY --from=debian /bin/udevadm /bin/udevadm # Copy shared libraries into distroless base. -COPY --from=debian /lib/${LIB_DIR_PREFIX}-linux-gnu/libblkid.so.1 \ +COPY --from=debian /lib/${LIB_DIR_PREFIX}-linux-gnu/libpcre.so.3 \ + /lib/${LIB_DIR_PREFIX}-linux-gnu/libselinux.so.1 \ + /lib/${LIB_DIR_PREFIX}-linux-gnu/libtinfo.so.6 \ + /lib/${LIB_DIR_PREFIX}-linux-gnu/libe2p.so.2 \ /lib/${LIB_DIR_PREFIX}-linux-gnu/libcom_err.so.2 \ /lib/${LIB_DIR_PREFIX}-linux-gnu/libdevmapper.so.1.02.1 \ - /lib/${LIB_DIR_PREFIX}-linux-gnu/libe2p.so.2 \ /lib/${LIB_DIR_PREFIX}-linux-gnu/libext2fs.so.2 \ /lib/${LIB_DIR_PREFIX}-linux-gnu/libgcc_s.so.1 \ /lib/${LIB_DIR_PREFIX}-linux-gnu/liblzma.so.5 \ - /lib/${LIB_DIR_PREFIX}-linux-gnu/libmount.so.1 \ - /lib/${LIB_DIR_PREFIX}-linux-gnu/libpcre.so.3 \ - /lib/${LIB_DIR_PREFIX}-linux-gnu/libreadline.so.5 \ - /lib/${LIB_DIR_PREFIX}-linux-gnu/libselinux.so.1 \ - /lib/${LIB_DIR_PREFIX}-linux-gnu/libtinfo.so.6 \ - /lib/${LIB_DIR_PREFIX}-linux-gnu/libudev.so.1 \ - /lib/${LIB_DIR_PREFIX}-linux-gnu/libuuid.so.1 \ + /lib/${LIB_DIR_PREFIX}-linux-gnu/libreadline.so.8 \ /lib/${LIB_DIR_PREFIX}-linux-gnu/libz.so.1 /lib/${LIB_DIR_PREFIX}-linux-gnu/ -COPY --from=debian /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libacl.so.1 \ +COPY --from=debian /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libblkid.so.1 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libinih.so.1 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libmount.so.1 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libudev.so.1 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libuuid.so.1 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libacl.so.1 \ /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libattr.so.1 \ - /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicudata.so.63 \ - /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicui18n.so.63 \ - /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicuuc.so.63 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicudata.so.67 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicui18n.so.67 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicuuc.so.67 \ /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libkmod.so.2 \ + /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libpcre2-8.so.0 \ /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libstdc++.so.6 /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/ # Copy NVME support required script and rules into distroless base. From ed158c8db90e2cfb84fc5f16ac970054748e9ded Mon Sep 17 00:00:00 2001 From: Saikat Roychowdhury Date: Thu, 23 Feb 2023 21:53:38 +0000 Subject: [PATCH 2/2] go version updates --- Dockerfile | 2 +- Dockerfile.Windows | 4 ++++ Dockerfile.debug | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2e24ad2b7..8064d04fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ ARG BUILDPLATFORM -FROM --platform=$BUILDPLATFORM golang:1.18.9 as builder +FROM --platform=$BUILDPLATFORM golang:1.19.6 as builder ARG STAGINGVERSION ARG TARGETPLATFORM diff --git a/Dockerfile.Windows b/Dockerfile.Windows index 508b0e165..634062c3f 100644 --- a/Dockerfile.Windows +++ b/Dockerfile.Windows @@ -13,7 +13,11 @@ # limitations under the License. ARG BASE_IMAGE +<<<<<<< HEAD FROM --platform=$BUILDPLATFORM golang:1.18.9 AS builder +======= +FROM --platform=$BUILDPLATFORM golang:1.19.6 AS builder +>>>>>>> go version updates ARG TARGETPLATFORM ARG BUILDPLATFORM diff --git a/Dockerfile.debug b/Dockerfile.debug index 9a1dae55c..b13036c4a 100644 --- a/Dockerfile.debug +++ b/Dockerfile.debug @@ -12,7 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +<<<<<<< HEAD FROM golang:1.13.15 as builder +======= +FROM golang:1.19.6 as builder +>>>>>>> go version updates WORKDIR /go/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver ADD . .