issues
search
Loongson-Cloud-Community
/
dockerfiles
14
stars
14
forks
source link
Update Makefile
#187
Closed
qiangxuhui
closed
6 months ago
qiangxuhui
commented
6 months ago
cr.loongnix.cn/dragonflyoss/nginx:alpine
code
level
alerts
CIS-DI-0010
FATAL
Suspicious ENV key found : KEY_SHA512 on
0 /bin/sh -c set -x && apkArch="$(cat /etc/apk/arch)" && nginxPackages=" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} " && case "$apkArch" in x86_64) set -x && KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" && apk add --no-cache --virtual .cert-deps openssl curl ca-certificates && curl -o /tmp/nginx_signing.rsa.pub
https://nginx.org/keys/nginx_signing.rsa.pub
&& if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout
openssl sha512 -r)" = "$KEY_SHA512" ]; then echo "key verification succeeded!"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo "key verification failed!"; exit 1; fi && printf "%s%s%s\n" "
http://nginx.org/packages/alpine/v
"
egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release
"/main"
tee -a /etc/apk/repositories && apk del .cert-deps ;;
) set -x && tempDir="$(mktemp -d)" && chown nobody:nobody $tempDir && apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev perl-dev libedit-dev mercurial bash alpine-sdk findutils && su - nobody -s /bin/sh -c " export HOME=${tempDir} && cd ${tempDir} && hg clone
https://hg.nginx.org/pkg-oss
&& cd pkg-oss && hg up ${NGINX_VERSION}-${PKG_RELEASE} && cd alpine && make all && apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/
.apk && abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz " && echo "${tempDir}/packages/alpine/" >> /etc/apk/repositories && cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ && apk del .build-deps ;; esac && apk add --no-cache $nginxPackages && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi && sed -i '$ d' /etc/apk/repositories && apk add --no-cache --virtual .gettext gettext && mv /usr/bin/envsubst /tmp/ && runDeps="$( scanelf --needed --nobanner /tmp/envsubst
awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }'
sort -u
xargs -r apk info --installed
sort -u )" && apk add --no-cache $runDeps && apk del .gettext && mv /tmp/envsubst /usr/local/bin/ && apk add --no-cache tzdata && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log (You can suppress it with --accept-key)
CIS-DI-0001
WARN
Last user should not be root
CIS-DI-0005
INFO
export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006
INFO
not found HEALTHCHECK statement
egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release
"/main"