Open jpabbuehl opened 1 month ago
Hi @jpabbuehl - are you using the AMD or ARM image? We just swapped the the AMD image over to Wolfi OS to mitigate CVEs.
@MthwRobinson The arm64 and amd64 images are pretty different in many ways. Are they going to converge back on a setup that works on both with the same versions?
@neilkumar - Yes, we'll likely move to Wolfi OS for both of them. Only reason we didn't move over the arm64 image already is that we haven't been able to build libreoffice for arm64 yet, and so moving that over now would meaning losing support for .doc
/.ppt
/.xls
(though .docx
, .pptx
and .xlsx
would still work.
@MthwRobinson Thanks for the response.
I did a little digging on Wolfi and found what I think is the package definition here:
https://github.com/wolfi-dev/os/blob/main/libreoffice-24.2.yaml
which led me to the last time it tried to build
https://github.com/wolfi-dev/os/actions/runs/9366118496/job/25785656360
which appears that it's blocked because of a Medium CVE CVE-2012-5639 from 13 years ago
that led me to
https://lwn.net/Articles/957219/
and the actual closed ticket from 13 years ago on the libreoffice side.
https://bugs.documentfoundation.org/show_bug.cgi?id=58295
Guessing this will not be resolved on the upstream side anytime soon.
Oh wow thanks @neilkumar for the links and really interesting background on that CVE! Think I should have bandwidth to take a closer look at this issue later this week.
@MthwRobinson amd64 thanks for the explanation. hope there is a workaround
@jpabbuehl - Could you clarify what's not working for you within the container? I just tried the workflow document here for the amd64 image and that worked fine for me.
@MthwRobinson The issue for me is that we want to run the exact same versions of the software across, and that we add some items to your base image. The amd64 uses "nonroot" and the arm64 is using "notebook-user", among the differences.
@neilkumar - #3213 updated the wolfi image to be closer to rockylinux image and the user name is now notebook-user
again.
Hi,
I'm experiencing some regression with open source docker images (client and api) at
e.g. cli found in documentation not working as expected, larger image size, base-image not update, bug fixes, etc...
Knowing there is a SaaS offering, is this expected? or are there any CI rewiring to do on the open-source version? Surprisingly https://quay.io/repository/unstructured-io/unstructured-api?tab=tags and https://quay.io/repository/unstructured-io/unstructured?tab=tags keep being updated, but the issues are persisting...
Thanks a lot in advance
Relevant github issues https://github.com/Unstructured-IO/unstructured/issues/2274 https://github.com/Unstructured-IO/unstructured-api/issues/339 https://github.com/Unstructured-IO/unstructured-api/issues/387 https://github.com/Unstructured-IO/base-images/issues/11