build issues

[Auggie321]

sir,

may i ask you about some image build issues ? I checked minideb readme security, wanna fix debian vulnerabilities, mini base from debian, where can I be allowed to get the full dockefile of minideb ? wanna build it by self.

server env

Ubuntu 18.04.6 LTS
Docker version 20.10.12
go version go1.14.1 linux/amd64

cd $GOPATH git clone https://github.com/bitnami/minideb.git cd minideb make build, got some error

zlib1g 170
Largest dirs
1892    /tmp/tmp.ThNkXJpE2g/usr/sbin
2288    /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib
3260    /tmp/tmp.ThNkXJpE2g/sbin
3468    /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu/perl-base/unicore
3528    /tmp/tmp.ThNkXJpE2g/usr/share/zoneinfo
3644    /tmp/tmp.ThNkXJpE2g/var/lib/dpkg/info
3916    /tmp/tmp.ThNkXJpE2g/var/lib/dpkg
4004    /tmp/tmp.ThNkXJpE2g/var/lib
4908    /tmp/tmp.ThNkXJpE2g/bin
5164    /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu/perl-base
5508    /tmp/tmp.ThNkXJpE2g/var
6632    /tmp/tmp.ThNkXJpE2g/usr/share
7544    /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu/gconv
11256   /tmp/tmp.ThNkXJpE2g/lib/x86_64-linux-gnu
11620   /tmp/tmp.ThNkXJpE2g/lib
12632   /tmp/tmp.ThNkXJpE2g/usr/bin
25644   /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu
28380   /tmp/tmp.ThNkXJpE2g/usr/lib
49592   /tmp/tmp.ThNkXJpE2g/usr
75624   /tmp/tmp.ThNkXJpE2g
Built in /tmp/tmp.ThNkXJpE2g
Image built at build/buster-amd64-repro.tar
Image changed sha256:cc23e42ec8eaf823580dcd9718c247aae01aa5ab757ae41a684c32ffb10bc61c (new) != sha256:c5ae78aa89d998f924d75bfcdffb9dee67b337fbfc8bec55cbb671d36a6ffb28 (old)
Changes (- old, + new):
--- sha256:c5ae78aa89d998f924d75bfcdffb9dee67b337fbfc8bec55cbb671d36a6ffb28
+++ sha256:cc23e42ec8eaf823580dcd9718c247aae01aa5ab757ae41a684c32ffb10bc61c
@@ -1,5 +1,5 @@
 {
-  "Id": "sha256:c5ae78aa89d998f924d75bfcdffb9dee67b337fbfc8bec55cbb671d36a6ffb28",
+  "Id": "sha256:cc23e42ec8eaf823580dcd9718c247aae01aa5ab757ae41a684c32ffb10bc61c",
   "Parent": "",
   "Comment": "from Bitnami with love",
   "Created": "2023-01-21T00:10:43.684675902Z",
@@ -52,16 +52,16 @@
   "VirtualSize": 67518837,
   "GraphDriver": {
     "Data": {
-      "MergedDir": "/var/lib/docker/overlay2/2c58734b7792919636f178b12e42d0f993d8fa64d36b41965905f27f526ff3a3/merged",
-      "UpperDir": "/var/lib/docker/overlay2/2c58734b7792919636f178b12e42d0f993d8fa64d36b41965905f27f526ff3a3/diff",
-      "WorkDir": "/var/lib/docker/overlay2/2c58734b7792919636f178b12e42d0f993d8fa64d36b41965905f27f526ff3a3/work"
+      "MergedDir": "/var/lib/docker/overlay2/90326ab71c2847ed973a496b35b9d81d05b93201047dcdfc7559dea80a946fe7/merged",
+      "UpperDir": "/var/lib/docker/overlay2/90326ab71c2847ed973a496b35b9d81d05b93201047dcdfc7559dea80a946fe7/diff",
+      "WorkDir": "/var/lib/docker/overlay2/90326ab71c2847ed973a496b35b9d81d05b93201047dcdfc7559dea80a946fe7/work"
     },
     "Name": "overlay2"
   },
   "RootFS": {
     "Type": "layers",
     "Layers": [
-      "sha256:4d550068fdd0ca431c9fa2916354736e8321509c3e0e469e41ab24de65a025aa"
+      "sha256:682f50edd41ee7bcc1e53d7782807ca8bc0d393034e936e16ae2c9be116e935b"
     ]
   },
   "Metadata": {
--- sha256:c5ae78aa89d998f924d75bfcdffb9dee67b337fbfc8bec55cbb671d36a6ffb28
+++ sha256:cc23e42ec8eaf823580dcd9718c247aae01aa5ab757ae41a684c32ffb10bc61c
@@ -4248,7 +4248,7 @@
 -rw-r--r--  1 root root       8 Jan  9 12:45 /var/lib/dpkg/cmethopt
 -rw-r--r--  1 root root     136 Jan  9 12:45 /var/lib/dpkg/diversions
 -rw-r--r--  1 root root      98 Jan  9 12:45 /var/lib/dpkg/diversions-old
-drwxr-xr-x  2 root root   20480 Jan  9 12:45 /var/lib/dpkg/info
+drwxr-xr-x  2 root root   24576 Jan  9 12:45 /var/lib/dpkg/info
 -rw-r--r--  1 root root      18 Sep 15  2018 /var/lib/dpkg/info/adduser.conffiles
 -rwxr-xr-x  1 root root     929 Sep 15  2018 /var/lib/dpkg/info/adduser.config
 -rw-r--r--  1 root root    6420 Jan  9 12:45 /var/lib/dpkg/info/adduser.list
Tagged sha256:5b6db6d165c762082a51c56aacc63967ba46cb553508efb4568c7f3714056c68 as bitnami/minideb:buster-amd64
============================================
Building bitnami/minideb:bullseye-amd64
============================================
Building base in /tmp/tmp.sEmpyDfsCe
I: Retrieving InRelease 
I: Checking Release signature
E: Release signed by unknown key (key id 605C66F00D6C9793)
Makefile:26: recipe for target 'build' failed
make: *** [build] Error 1

If i could get the minideb dockerfile, then bypass the makefile file and build the image directly.

[Auggie321]

I understand that using make build does not solve the problem of the minideb underlying debian image vulnerability. Of course this is not the point, although make build is not executable, in fact, want to see minideb's dockerfile, after making a new debian image. Refer to minideb's dockerfile used to introduce from debian-fixed images, using a multi-stage production image to fix the debian-minideb vulnerability problem

[javsalgar]

Hi,

Could you add more details on the errors you found? Did you follow this section of the readme? https://github.com/bitnami/minideb#building-minideb

[Auggie321]

Hi,

The compilation issue posted above is probably not the key，and can actually be ignored. Used the linked hub.docker.com/bitnami/minideb latest image. will sweep out the underlying vulnerabilities in debian.

I'm just not sure about the contents of minideb's Dockerfile, not sure how my Dockerfile internally references minideb's copyfile, which xxx should be add.

new Dockerfile

FROM bitnami/minideb:bullseye as baseimage

FROM debian11-patch:self 

COPY --from=baseimage xxx
RUN xxx

I understand if minideb's Dockerfile is not available. If i want to handle vulnerability fixes, could do so with docker run -it --rm bitnami/minideb:latest fix issues then docker commit; but it's a bit more complicated. I think it would be better to go through Dockerfile. May I ask if you have any better suggestions.