Skip to content

Commit

Permalink
build: Bump gpg to alpine's edge
Browse files Browse the repository at this point in the history 
LibKSBA is a dependency to GnuPG, which has a CVE that
is yet to be patched on Alpine's stable channel. This
PR installs GnuPG from the edge channel, and should be
reverted once libksba's version 1.6.2 is in main.

https://pkgs.alpinelinux.org/packages?name=libksba&branch=edge
https://gnupg.org/blog/20221017-pepe-left-the-ksba.html

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
  • Loading branch information
Paulo Gomes committed Nov 9, 2022
1 parent 47073a3 commit 8960037
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ RUN xx-go build -trimpath -a -o kustomize-controller main.go

FROM alpine:3.16

RUN apk add --no-cache ca-certificates tini git openssh-client gnupg
RUN apk add --no-cache ca-certificates tini git openssh-client && \
apk add --no-cache gnupg --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main

COPY --from=builder /workspace/kustomize-controller /usr/local/bin/

Expand Down

0 comments on commit 8960037

Please sign in to comment.