bitnami / minideb Goto Github PK
View Code? Open in Web Editor NEWA small image based on Debian designed for use in containers
Home Page: https://bitnami.com
License: Apache License 2.0
A small image based on Debian designed for use in containers
Home Page: https://bitnami.com
License: Apache License 2.0
I am trying to use minideb with Fedora 31 where docker ce is not official supported. Instead podman should be used.
With the following Dockerfile
FROM bitnami/minideb:unstable
RUN install_packages kernel-package crossbuild-essential-armhf crossbuild-essential-arm64 fakeroot libssl-dev bison flex libncurses-dev lzop cpio rsync
ENV ARCH=arm DEB_HOST_ARCH=armhf CONCURRENCY_LEVEL=9
WORKDIR /build
I get this error
➜ build-stuff git:(master) ✗ podman run -it --rm -v /home/christian/projects/linux:/src:z kernel /bin/bash
Error: chdir: No such file or directory: OCI runtime command not found error
We are using bitnami/minideb:buster image and we get the following high severity security issues (9/1/2021).
https://security-tracker.debian.org/tracker/CVE-2019-25013
https://security-tracker.debian.org/tracker/CVE-2021-33574
We have a requirement to eliminate critical and high, security vulnerabilities.
How long would it take to address these security vulnerabilities in bitnami/minideb:buster ?
Hi,
I would like to know if you plan to upgrade the base Debian image from 10 (buster) to 11 (bullseye)?
Debian 11.0 was released on August 14th, 2021.
Hi,
I am using minideb as base for my images but as soon as I use:
apt-get remove
I get the following message:
mount : PreDepends: libmount1 (>= 2.25) but it is not going to be installed
How can I fix this?
Hey,
when I try to build a Debian Bullseye Image withe the following Command:
make build bullseye
the build Fails at the Stage:
Building bitnami/minideb:buster-arm64
with the following error:
Setting up qemu static in chroot Cannot find aarch64 qemu static. Aborting... make: *** [Makefile:27: build] Fehler 1
My Hostsystem is an actual Debian 11.6 Bullseye (amd64)
It's usual to have some build steps in the Dockerfile which require packages no longer needed once the container is up and running.
It would be great to have remove_packages
that, like install_packages
, does all the cleaning associated with uninstalling a package
Description
Unable to build Minideb for ARM64 foreign architecture.
Maybe this is a documentation issue? Can I ARM64 Minideb be build inside an ARM64 Bullseye Docker image?
Steps to reproduce the issue:
Describe the results you received:
$ ./qemu_build bullseye arm64
Installing QEMU and required packages...
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://security.debian.org/debian-security bullseye-security InRelease
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'qemu-system-arm' instead of 'qemu-kvm'
Package libvirt-bin is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'libvirt-bin' has no installation candidate
make: *** [Makefile:17: .installed-qemu] Error 100
Describe the results you expected:
An ARM64 Minideb foreign architecture Docker image wold be created.
Version
docker version
:$ docker version
Client:
Cloud integration: v1.0.24
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:04:45 2022
OS/Arch: darwin/arm64
Context: default
Experimental: true
Server: Docker Desktop 4.10.1 (82475)
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:01 2022
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
:$ docker info
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc., v0.8.2)
compose: Docker Compose (Docker Inc., v2.6.1)
extension: Manages Docker extensions (Docker Inc., v0.2.7)
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 2
Running: 0
Paused: 0
Stopped: 2
Images: 3
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
seccomp
Profile: default
cgroupns
Kernel Version: 5.10.104-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 7.765GiB
Name: docker-desktop
ID: L4PG:GDQK:ZHVF:36LO:5XO5:GSFS:WYKV:CZED:QFRI:ZXI2:WSMU:NF7W
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5000
127.0.0.0/8
Live Restore Enabled: false
docker-compose version
(if applicable):$ docker-compose version
Docker Compose version v2.6.1
Additional environment details (AWS, VirtualBox, Docker for MAC, physical, etc.):
$ sw_vers
ProductName: macOS
ProductVersion: 12.4
BuildVersion: 21F79
Hello,
we are using bitnami/minideb:buster image and several SCA Tools (twistlock, clair, snyk) detected CVE-2018-12886 High-severity vulnerability that we are concerned about related to gcc-8 module :
you may see the report at buster image here: https://snyk.io/test/docker/bitnami%2Fminideb%3Abuster#SNYK-DEBIAN10-GCC8-347558
More info about CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12886.
Seems that it uses gcc-8 (8.3.0-6) vulnerable package from debian-10 buster release (https://security-tracker.debian.org/tracker/CVE-2018-12886) and there is no fixes or patches is available now from debian for this CVE.
How long does it take to apply this patch to minideb image as soon it will be available and how we can know about it?
Thanks
Hi!
I am going to use your image, the only hurdle is that it lacks an http client ( wget or curl ).
My usage logic implies I bootstrap all the dependencies on minideb container via curl $some-url | bash
Any ideas?
Hi ,
Your docker images are awesome , but i want to know , if you project to add the management of file env.
Like in mysql image mysql image .
The final goal is to manage secret
For example, when launching a MySQL container you can set environment variables to:
-e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_password
The MYSQL_ROOT_PASSWORD environment
variable will use the value from the file.
Does this have advantages over https://github.com/tklx/base (which can be used with CoreOS's rkt)? Thanks.
Description
It appears that new builds are no longer available on Docker Hub, the latest version was published a month ago according to https://hub.docker.com/r/bitnami/minideb/tags
I see that CI in this repo is failing since approximately that time, but not sure if it is related.
Is this intentional and I should not expect minideb to be updated in Docker Hub on a nightly basis, or is this a bug?
Is perl absolutely needed for this distro?
It is a massive package that fattens this distro. It can also be easily installed if someone needs it. So is it necessary to have it in the base distro? does the package manager use it?
Hi. I'm finding a problem with pulling images from ECR Public using tags. When trying to pull public.ecr.aws/bitnami/minideb:stretch
(or the other tags) then you get an old images version rather than the latest.
For stretch, the image was published on 2020-11-02T03:18:47.504586077Z
❯ docker inspect public.ecr.aws/bitnami/minideb:stretch --format '{{.Created}}'
2020-11-02T03:18:47.504586077Z
Quay seems to be consistent with Docker Hub though.
❯ docker pull bitnami/minideb:stretch
stretch: Pulling from bitnami/minideb
Digest: sha256:a70cdb0d0f053fa454b3ff2943147e29e42abb2203ef6126378ddf1f51eb355c
Status: Image is up to date for bitnami/minideb:stretch
docker.io/bitnami/minideb:stretch
❯ docker pull quay.io/bitnami/minideb:stretch
stretch: Pulling from bitnami/minideb
Digest: sha256:a70cdb0d0f053fa454b3ff2943147e29e42abb2203ef6126378ddf1f51eb355c
Status: Image is up to date for quay.io/bitnami/minideb:stretch
quay.io/bitnami/minideb:stretch
❯ docker pull public.ecr.aws/bitnami/minideb:stretch
stretch: Pulling from bitnami/minideb
Digest: sha256:8b5d213666fbc901bbfd15e4ed5cba292fab1dc4c5ac2339ddcfac351163c585
Status: Image is up to date for public.ecr.aws/bitnami/minideb:stretch
public.ecr.aws/bitnami/minideb:stretch
Pulling by digest on ECR Public seems to work though:
❯ docker pull public.ecr.aws/bitnami/minideb@sha256:a70cdb0d0f053fa454b3ff2943147e29e42abb2203ef6126378ddf1f51eb355c
public.ecr.aws/bitnami/minideb@sha256:a70cdb0d0f053fa454b3ff2943147e29e42abb2203ef6126378ddf1f51eb355c: Pulling from bitnami/minideb
Digest: sha256:a70cdb0d0f053fa454b3ff2943147e29e42abb2203ef6126378ddf1f51eb355c
Status: Image is up to date for public.ecr.aws/bitnami/minideb@sha256:a70cdb0d0f053fa454b3ff2943147e29e42abb2203ef6126378ddf1f51eb355c
public.ecr.aws/bitnami/minideb@sha256:a70cdb0d0f053fa454b3ff2943147e29e42abb2203ef6126378ddf1f51eb355c
Is there a problem with updating the tags on ECR Public?
sir,
may i ask you about some image build issues ?
I checked minideb readme security, wanna fix debian vulnerabilities,
mini base from debian, where can I be allowed to get the full dockefile of minideb ?
wanna build it by self.
server env
Ubuntu 18.04.6 LTS
Docker version 20.10.12
go version go1.14.1 linux/amd64
cd $GOPATH
git clone https://github.com/bitnami/minideb.git
cd minideb
make build, got some error
zlib1g 170
Largest dirs
1892 /tmp/tmp.ThNkXJpE2g/usr/sbin
2288 /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib
3260 /tmp/tmp.ThNkXJpE2g/sbin
3468 /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu/perl-base/unicore
3528 /tmp/tmp.ThNkXJpE2g/usr/share/zoneinfo
3644 /tmp/tmp.ThNkXJpE2g/var/lib/dpkg/info
3916 /tmp/tmp.ThNkXJpE2g/var/lib/dpkg
4004 /tmp/tmp.ThNkXJpE2g/var/lib
4908 /tmp/tmp.ThNkXJpE2g/bin
5164 /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu/perl-base
5508 /tmp/tmp.ThNkXJpE2g/var
6632 /tmp/tmp.ThNkXJpE2g/usr/share
7544 /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu/gconv
11256 /tmp/tmp.ThNkXJpE2g/lib/x86_64-linux-gnu
11620 /tmp/tmp.ThNkXJpE2g/lib
12632 /tmp/tmp.ThNkXJpE2g/usr/bin
25644 /tmp/tmp.ThNkXJpE2g/usr/lib/x86_64-linux-gnu
28380 /tmp/tmp.ThNkXJpE2g/usr/lib
49592 /tmp/tmp.ThNkXJpE2g/usr
75624 /tmp/tmp.ThNkXJpE2g
Built in /tmp/tmp.ThNkXJpE2g
Image built at build/buster-amd64-repro.tar
Image changed sha256:cc23e42ec8eaf823580dcd9718c247aae01aa5ab757ae41a684c32ffb10bc61c (new) != sha256:c5ae78aa89d998f924d75bfcdffb9dee67b337fbfc8bec55cbb671d36a6ffb28 (old)
Changes (- old, + new):
--- sha256:c5ae78aa89d998f924d75bfcdffb9dee67b337fbfc8bec55cbb671d36a6ffb28
+++ sha256:cc23e42ec8eaf823580dcd9718c247aae01aa5ab757ae41a684c32ffb10bc61c
@@ -1,5 +1,5 @@
{
- "Id": "sha256:c5ae78aa89d998f924d75bfcdffb9dee67b337fbfc8bec55cbb671d36a6ffb28",
+ "Id": "sha256:cc23e42ec8eaf823580dcd9718c247aae01aa5ab757ae41a684c32ffb10bc61c",
"Parent": "",
"Comment": "from Bitnami with love",
"Created": "2023-01-21T00:10:43.684675902Z",
@@ -52,16 +52,16 @@
"VirtualSize": 67518837,
"GraphDriver": {
"Data": {
- "MergedDir": "/var/lib/docker/overlay2/2c58734b7792919636f178b12e42d0f993d8fa64d36b41965905f27f526ff3a3/merged",
- "UpperDir": "/var/lib/docker/overlay2/2c58734b7792919636f178b12e42d0f993d8fa64d36b41965905f27f526ff3a3/diff",
- "WorkDir": "/var/lib/docker/overlay2/2c58734b7792919636f178b12e42d0f993d8fa64d36b41965905f27f526ff3a3/work"
+ "MergedDir": "/var/lib/docker/overlay2/90326ab71c2847ed973a496b35b9d81d05b93201047dcdfc7559dea80a946fe7/merged",
+ "UpperDir": "/var/lib/docker/overlay2/90326ab71c2847ed973a496b35b9d81d05b93201047dcdfc7559dea80a946fe7/diff",
+ "WorkDir": "/var/lib/docker/overlay2/90326ab71c2847ed973a496b35b9d81d05b93201047dcdfc7559dea80a946fe7/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
- "sha256:4d550068fdd0ca431c9fa2916354736e8321509c3e0e469e41ab24de65a025aa"
+ "sha256:682f50edd41ee7bcc1e53d7782807ca8bc0d393034e936e16ae2c9be116e935b"
]
},
"Metadata": {
--- sha256:c5ae78aa89d998f924d75bfcdffb9dee67b337fbfc8bec55cbb671d36a6ffb28
+++ sha256:cc23e42ec8eaf823580dcd9718c247aae01aa5ab757ae41a684c32ffb10bc61c
@@ -4248,7 +4248,7 @@
-rw-r--r-- 1 root root 8 Jan 9 12:45 /var/lib/dpkg/cmethopt
-rw-r--r-- 1 root root 136 Jan 9 12:45 /var/lib/dpkg/diversions
-rw-r--r-- 1 root root 98 Jan 9 12:45 /var/lib/dpkg/diversions-old
-drwxr-xr-x 2 root root 20480 Jan 9 12:45 /var/lib/dpkg/info
+drwxr-xr-x 2 root root 24576 Jan 9 12:45 /var/lib/dpkg/info
-rw-r--r-- 1 root root 18 Sep 15 2018 /var/lib/dpkg/info/adduser.conffiles
-rwxr-xr-x 1 root root 929 Sep 15 2018 /var/lib/dpkg/info/adduser.config
-rw-r--r-- 1 root root 6420 Jan 9 12:45 /var/lib/dpkg/info/adduser.list
Tagged sha256:5b6db6d165c762082a51c56aacc63967ba46cb553508efb4568c7f3714056c68 as bitnami/minideb:buster-amd64
============================================
Building bitnami/minideb:bullseye-amd64
============================================
Building base in /tmp/tmp.sEmpyDfsCe
I: Retrieving InRelease
I: Checking Release signature
E: Release signed by unknown key (key id 605C66F00D6C9793)
Makefile:26: recipe for target 'build' failed
make: *** [build] Error 1
If i could get the minideb dockerfile, then bypass the makefile file and build the image directly.
If I try to build minideb on a Raspberry Pi 4 with Raspbian installed, I get the following error:
make[1]: Leaving directory '/home/dietpi/minideb'
./mkimage /home/dietpi/minideb/build/buster.tar buster
cp: cannot stat '/usr/share/keyrings/debian-archive-keyring.gpg': No such file or directory
make: *** [Makefile:28: buster] Error 1
To fix it, I had to tweak mkimage
. Here are the changes I had to make: https://ybin.me/p/1249eb31d3d4fcd9#NFUFW1QRI59T/ojae73HMaq3wtfv9nIaTfmXcpO5LZg=
In order to allow for seamless building on Raspbian hosts, I propose either the following solutions:
lsb_release -i
and if Raspbian is detected, then alter the keyring path.Description
When I build minideb from the latest master, the script attempts to automatically install gcloud.
Steps to reproduce the issue:
git clone https://github.com/bitnami/minideb.git
cd minideb
sudo make buster
Describe the results you received:
The build script attempts to add a new apt repository to the host system and install a gcloud
package.
Checking the documentation reveals nothing about the purpose of the installation of this package at all.
Describe the results you expected:
The documentation (e.g. the README) would detail all dependencies required and why. The documentation should be clear that all the dependencies listed, if not installed already, will be installed automatically.
Additional information you deem important (e.g. issue happens only occasionally):
This isn't a "technical" issue per say, but more of an issue of principle that dependencies such as the Google Cloud SDK should be documented in the README - especially if it is going to be installed on the host system automatically.
This is because automatic installation of the google cloud sdk could potentially be seen to be some kind of malware / spyware if it isn't expected.
Version latest master
docker version
:Client: Docker Engine - Community
Version: 20.10.5
API version: 1.41
Go version: go1.13.15
Git commit: 55c4c88
Built: Tue Mar 2 20:18:46 2021
OS/Arch: linux/arm
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.5
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 363e9a8
Built: Tue Mar 2 20:16:18 2021
OS/Arch: linux/arm
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
:Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
Server:
Containers: 39
Running: 0
Paused: 0
Stopped: 39
Images: 880
Server Version: 20.10.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 5.4.83-v7l+
Operating System: Raspbian GNU/Linux 10 (buster)
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 1.872GiB
Name: wopplefox
ID: IGKV:TW64:XT2V:S6IE:6XDN:XAP3:K3SV:6W7P:JZLD:TJMO:ODNT:WNUF
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
registry.service.mooncarrot.space:5000
127.0.0.0/8
Live Restore Enabled: false
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory TCP limit support
WARNING: No oom kill disable support
docker-compose version
(if applicable):-bash: docker-compose: command not found
Additional environment details (AWS, VirtualBox, Docker for MAC, physical, etc.):
Docker on fully-patched Raspberry Pi OS (based on Debian Buster).
how to install libgomp1
=> ERROR [2/2] RUN install_packages libgomp1 0.5s
------
> [2/2] RUN install_packages libgomp1:
#5 0.449 E: List directory /var/lib/apt/lists/partial is missing. - Acquire (2: No such file or directory)
#5 0.454 apt failed, retrying
#5 0.480 E: List directory /var/lib/apt/lists/partial is missing. - Acquire (2: No such file or directory)
#5 0.482 apt failed, retrying
#5 0.509 E: List directory /var/lib/apt/lists/partial is missing. - Acquire (2: No such file or directory)
Hi everyone!
I was trying to build bitnami dokuwiki from the official Dockerfile and got the following error when running the first install_package
command.
W: GPG error: http://security.debian.org buster/updates InRelease: Couldn't execute /usr/bin/apt-key to check /var/lib/apt/lists/partial/security.debian.org_dists_buster_updates_InRelease
E: The repository 'http://security.debian.org buster/updates InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian buster InRelease: Couldn't execute /usr/bin/apt-key to check /var/lib/apt/lists/partial/deb.debian.org_debian_dists_buster_InRelease
E: The repository 'http://deb.debian.org/debian buster InRelease' is not signed.
I then changed
FROM docker.io/bitnami/minideb:buster
to
FROM docker.io/bitnami/minideb:jessie
install_package
worked, but obviously packages were then not found.
I also tried --allow-unauthenticated
in apt-get update && apt-get install
without success.
docker version
Client:
Version: 19.03.8
API version: 1.40
Go version: go1.13.8
Git commit: afacb8b7f0
Built: Tue Jun 23 22:26:12 2020
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.13.8
Git commit: afacb8b7f0
Built: Thu Jun 18 08:26:54 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.3-0ubuntu2
GitCommit:
runc:
Version: spec: 1.0.1-dev
GitCommit:
docker-init:
Version: 0.18.0
GitCommit:
Using up-to-date Ubuntu 20.04
Since August the 14th, it is not possible to build Debian unstable (other distros are working well) because of dependency issues with 'util-linux' package and 'mount':
https://tracker.debian.org/pkg/util-linux
dpkg: error processing package util-linux (--configure):
installed util-linux package post-installation script subprocess returned error exit status 1
dpkg: mount: dependency problems, but configuring anyway as you requested:
mount depends on util-linux (>= 2.29.2-3~); however:
Package util-linux is not configured yet.
Setting up mount (2.36-3) ...
Processing triggers for libc-bin (2.31-3) ...
Errors were encountered while processing:
util-linux
Description
A team member that are using windows are currently unable to use our app due to problems in build..
Please consider the following example:
# Bitmani image from
# https://github.com/bitnami/bitnami-docker-keycloak/blob/14.0.0-debian-10-r10/14/debian-10/Dockerfile
FROM docker.io/bitnami/minideb:buster
LABEL maintainer "Bitnami <[email protected]>"
# FIXME: temporary debug
USER root
ENV HOME="/" \
OS_ARCH="amd64" \
OS_FLAVOUR="debian-10" \
OS_NAME="linux"
COPY prebuildfs /
RUN install_packages acl ca-certificates curl gzip libaio1 libc6 procps rsync tar zlib1g
RUN . /bitnami/scripts/libcomponent.sh && component_unpack "wait-for-port" "1.0.0-3" --checksum 7521d9a4f9e4e182bf32977e234026caa7b03759799868335bccb1edd8f8fd12
ENTRYPOINT [ "/bin/sh" ]
After doing a simple build "dummy"
=> ERROR [4/5] RUN install_packages acl ca-certificates curl gzip libaio1 libc6 procps rsync tar zlib1g 0.6s
------
> [4/5] RUN install_packages acl ca-certificates curl gzip libaio1 libc6 procps rsync tar zlib1g:
#8 0.592 /bin/sh: 1: install_packages: not found
Note: this only happens in windows 10 intel-x64.
somehow if i force this:
COPY prefuildfs/usr /
install_packages becomes available, but can't apply the same to the /opt/bitnami.. don't know if this is a conflict between architectures or something like that..
Any Idea?
Version
docker version
:Docker version 20.10.12, build e91ed57
docker info
:Client:
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc., v0.7.1)
compose: Docker Compose (Docker Inc., v2.2.3)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 5.10.16.3-microsoft-standard-WSL2
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 12GiB
Name: docker-desktop
ID: PY6O:Z3C5:WEU5:XXE6:XCNH:5RU5:S2HR:BD4L:VN25:T3XX:3BK4:2S2K
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5000
127.0.0.0/8
Live Restore Enabled: false
Are there any plans to support bullseye? Would you accept a pull request?
Hi,
I tried to run bitnami/minideb:latest on my pi 4 raspbian and run into the following error while starting the container:
standard_init_linux.go:219 exec user process caused: exec format error
Is it possible that the go-binary wasn't compiled for the arm64?
I would've submitted this in the bitnami/minideb-extras-base repo, but I noticed there are no issues at all there.
The minideb-extras-base:latest is based upon bitnami/minideb@sha256:0c81ebe883191a47be826564fb171d22ba8b073db00e37174109f560dccd9894 which has multiple High vulnerabilities listed below. Other Bitnami images (such as kafka and zookeeper) use it as a base, so the vulnerabilities propagate.
The binami/minideb:latest does not have these vulnerabilities. It would be nice if these images were rebuilt with it instead.
High CVE-2019-12900 bzip2 1.0.6-8.1 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has ...
High CVE-2018-1000001 glibc 2.24-11+deb9u4 In glibc 2.26 and earlier there is confusion in the...
High CVE-2018-6485 glibc 2.24-11+deb9u4 An integer overflow in the implementation of the...
High CVE-2017-12424 shadow 1:4.4-4.1 In shadow before 4.5, the newusers tool could be...
High CVE-2018-6551 glibc 2.24-11+deb9u4 The malloc implementation in the GNU C Library (aka...
High CVE-2019-9169 glibc 2.24-11+deb9u4 In the GNU C Library (aka glibc or libc6) through...
High CVE-2016-2779 util-linux 2.29.2-1+deb9u1 runuser in util-linux allows local users to escape to...
Hello folks, I've been using this source for a while as the base OS for our applications and it has been working wonderfully, thank you so much for your support and efforts.
We are looking to enhance this a bit for our development environment and I am trying to figure out what would be the ideal way to implement this. We are looking to have different PHP versions available within the OS so we can test out different features in our software with minimal effort. I am aware I can just install the desired php versions on the OS but I am somewhat curious what the recommendation would be from you guys thinking down the road on what would be easiest to maintain.
My options:
For reference, I am currently installing PHP on the dockerfile as such:
RUN bitnami-pkg unpack php-7.4.5-1 --checksum 4b826aa38a275f5c6c2e752e9ffa5972d61da43094fa4215170475a1690685e8
And I am using this image as the base for our implementation:
FROM docker.io/bitnami/minideb:buster
Appreciate the guidance.
Cheers,
We are using bitnami/minideb:buster image and we get the following medium and low severity security issues.
https://security-tracker.debian.org/tracker/CVE-2020-19499 (medium)
https://security-tracker.debian.org/tracker/CVE-2021-3712 (medium)
https://security-tracker.debian.org/tracker/CVE-2020-27560 (medium)
https://security-tracker.debian.org/tracker/CVE-2020-19498 (medium)
https://security-tracker.debian.org/tracker/CVE-2020-27769 (medium)
https://security-tracker.debian.org/tracker/CVE-2020-27768 (medium)
https://security-tracker.debian.org/tracker/CVE-2020-10251 (medium)
https://security-tracker.debian.org/tracker/CVE-2019-12973 (medium)
https://security-tracker.debian.org/tracker/CVE-2021-29338 (medium)
https://security-tracker.debian.org/tracker/CVE-2020-14155 (medium)
https://security-tracker.debian.org/tracker/CVE-2017-16932 (medium)
https://security-tracker.debian.org/tracker/CVE-2021-37750 (medium)
https://security-tracker.debian.org/tracker/CVE-2021-37600 (low)
https://security-tracker.debian.org/tracker/CVE-2019-13627 (low)
We have a requirement to eliminate medium and low, security vulnerabilities.
Can you comment on a timeline to address these security vulnerabilities in bitnami/minideb:buster ?
I'm using minideb but have to install packages in a few stages. I use install_packages
to get the retry and apt-get update
but I wish I could send it a flag not to clean the cache. And if the cache were still there it wouldn't apt-get update
.
Hello,
I have a small suggestion to improve the image.
When using docker, I had an issue with apt-get which was the same as yours - apt-get lists getting stale, and leaving garbage afterwards, so I created this small, bash-based, public domain tool:
https://github.com/alanfranz/apt-current
apt-current has one additional performance advantage when compared to install_packages: you can choose an "expiry timeout", and apt-get update
is performed only if a) the latest apt-get update was performed more than expiry_timeout seconds ago, or b) if any source file or any apt configuration was changed.
It seems to me that all the binaries used by apt-current are already available in your minideb image.
Your licensing currently states that minideb is licensed under the Apache software license. Whilst that's probably true of all parts you created that doesn't cover everything since you are using components under other licenses.
You might want to add a clause like the one in CentOS:
The Distribution is released
as GPLv2under the Apache License, Version 2.0. Individual packages in the distribution come with their own licences.
or similar.
Hi,
Can you support Debian Stretch (9) please?
Cheers!
EM
Unable to use commands such as top
, less
that depend on TERM
variable even when the container is launched with a tty
attached
# docker run -it --rm bitnami/minideb bash -c 'install_packages procps && printenv && top -d1'
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
libncursesw5 libprocps3
Recommended packages:
libgpm2 psmisc
The following NEW packages will be installed:
libncursesw5 libprocps3 procps
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 415 kB of archives.
After this operation, 1219 kB of additional disk space will be used.
Get:1 http://httpredir.debian.org/debian/ jessie/main libncursesw5 amd64 5.9+20140913-1+b1 [123 kB]
Get:2 http://httpredir.debian.org/debian/ jessie/main libprocps3 amd64 2:3.3.9-9 [56.3 kB]
Get:3 http://httpredir.debian.org/debian/ jessie/main procps amd64 2:3.3.9-9 [236 kB]
Fetched 415 kB in 2s (166 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libncursesw5:amd64.
(Reading database ... 6145 files and directories currently installed.)
Preparing to unpack .../libncursesw5_5.9+20140913-1+b1_amd64.deb ...
Unpacking libncursesw5:amd64 (5.9+20140913-1+b1) ...
Selecting previously unselected package libprocps3:amd64.
Preparing to unpack .../libprocps3_2%3a3.3.9-9_amd64.deb ...
Unpacking libprocps3:amd64 (2:3.3.9-9) ...
Selecting previously unselected package procps.
Preparing to unpack .../procps_2%3a3.3.9-9_amd64.deb ...
Unpacking procps (2:3.3.9-9) ...
Setting up libncursesw5:amd64 (5.9+20140913-1+b1) ...
Setting up libprocps3:amd64 (2:3.3.9-9) ...
Setting up procps (2:3.3.9-9) ...
update-alternatives: using /usr/bin/w.procps to provide /usr/bin/w (w) in auto mode
/usr/sbin/invoke-rc.d: 1: /usr/sbin/invoke-rc.d: /sbin/runlevel: not found
invoke-rc.d: policy-rc.d denied execution of start.
Processing triggers for libc-bin (2.19-18+deb8u7) ...
HOSTNAME=b43ba80c53dc
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
SHLVL=1
HOME=/root
_=/usr/bin/printenv
'xterm': unknown terminal type.
How to reliably set timezone on minideb images? Please provide an example for UTC.
Is there a universal method that works on all images?
Is tzdata required?
So we would like to use minideb as a base for our images, but we have a requirement that we need to either pin or verify the upstream image we depend on. We like the philosophy of minideb that it is regularly rebuilt and kept up-to-date, but we can't use it as we don't want to pin to a specific sha256 hash (lose rebuild benefits) and we can't use Docker Content Trust as you guys don't support it. Would be great if you could start supporting it =)
https://docs.docker.com/engine/security/trust/content_trust/
I ran ./buildall
and it failed. I have debootstrap
, jq
and debian-archive-keyring
installed already. The detail log is below:
$ sudo ./buildall
============================================
Building bitnami/minideb:jessie
============================================
Building base in /tmp/tmp.8pNqJo6ose
I: Retrieving InRelease
I: Failed to retrieve InRelease
I: Retrieving Release
I: Retrieving Release.gpg
I: Checking Release signature
I: Valid Release signature (key id 75DDC3C4A499F1A18CB5F3C8CBF8D6FD518E17E1)
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional required dependencies: debconf debianutils gcc-4.9-base gpgv initscripts insserv libacl1 libattr1 libaudit-common libaudit1 libblkid1 libbz2-1.0 libc6 libdb5.3 libdebconfclient0 libgcc1 libgcrypt20 libgpg-error0 liblzma5 libmount1 libncurses5 libpam-modules libpam-modules-bin libpam-runtime libpam0g libpcre3 libselinux1 libsemanage-common libsemanage1 libsepol1 libslang2 libsmartcols1 libsystemd0 libtinfo5 libustr-1.0-1 libuuid1 multiarch-support perl-base sensible-utils startpar sysvinit-utils zlib1g
I: Found additional base dependencies: gnupg libapt-pkg4.12 libreadline6 libstdc++6 libusb-0.1-4 readline-common
I: Checking component main on http://httpredir.debian.org/debian...
I: Retrieving libacl1 2.2.52-2
I: Validating libacl1 2.2.52-2
I: Retrieving adduser 3.113+nmu3
I: Validating adduser 3.113+nmu3
I: Retrieving apt 1.0.9.8.4
I: Validating apt 1.0.9.8.4
I: Retrieving libapt-pkg4.12 1.0.9.8.4
I: Validating libapt-pkg4.12 1.0.9.8.4
I: Retrieving libattr1 1:2.4.47-2
I: Validating libattr1 1:2.4.47-2
I: Retrieving libaudit-common 1:2.4-1
I: Validating libaudit-common 1:2.4-1
I: Retrieving libaudit1 1:2.4-1+b1
I: Validating libaudit1 1:2.4-1+b1
I: Retrieving base-files 8+deb8u8
I: Validating base-files 8+deb8u8
I: Retrieving base-passwd 3.5.37
I: Validating base-passwd 3.5.37
I: Retrieving bash 4.3-11+deb8u1
I: Validating bash 4.3-11+deb8u1
I: Retrieving libbz2-1.0 1.0.6-7+b3
I: Validating libbz2-1.0 1.0.6-7+b3
I: Retrieving libdebconfclient0 0.192
I: Validating libdebconfclient0 0.192
I: Retrieving coreutils 8.23-4
I: Validating coreutils 8.23-4
I: Retrieving dash 0.5.7-4+b1
I: Validating dash 0.5.7-4+b1
I: Retrieving libdb5.3 5.3.28-9
I: Validating libdb5.3 5.3.28-9
I: Retrieving debconf 1.5.56
I: Validating debconf 1.5.56
I: Retrieving debian-archive-keyring 2014.3
I: Validating debian-archive-keyring 2014.3
I: Retrieving debianutils 4.4+b1
I: Validating debianutils 4.4+b1
I: Retrieving diffutils 1:3.3-1+b1
I: Validating diffutils 1:3.3-1+b1
I: Retrieving dpkg 1.17.27
I: Validating dpkg 1.17.27
I: Retrieving findutils 4.4.2-9+b1
I: Validating findutils 4.4.2-9+b1
I: Retrieving gcc-4.9-base 4.9.2-10
I: Validating gcc-4.9-base 4.9.2-10
I: Retrieving libgcc1 1:4.9.2-10
I: Validating libgcc1 1:4.9.2-10
I: Retrieving libstdc++6 4.9.2-10
I: Validating libstdc++6 4.9.2-10
I: Retrieving libc-bin 2.19-18+deb8u9
I: Validating libc-bin 2.19-18+deb8u9
I: Retrieving libc6 2.19-18+deb8u9
I: Validating libc6 2.19-18+deb8u9
I: Retrieving multiarch-support 2.19-18+deb8u9
I: Validating multiarch-support 2.19-18+deb8u9
I: Retrieving gnupg 1.4.18-7+deb8u3
I: Validating gnupg 1.4.18-7+deb8u3
I: Retrieving gpgv 1.4.18-7+deb8u3
I: Validating gpgv 1.4.18-7+deb8u3
I: Retrieving grep 2.20-4.1
I: Validating grep 2.20-4.1
I: Retrieving gzip 1.6-4
I: Validating gzip 1.6-4
I: Retrieving hostname 3.15
I: Validating hostname 3.15
I: Retrieving insserv 1.14.0-5
I: Validating insserv 1.14.0-5
I: Retrieving libgcrypt20 1.6.3-2+deb8u2
I: Validating libgcrypt20 1.6.3-2+deb8u2
I: Retrieving libgpg-error0 1.17-3
I: Validating libgpg-error0 1.17-3
I: Retrieving libselinux1 2.3-2
I: Validating libselinux1 2.3-2
I: Retrieving libsemanage-common 2.3-1
I: Validating libsemanage-common 2.3-1
I: Retrieving libsemanage1 2.3-1+b1
I: Validating libsemanage1 2.3-1+b1
I: Retrieving libsepol1 2.3-2
I: Validating libsepol1 2.3-2
I: Retrieving libusb-0.1-4 2:0.1.12-25
I: Validating libusb-0.1-4 2:0.1.12-25
I: Retrieving lsb-base 4.1+Debian13+nmu1
I: Validating lsb-base 4.1+Debian13+nmu1
I: Retrieving mawk 1.3.3-17
I: Validating mawk 1.3.3-17
I: Retrieving libncurses5 5.9+20140913-1+b1
I: Validating libncurses5 5.9+20140913-1+b1
I: Retrieving libtinfo5 5.9+20140913-1+b1
I: Validating libtinfo5 5.9+20140913-1+b1
I: Retrieving ncurses-base 5.9+20140913-1
I: Validating ncurses-base 5.9+20140913-1
I: Retrieving libpam-modules 1.1.8-3.1+deb8u2
I: Validating libpam-modules 1.1.8-3.1+deb8u2
I: Retrieving libpam-modules-bin 1.1.8-3.1+deb8u2
I: Validating libpam-modules-bin 1.1.8-3.1+deb8u2
I: Retrieving libpam-runtime 1.1.8-3.1+deb8u2
I: Validating libpam-runtime 1.1.8-3.1+deb8u2
I: Retrieving libpam0g 1.1.8-3.1+deb8u2
I: Validating libpam0g 1.1.8-3.1+deb8u2
I: Retrieving libpcre3 2:8.35-3.3+deb8u4
I: Validating libpcre3 2:8.35-3.3+deb8u4
I: Retrieving perl-base 5.20.2-3+deb8u6
I: Validating perl-base 5.20.2-3+deb8u6
I: Retrieving libreadline6 6.3-8+b3
I: Validating libreadline6 6.3-8+b3
I: Retrieving readline-common 6.3-8
I: Validating readline-common 6.3-8
I: Retrieving sed 4.2.2-4+deb8u1
I: Validating sed 4.2.2-4+deb8u1
I: Retrieving sensible-utils 0.0.9
I: Validating sensible-utils 0.0.9
I: Retrieving login 1:4.2-3+deb8u3
I: Validating login 1:4.2-3+deb8u3
I: Retrieving passwd 1:4.2-3+deb8u3
I: Validating passwd 1:4.2-3+deb8u3
I: Retrieving libslang2 2.3.0-2
I: Validating libslang2 2.3.0-2
I: Retrieving startpar 0.59-3
I: Validating startpar 0.59-3
I: Retrieving libsystemd0 215-17+deb8u7
I: Validating libsystemd0 215-17+deb8u7
I: Retrieving initscripts 2.88dsf-59
I: Validating initscripts 2.88dsf-59
I: Retrieving sysv-rc 2.88dsf-59
I: Validating sysv-rc 2.88dsf-59
I: Retrieving sysvinit-utils 2.88dsf-59
I: Validating sysvinit-utils 2.88dsf-59
I: Retrieving tar 1.27.1-2+deb8u1
I: Validating tar 1.27.1-2+deb8u1
I: Retrieving tzdata 2017b-0+deb8u1
I: Validating tzdata 2017b-0+deb8u1
I: Retrieving libustr-1.0-1 1.0.4-3+b2
I: Validating libustr-1.0-1 1.0.4-3+b2
I: Retrieving bsdutils 1:2.25.2-6
I: Validating bsdutils 1:2.25.2-6
I: Retrieving libblkid1 2.25.2-6
I: Validating libblkid1 2.25.2-6
I: Retrieving libmount1 2.25.2-6
I: Validating libmount1 2.25.2-6
I: Retrieving libsmartcols1 2.25.2-6
I: Validating libsmartcols1 2.25.2-6
I: Retrieving libuuid1 2.25.2-6
I: Validating libuuid1 2.25.2-6
I: Retrieving mount 2.25.2-6
I: Validating mount 2.25.2-6
I: Retrieving util-linux 2.25.2-6
I: Validating util-linux 2.25.2-6
I: Retrieving liblzma5 5.1.1alpha+20120614-2+b3
I: Validating liblzma5 5.1.1alpha+20120614-2+b3
I: Retrieving zlib1g 1:1.2.8.dfsg-2+b1
I: Validating zlib1g 1:1.2.8.dfsg-2+b1
I: Chosen extractor for .deb packages: dpkg-deb
I: Extracting libacl1...
I: Extracting adduser...
I: Extracting libattr1...
I: Extracting libaudit-common...
I: Extracting libaudit1...
I: Extracting base-files...
I: Extracting base-passwd...
I: Extracting bash...
I: Extracting libbz2-1.0...
I: Extracting libdebconfclient0...
I: Extracting coreutils...
I: Extracting dash...
I: Extracting libdb5.3...
I: Extracting debconf...
I: Extracting debian-archive-keyring...
I: Extracting debianutils...
I: Extracting diffutils...
I: Extracting dpkg...
I: Extracting findutils...
I: Extracting gcc-4.9-base...
I: Extracting libgcc1...
I: Extracting libc-bin...
I: Extracting libc6...
I: Extracting multiarch-support...
I: Extracting gpgv...
I: Extracting grep...
I: Extracting gzip...
I: Extracting hostname...
I: Extracting insserv...
I: Extracting libgcrypt20...
I: Extracting libgpg-error0...
I: Extracting libselinux1...
I: Extracting libsemanage-common...
I: Extracting libsemanage1...
I: Extracting libsepol1...
I: Extracting lsb-base...
I: Extracting mawk...
I: Extracting libncurses5...
I: Extracting libtinfo5...
I: Extracting ncurses-base...
I: Extracting libpam-modules...
I: Extracting libpam-modules-bin...
I: Extracting libpam-runtime...
I: Extracting libpam0g...
I: Extracting libpcre3...
I: Extracting perl-base...
I: Extracting sed...
I: Extracting sensible-utils...
I: Extracting login...
I: Extracting passwd...
I: Extracting libslang2...
I: Extracting startpar...
I: Extracting libsystemd0...
I: Extracting initscripts...
I: Extracting sysv-rc...
I: Extracting sysvinit-utils...
I: Extracting tar...
I: Extracting tzdata...
I: Extracting libustr-1.0-1...
I: Extracting bsdutils...
I: Extracting libblkid1...
I: Extracting libmount1...
I: Extracting libsmartcols1...
I: Extracting libuuid1...
I: Extracting mount...
I: Extracting util-linux...
I: Extracting liblzma5...
I: Extracting zlib1g...
I: Installing core packages...
I: Unpacking required packages...
I: Unpacking libacl1:amd64...
I: Unpacking adduser...
I: Unpacking libattr1:amd64...
I: Unpacking libaudit-common...
I: Unpacking libaudit1:amd64...
I: Unpacking base-files...
I: Unpacking base-passwd...
I: Unpacking bash...
I: Unpacking libbz2-1.0:amd64...
I: Unpacking libdebconfclient0:amd64...
I: Unpacking coreutils...
I: Unpacking dash...
I: Unpacking libdb5.3:amd64...
I: Unpacking debconf...
I: Unpacking debian-archive-keyring...
I: Unpacking debianutils...
I: Unpacking diffutils...
I: Unpacking dpkg...
I: Unpacking findutils...
I: Unpacking gcc-4.9-base:amd64...
I: Unpacking libgcc1:amd64...
I: Unpacking libc-bin...
I: Unpacking libc6:amd64...
I: Unpacking multiarch-support...
I: Unpacking gpgv...
I: Unpacking grep...
I: Unpacking gzip...
I: Unpacking hostname...
I: Unpacking insserv...
I: Unpacking libgcrypt20:amd64...
I: Unpacking libgpg-error0:amd64...
I: Unpacking libselinux1:amd64...
I: Unpacking libsemanage-common...
I: Unpacking libsemanage1:amd64...
I: Unpacking libsepol1:amd64...
I: Unpacking lsb-base...
I: Unpacking mawk...
I: Unpacking libncurses5:amd64...
I: Unpacking libtinfo5:amd64...
I: Unpacking ncurses-base...
I: Unpacking libpam-modules:amd64...
I: Unpacking libpam-modules-bin...
I: Unpacking libpam-runtime...
I: Unpacking libpam0g:amd64...
I: Unpacking libpcre3:amd64...
I: Unpacking perl-base...
I: Unpacking sed...
I: Unpacking sensible-utils...
I: Unpacking login...
I: Unpacking passwd...
I: Unpacking libslang2:amd64...
I: Unpacking startpar...
I: Unpacking libsystemd0:amd64...
I: Unpacking initscripts...
I: Unpacking sysv-rc...
I: Unpacking sysvinit-utils...
I: Unpacking tar...
I: Unpacking tzdata...
I: Unpacking libustr-1.0-1:amd64...
I: Unpacking bsdutils...
I: Unpacking libblkid1:amd64...
I: Unpacking libmount1:amd64...
I: Unpacking libsmartcols1:amd64...
I: Unpacking libuuid1:amd64...
I: Unpacking mount...
I: Unpacking util-linux...
I: Unpacking liblzma5:amd64...
I: Unpacking zlib1g:amd64...
I: Configuring required packages...
I: Configuring lsb-base...
I: Configuring sensible-utils...
I: Configuring ncurses-base...
I: Configuring libsemanage-common...
I: Configuring gcc-4.9-base:amd64...
I: Configuring libaudit-common...
I: Configuring libc6:amd64...
I: Configuring startpar...
I: Configuring libc-bin...
I: Configuring diffutils...
I: Configuring insserv...
I: Configuring findutils...
I: Configuring debianutils...
I: Configuring hostname...
I: Configuring multiarch-support...
I: Configuring mawk...
I: Configuring libpcre3:amd64...
I: Configuring libbz2-1.0:amd64...
I: Configuring libgpg-error0:amd64...
I: Configuring base-files...
I: Configuring libdebconfclient0:amd64...
I: Configuring libselinux1:amd64...
I: Configuring libslang2:amd64...
I: Configuring libsepol1:amd64...
I: Configuring libgcc1:amd64...
I: Configuring libustr-1.0-1:amd64...
I: Configuring libsmartcols1:amd64...
I: Configuring libaudit1:amd64...
I: Configuring libtinfo5:amd64...
I: Configuring libattr1:amd64...
I: Configuring liblzma5:amd64...
I: Configuring base-passwd...
I: Configuring libgcrypt20:amd64...
I: Configuring libdb5.3:amd64...
I: Configuring zlib1g:amd64...
I: Configuring gpgv...
I: Configuring libsystemd0:amd64...
I: Configuring libsemanage1:amd64...
I: Configuring sysvinit-utils...
I: Configuring debian-archive-keyring...
I: Configuring libacl1:amd64...
I: Configuring libncurses5:amd64...
I: Configuring bsdutils...
I: Configuring coreutils...
I: Configuring tar...
I: Configuring dpkg...
I: Configuring sed...
I: Configuring perl-base...
I: Configuring grep...
I: Configuring debconf...
I: Configuring tzdata...
I: Configuring gzip...
I: Configuring dash...
I: Configuring sysv-rc...
I: Configuring libpam0g:amd64...
I: Configuring libpam-modules-bin...
I: Configuring bash...
I: Configuring libpam-modules:amd64...
I: Configuring libpam-runtime...
I: Configuring passwd...
I: Configuring login...
I: Configuring adduser...
I: Configuring libuuid1:amd64...
I: Configuring libblkid1:amd64...
I: Configuring libmount1:amd64...
I: Configuring mount...
I: Configuring initscripts...
I: Configuring util-linux...
I: Configuring libc-bin...
I: Unpacking the base system...
I: Unpacking apt...
I: Unpacking libapt-pkg4.12:amd64...
I: Unpacking libstdc++6:amd64...
I: Unpacking gnupg...
I: Unpacking libusb-0.1-4:amd64...
I: Unpacking libreadline6:amd64...
I: Unpacking readline-common...
I: Configuring the base system...
I: Configuring readline-common...
I: Configuring libstdc++6:amd64...
I: Configuring libapt-pkg4.12:amd64...
I: Configuring libusb-0.1-4:amd64...
I: Configuring libreadline6:amd64...
I: Configuring gnupg...
I: Configuring apt...
I: Configuring libc-bin...
I: Base system installed successfully.
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
Ign http://httpredir.debian.org jessie InRelease
Get:2 http://security.debian.org jessie/updates/main amd64 Packages [409 kB]
Hit http://httpredir.debian.org jessie Release.gpg
Get:3 http://security.debian.org jessie/updates/main Translation-en [215 kB]
Hit http://httpredir.debian.org jessie Release
Get:4 http://httpredir.debian.org jessie/main amd64 Packages [6790 kB]
Get:5 http://httpredir.debian.org jessie/main Translation-en [4583 kB]
Fetched 12.1 MB in 4s (2486 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
The following packages will be upgraded:
login passwd
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1693 kB of archives.
After this operation, 2048 B of additional disk space will be used.
Get:1 http://security.debian.org/ jessie/updates/main login amd64 1:4.2-3+deb8u4 [722 kB]
Get:2 http://security.debian.org/ jessie/updates/main passwd amd64 1:4.2-3+deb8u4 [971 kB]
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
debconf: delaying package configuration, since apt-utils is not installed
Fetched 1693 kB in 0s (2109 kB/s)
E: Can not write log (Is /dev/pts mounted?) - posix_openpt (2: No such file or directory)
(Reading database ... 6273 files and directories currently installed.)
Preparing to unpack .../login_1%3a4.2-3+deb8u4_amd64.deb ...
Unpacking login (1:4.2-3+deb8u4) over (1:4.2-3+deb8u3) ...
Setting up login (1:4.2-3+deb8u4) ...
(Reading database ... 6273 files and directories currently installed.)
Preparing to unpack .../passwd_1%3a4.2-3+deb8u4_amd64.deb ...
Unpacking passwd (1:4.2-3+deb8u4) over (1:4.2-3+deb8u3) ...
Setting up passwd (1:4.2-3+deb8u4) ...
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=======================-========================-============-======================================================================
ii adduser 3.113+nmu3 all add and remove users and groups
ii apt 1.0.9.8.4 amd64 commandline package manager
ii base-files 8+deb8u8 amd64 Debian base system miscellaneous files
ii base-passwd 3.5.37 amd64 Debian base system master password and group files
ii bash 4.3-11+deb8u1 amd64 GNU Bourne Again SHell
ii bsdutils 1:2.25.2-6 amd64 basic utilities from 4.4BSD-Lite
ii coreutils 8.23-4 amd64 GNU core utilities
ii dash 0.5.7-4+b1 amd64 POSIX-compliant shell
ii debconf 1.5.56 all Debian configuration management system
ii debian-archive-keyring 2014.3 all GnuPG archive keys of the Debian archive
ii debianutils 4.4+b1 amd64 Miscellaneous utilities specific to Debian
ii diffutils 1:3.3-1+b1 amd64 File comparison utilities
ii dpkg 1.17.27 amd64 Debian package management system
ii findutils 4.4.2-9+b1 amd64 utilities for finding files--find, xargs
ii gcc-4.9-base:amd64 4.9.2-10 amd64 GCC, the GNU Compiler Collection (base package)
ii gnupg 1.4.18-7+deb8u3 amd64 GNU privacy guard - a free PGP replacement
ii gpgv 1.4.18-7+deb8u3 amd64 GNU privacy guard - signature verification tool
ii grep 2.20-4.1 amd64 GNU grep, egrep and fgrep
ii gzip 1.6-4 amd64 GNU compression utilities
ii hostname 3.15 amd64 utility to set/show the host name or domain name
ii initscripts 2.88dsf-59 amd64 scripts for initializing and shutting down the system
ii insserv 1.14.0-5 amd64 boot sequence organizer using LSB init.d script dependency information
ii libacl1:amd64 2.2.52-2 amd64 Access control list shared library
ii libapt-pkg4.12:amd64 1.0.9.8.4 amd64 package management runtime library
ii libattr1:amd64 1:2.4.47-2 amd64 Extended attribute shared library
ii libaudit-common 1:2.4-1 all Dynamic library for security auditing - common files
ii libaudit1:amd64 1:2.4-1+b1 amd64 Dynamic library for security auditing
ii libblkid1:amd64 2.25.2-6 amd64 block device id library
ii libbz2-1.0:amd64 1.0.6-7+b3 amd64 high-quality block-sorting file compressor library - runtime
ii libc-bin 2.19-18+deb8u9 amd64 GNU C Library: Binaries
ii libc6:amd64 2.19-18+deb8u9 amd64 GNU C Library: Shared libraries
ii libdb5.3:amd64 5.3.28-9 amd64 Berkeley v5.3 Database Libraries [runtime]
ii libdebconfclient0:amd64 0.192 amd64 Debian Configuration Management System (C-implementation library)
ii libgcc1:amd64 1:4.9.2-10 amd64 GCC support library
ii libgcrypt20:amd64 1.6.3-2+deb8u2 amd64 LGPL Crypto library - runtime library
ii libgpg-error0:amd64 1.17-3 amd64 library for common error values and messages in GnuPG components
ii liblzma5:amd64 5.1.1alpha+20120614-2+b3 amd64 XZ-format compression library
ii libmount1:amd64 2.25.2-6 amd64 device mounting library
ii libncurses5:amd64 5.9+20140913-1+b1 amd64 shared libraries for terminal handling
ii libpam-modules:amd64 1.1.8-3.1+deb8u2 amd64 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.1.8-3.1+deb8u2 amd64 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.1.8-3.1+deb8u2 all Runtime support for the PAM library
ii libpam0g:amd64 1.1.8-3.1+deb8u2 amd64 Pluggable Authentication Modules library
ii libpcre3:amd64 2:8.35-3.3+deb8u4 amd64 Perl 5 Compatible Regular Expression Library - runtime files
ii libreadline6:amd64 6.3-8+b3 amd64 GNU readline and history libraries, run-time libraries
ii libselinux1:amd64 2.3-2 amd64 SELinux runtime shared libraries
ii libsemanage-common 2.3-1 all Common files for SELinux policy management libraries
ii libsemanage1:amd64 2.3-1+b1 amd64 SELinux policy management library
ii libsepol1:amd64 2.3-2 amd64 SELinux library for manipulating binary security policies
ii libslang2:amd64 2.3.0-2 amd64 S-Lang programming library - runtime version
ii libsmartcols1:amd64 2.25.2-6 amd64 smart column output alignment library
ii libstdc++6:amd64 4.9.2-10 amd64 GNU Standard C++ Library v3
ii libsystemd0:amd64 215-17+deb8u7 amd64 systemd utility library
ii libtinfo5:amd64 5.9+20140913-1+b1 amd64 shared low-level terminfo library for terminal handling
ii libusb-0.1-4:amd64 2:0.1.12-25 amd64 userspace USB programming library
ii libustr-1.0-1:amd64 1.0.4-3+b2 amd64 Micro string library: shared library
ii libuuid1:amd64 2.25.2-6 amd64 Universally Unique ID library
ii login 1:4.2-3+deb8u4 amd64 system login tools
ii lsb-base 4.1+Debian13+nmu1 all Linux Standard Base 4.1 init script functionality
ii mawk 1.3.3-17 amd64 a pattern scanning and text processing language
ii mount 2.25.2-6 amd64 Tools for mounting and manipulating filesystems
ii multiarch-support 2.19-18+deb8u9 amd64 Transitional package to ensure multiarch compatibility
ii ncurses-base 5.9+20140913-1 all basic terminal type definitions
ii passwd 1:4.2-3+deb8u4 amd64 change and administer password and group data
ii perl-base 5.20.2-3+deb8u6 amd64 minimal Perl system
ii readline-common 6.3-8 all GNU readline and history libraries, common files
ii sed 4.2.2-4+deb8u1 amd64 The GNU sed stream editor
ii sensible-utils 0.0.9 all Utilities for sensible alternative selection
ii startpar 0.59-3 amd64 run processes in parallel and multiplex their output
ii sysv-rc 2.88dsf-59 all System-V-like runlevel change mechanism
ii sysvinit-utils 2.88dsf-59 amd64 System-V-like utilities
ii tar 1.27.1-2+deb8u1 amd64 GNU version of the tar archiving utility
ii tzdata 2017b-0+deb8u1 all time zone and daylight-saving time data
ii util-linux 2.25.2-6 amd64 Miscellaneous system utilities
ii zlib1g:amd64 1:1.2.8.dfsg-2+b1 amd64 compression library - runtime
Applying docker-specific tweaks
+ echo exit 101 > '/tmp/tmp.8pNqJo6ose/usr/sbin/policy-rc.d'
+ rootfs_chroot dpkg-divert --local --rename --add /sbin/initctl
+ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ /usr/sbin/chroot /tmp/tmp.8pNqJo6ose dpkg-divert --local --rename --add /sbin/initctl
Adding 'local diversion of /sbin/initctl to /sbin/initctl.distrib'
+ cp -a /tmp/tmp.8pNqJo6ose/usr/sbin/policy-rc.d /tmp/tmp.8pNqJo6ose/sbin/initctl
+ sed -i 's/^exit.*/exit 0/' /tmp/tmp.8pNqJo6ose/sbin/initctl
+ rootfs_chroot apt-get clean
+ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ /usr/sbin/chroot /tmp/tmp.8pNqJo6ose apt-get clean
+ echo force-unsafe-io > '/tmp/tmp.8pNqJo6ose/etc/dpkg/dpkg.cfg.d/docker-apt-speedup'
+ cat > '/tmp/tmp.8pNqJo6ose/etc/apt/apt.conf.d/docker-clean'
+ echo Acquire::Languages 'none' > '/tmp/tmp.8pNqJo6ose/etc/apt/apt.conf.d/docker-no-languages'
+ echo Acquire::GzipIndexes 'true' > '/tmp/tmp.8pNqJo6ose/etc/apt/apt.conf.d/docker-gzip-indexes'
+ echo Apt::AutoRemove::SuggestsImportant 'false' > '/tmp/tmp.8pNqJo6ose/etc/apt/apt.conf.d/docker-autoremove-suggests'
Trimming down
Total size
59M /tmp/tmp.8pNqJo6ose
Package sizes
adduser 1066
apt 3178
base-files 413
base-passwd 185
bash 5010
bsdutils 181
coreutils 14249
dash 191
debconf 614
debian-archive-keyring 108
debianutils 147
diffutils 950
dpkg 6643
findutils 1406
gcc-4.9-base 218
gnupg 4893
gpgv 414
grep 1272
gzip 239
hostname 59
initscripts 165
insserv 183
libacl1 80
libapt-pkg4.12 2664
libattr1 30
libaudit-common 49
libaudit1 157
libblkid1 326
libbz2-1.0 114
libc-bin 3254
libc6 10229
libdb5.3 1812
libdebconfclient0 53
libgcc1 129
libgcrypt20 1002
libgpg-error0 444
liblzma5 309
libmount1 357
libncurses5 306
libpam-modules 860
libpam-modules-bin 248
libpam-runtime 1447
libpam0g 252
libpcre3 618
libreadline6 419
libselinux1 213
libsemanage-common 65
libsemanage1 245
libsepol1 339
libslang2 1543
libsmartcols1 209
libstdc++6 1319
libsystemd0 183
libtinfo5 480
libusb-0.1-4 42
libustr-1.0-1 287
libuuid1 89
login 2186
lsb-base 72
mawk 198
mount 357
multiarch-support 194
ncurses-base 371
passwd 2137
perl-base 5097
readline-common 109
sed 575
sensible-utils 110
startpar 95
sysv-rc 125
sysvinit-utils 147
tar 2261
tzdata 1710
util-linux 2733
zlib1g 179
Largest dirs
1868 /tmp/tmp.8pNqJo6ose/usr/share/perl/5.20.2/unicore/lib
2608 /tmp/tmp.8pNqJo6ose/sbin
2844 /tmp/tmp.8pNqJo6ose/usr/share/perl/5.20.2/unicore
3248 /tmp/tmp.8pNqJo6ose/usr/share/perl/5.20.2
3252 /tmp/tmp.8pNqJo6ose/usr/share/perl
3256 /tmp/tmp.8pNqJo6ose/var/lib/dpkg/info
3500 /tmp/tmp.8pNqJo6ose/usr/share/zoneinfo
3508 /tmp/tmp.8pNqJo6ose/var/lib/dpkg
3580 /tmp/tmp.8pNqJo6ose/var/lib
4208 /tmp/tmp.8pNqJo6ose/bin
5012 /tmp/tmp.8pNqJo6ose/var
6536 /tmp/tmp.8pNqJo6ose/usr/lib/x86_64-linux-gnu/gconv
8944 /tmp/tmp.8pNqJo6ose/usr/bin
9376 /tmp/tmp.8pNqJo6ose/usr/share
9760 /tmp/tmp.8pNqJo6ose/lib/x86_64-linux-gnu
10116 /tmp/tmp.8pNqJo6ose/lib
14508 /tmp/tmp.8pNqJo6ose/usr/lib/x86_64-linux-gnu
17108 /tmp/tmp.8pNqJo6ose/usr/lib
37072 /tmp/tmp.8pNqJo6ose/usr
59876 /tmp/tmp.8pNqJo6ose
Built in /tmp/tmp.8pNqJo6ose
Image built at build/jessie.tar
Failed to load correctly, expected id to be c37949263d998654631c5fdf2959838908384c1be7564fddf1510bed83047fc6, source in /tmp/tmp.zrR1tEhIza
Heard of CRON job and I generally know what it does and I need to run some script in some time intervals.
This is my first encounter with setting up a CRON job on any system.
I've studied about it for a while but haven't try it yet.
First I went off from this blog post:
Command scheduling with cron on Debian
And than something about to run in Docker:
How to run a cron job inside a docker container?
In minideb image I could located /etc/cron.daily
where I'll may put files but if I'll need to run CRON job hourly than I couldn't locate /etc/crontab
neither crontab
executable.
Is there anything I should follow up or avoid to run a CRON job in minideb container?
Description
CVE upstream Remediation for bitnami/kubectl - bitnami/containers#12457
FYI: @carrodher
Steps to reproduce the issue:
Please see: https://nvd.nist.gov/vuln/detail/CVE-2021-46848
Describe the results you received:
Failed Aquasec scan.
Describe the results you expected:
Passed Aquasec scan.
Additional information you deem important (e.g. issue happens only occasionally):
Referenced: https://github.com/bitnami/containers/blob/main/bitnami/kubectl/1.25/debian-11/Dockerfile
Version
minideb:bullseye
BUG REPORT INFORMATION
ls path returns 'Operation not permitted'
ls
only works in current directory. Not when passed a path.
Steps to reproduce the issue:
docker run --rm -it bitnami/minideb:latest
ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
ls /home
ls: cannot access '/home': Operation not permitted
Version
docker version
:# docker version
Client:
Version: 17.09.1-ce
API version: 1.32
Go version: go1.8.3
Git commit: 19e2cf6
Built: Thu Dec 7 22:23:40 2017
OS/Arch: linux/amd64
Server:
Version: 17.09.1-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: 19e2cf6
Built: Thu Dec 7 22:25:03 2017
OS/Arch: linux/amd64
Experimental: false```
- Output of `docker info`:
Containers: 2
Running: 1
Paused: 0
Stopped: 1
Images: 4
Server Version: 17.09.1-ce
Storage Driver: devicemapper
Pool Name: vg_docker-lv_thinpool
Pool Blocksize: 524.3kB
Base Device Size: 10.74GB
Backing Filesystem: xfs
Data file:
Metadata file:
Data Space Used: 1.201GB
Data Space Total: 102GB
Data Space Available: 100.8GB
Metadata Space Used: 17.55MB
Metadata Space Total: 1.07GB
Metadata Space Available: 1.052GB
Thin Pool Minimum Free Space: 10.2GB
Udev Sync Supported: true
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Library Version: 1.02.170-RHEL7 (2020-03-24)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.71.1.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.9 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.7GiB
Name: server.example.com
ID: 7WFX:23TY:2SRW:FQFO:LIUN:HPB4:XEBK:MNES:P4NC:TUDT:44AO:SAUA
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
**Additional environment details (AWS, VirtualBox, Docker for MAC, physical, etc.):**
VM on vCenter
We are using the sysctlImage init container of redis Helm chart to modify the kernel parameter somaxconn. With the latest version of minideb it seems like we cannot perform sysctl operations. We tried to do so with the minideb:stretch and it seems to be working. Is there any reason to that ?
Thanks
PS : seems like the sysctl package has changed to procps, maybe it's related ...
Hello,
I am getting the following error when I do:
install_packages curl
E: Unable to locate package curl
apt failed, retrying
W: Failed to fetch http://httpredir.debian.org/debian/dists/stretch/InRelease Temporary failure resolving 'httpredir.debian.org'
W: Failed to fetch http://security.debian.org/dists/stretch/updates/InRelease Temporary failure resolving 'security.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists...
Building dependency tree...
E: Unable to locate package curl
I'm using Docker CE 17.09 on Mac OS 10.13
The mysql-server
package installation prompts users to enter a password during build time. The DEBIAN_FRONTEND=noninteractive
variable does not seem to have any effect on this prompt. I tested the case using apt-get
as well as install_packages
helper script, with both attempts failing to install the mysql-server
package.
FROM bitnami/minideb:latest
RUN apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server
FROM bitnami/minideb:latest
RUN install_packages mysql-server
Trying to install Linux headers for the version minideb came with but cant seem to find the right headers.
$ docker run -it --name minideb bitnami/minideb:buster
root@9ae2fa033c63:/# uname -r
5.4.39-linuxkit
root@9ae2fa033c63:/# apt update
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Get:2 http://deb.debian.org/debian buster InRelease [121 kB]
Get:3 http://security.debian.org buster/updates/main amd64 Packages [306 kB]
Get:4 http://deb.debian.org/debian buster/main amd64 Packages [10.7 MB]
Fetched 11.2 MB in 6s (1795 kB/s)
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
root@9ae2fa033c63:/# apt search linux | egrep -i headers | egrep 39
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
root@9ae2fa033c63:/#
You add insserv
, startpar
, sysv-rc
, which debian:stable-slim
doesn't carry. Any reason why?
How to install Chinese language package
Thank you
Description
I was wondering if arm32 support is on your roadmap? A lot of downstream tools (Postgres, Mongo, Redis) support arm32, but the docker images published are 64bit only. Is it something you can/would like to support? Especially nowadays with Popularity of Raspberry PI and other Arm32 based SBC. Lots of people are using ARM for embed projects that minideb would benfit.
sorry, new to this but I pulled a copy of "minideb" but i cant keep it running, I tried for example
FROM bitnami/minideb
CMD /bin/bash
Everytime I run
docker pull bitnami/minideb:latest && docker container run bitnami/minideb
the container exits immediately so I want to keep it up to try to see what i can install, how it works, etc
Hello guys!
I have two questions about the project:
1 - Do you have plans to replace parts of Coreutils using Busybox. And plans to use musl or dietlib instead of glibc?
2 - I'd like to extract the base system to make a live usb, I'v check this link http://mr.gy/blog/build-vm-image-with-docker.html and found this instructions:
docker build -t ...
docker create --name=
dd if=/dev/zero of=disk.img bs=1 count=0 seek=1G
mkfs.ext2 -F disk.img
sudo mount -o loop disk.img /mnt
docker export | sudo tar x -C /mnt
sudo umount /mnt
But I'm really not ashamed to ask if is there a lazy way do get this source. Do you know?
Tks and congratulations for the great job!!!
Hi!
I was wondering if arm64 support is on your roadmap? A lot of downstream tools (Postgres, Mongo, Redis) support arm64, but the docker images published are amd64 only. Is it something you can/would like to support? Especially nowadays with ARM64 based AWS instances (Amazon EC2 A1) and the new Raspberry Pi 4, it becomes more and more useful :).
Description
All bitnami container images are populated in DockerHub and GCR.io registries.
2018/06/12 12:25:24 [INFO] ▶ Start clair-scanner
2018/06/12 12:25:26 [INFO] ▶ Server listening on port 9279
2018/06/12 12:25:26 [INFO] ▶ Analyzing 913873fd076ae841a1c41d3295f9a0dabbad4a743ec2ec3f122092878093aaa2
2018/06/12 12:25:26 [WARN] ▶ Image [bitnami/minideb] contains 54 total vulnerabilities
2018/06/12 12:25:26 [ERRO] ▶ Image [bitnami/minideb] contains 54 unapproved vulnerabilities
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| STATUS | CVE SEVERITY | PACKAGE NAME | PACKAGE VERSION | CVE DESCRIPTION |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | High CVE-2016-9843 | zlib | 1:1.2.8.dfsg-2 | The crc32_big function in crc32.c in zlib 1.2.8 might |
| | | | | allow context-dependent attackers to have unspecified |
| | | | | impact via vectors involving big-endian CRC calculation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9843 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | High CVE-2017-12424 | shadow | 1:4.2-3+deb8u4 | In shadow before 4.5, the newusers tool could be |
| | | | | made to manipulate internal data structures in ways |
| | | | | unintended by the authors. Malformed input may lead |
| | | | | to crashes (with a buffer overflow or other memory |
| | | | | corruption) or other unspecified behaviors. This |
| | | | | crosses a privilege boundary in, for example, certain |
| | | | | web-hosting environments in which a Control Panel allows |
| | | | | an unprivileged user account to create subaccounts. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-12424 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | High CVE-2017-10685 | ncurses | 5.9+20140913-1 | In ncurses 6.0, there is a format string vulnerability |
| | | | | in the fmt_entry function. A crafted input will |
| | | | | lead to a remote arbitrary code execution attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-10685 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | High CVE-2017-8804 | glibc | 2.19-18+deb8u10 | The xdr_bytes and xdr_string functions in the GNU C |
| | | | | Library (aka glibc or libc6) 2.25 mishandle failures |
| | | | | of buffer deserialization, which allows remote |
| | | | | attackers to cause a denial of service (virtual |
| | | | | memory allocation, or memory consumption if an |
| | | | | overcommit setting is not used) via a crafted UDP |
| | | | | packet to port 111, a related issue to CVE-2017-8779. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-8804 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | High CVE-2017-10684 | ncurses | 5.9+20140913-1 | In ncurses 6.0, there is a stack-based buffer overflow |
| | | | | in the fmt_entry function. A crafted input will |
| | | | | lead to a remote arbitrary code execution attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-10684 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | High CVE-2016-9841 | zlib | 1:1.2.8.dfsg-2 | inffast.c in zlib 1.2.8 might allow context-dependent |
| | | | | attackers to have unspecified impact by |
| | | | | leveraging improper pointer arithmetic. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9841 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | High CVE-2014-9761 | glibc | 2.19-18+deb8u10 | Multiple stack-based buffer overflows in the GNU C Library |
| | | | | (aka glibc or libc6) before 2.23 allow context-dependent |
| | | | | attackers to cause a denial of service (application |
| | | | | crash) or possibly execute arbitrary code via a long |
| | | | | argument to the (1) nan, (2) nanf, or (3) nanl function. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2014-9761 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | High CVE-2016-2779 | util-linux | 2.25.2-6 | runuser in util-linux allows local users to escape to |
| | | | | the parent session via a crafted TIOCSTI ioctl call, |
| | | | | which pushes characters to the terminal's input buffer. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-2779 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-12132 | glibc | 2.19-18+deb8u10 | The DNS stub resolver in the GNU C Library (aka |
| | | | | glibc or libc6) before version 2.26, when EDNS |
| | | | | support is enabled, will solicit large UDP responses |
| | | | | from name servers, potentially simplifying off-path |
| | | | | DNS spoofing attacks due to IP fragmentation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-12132 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2015-5276 | gcc-4.9 | 4.9.2-10 | The std::random_device class in libstdc++ in the GNU |
| | | | | Compiler Collection (aka GCC) before 4.9.4 does not |
| | | | | properly handle short reads from blocking sources, |
| | | | | which makes it easier for context-dependent attackers |
| | | | | to predict the random values via unspecified vectors. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2015-5276 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-7244 | pcre3 | 2:8.35-3.3+deb8u4 | The _pcre32_xclass function in pcre_xclass.c in libpcre1 |
| | | | | in PCRE 8.40 allows remote attackers to cause a denial |
| | | | | of service (invalid memory read) via a crafted file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-7244 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2016-5011 | util-linux | 2.25.2-6 | The parse_dos_extended function in partitions/dos.c in |
| | | | | the libblkid library in util-linux allows physically |
| | | | | proximate attackers to cause a denial of service (memory |
| | | | | consumption) via a crafted MSDOS partition table with |
| | | | | an extended partition boot record at zero offset. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-5011 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2015-3217 | pcre3 | 2:8.35-3.3+deb8u4 | PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 |
| | | | | mishandle group empty matches, which might allow remote |
| | | | | attackers to cause a denial of service (stack-based |
| | | | | buffer overflow) via a crafted regular expression, |
| | | | | as demonstrated by /^(?:(?(1)\.|([^\\\\W_])?)+)+$/. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2015-3217 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-7186 | pcre3 | 2:8.35-3.3+deb8u4 | libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 |
| | | | | allow remote attackers to cause a denial of service |
| | | | | (segmentation violation for read access, and application |
| | | | | crash) by triggering an invalid Unicode property lookup. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-7186 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-12133 | glibc | 2.19-18+deb8u10 | The DNS stub resolver in the GNU C Library |
| | | | | (glibc) before version 2.26, when EDNS support |
| | | | | is enabled, will solicit large UDP responses from |
| | | | | name servers, potentially simplifying off-path |
| | | | | DNS spoofing attackers due to IP fragmentation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-12133 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2016-9842 | zlib | 1:1.2.8.dfsg-2 | The inflateMark function in inflate.c in zlib |
| | | | | 1.2.8 might allow context-dependent attackers |
| | | | | to have unspecified impact via vectors |
| | | | | involving left shifts of negative integers. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9842 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-13734 | ncurses | 5.9+20140913-1 | There is an illegal address access in the |
| | | | | _nc_safe_strcat function in strings.c in ncurses 6.0 |
| | | | | that will lead to a remote denial of service attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13734 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-13732 | ncurses | 5.9+20140913-1 | There is an illegal address access in the function |
| | | | | dump_uses() in progs/dump_entry.c in ncurses 6.0 that |
| | | | | might lead to a remote denial of service attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13732 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-13733 | ncurses | 5.9+20140913-1 | There is an illegal address access in the fmt_entry |
| | | | | function in progs/dump_entry.c in ncurses 6.0 that |
| | | | | might lead to a remote denial of service attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13733 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-13730 | ncurses | 5.9+20140913-1 | There is an illegal address access in the function |
| | | | | _nc_read_entry_source() in progs/tic.c in ncurses 6.0 |
| | | | | that might lead to a remote denial of service attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13730 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-13729 | ncurses | 5.9+20140913-1 | There is an illegal address access in the _nc_save_str |
| | | | | function in alloc_entry.c in ncurses 6.0. It |
| | | | | will lead to a remote denial of service attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13729 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2016-9840 | zlib | 1:1.2.8.dfsg-2 | inftrees.c in zlib 1.2.8 might allow |
| | | | | context-dependent attackers to have unspecified |
| | | | | impact by leveraging improper pointer arithmetic. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9840 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-13731 | ncurses | 5.9+20140913-1 | There is an illegal address access in the function |
| | | | | postprocess_termcap() in parse_entry.c in ncurses 6.0 |
| | | | | that will lead to a remote denial of service attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13731 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-11112 | ncurses | 5.9+20140913-1 | In ncurses 6.0, there is an attempted |
| | | | | 0xffffffffffffffff access in the append_acs function |
| | | | | of tinfo/parse_entry.c. It could lead to a remote |
| | | | | denial of service attack if the terminfo library |
| | | | | code is used to process untrusted terminfo data. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-11112 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-13728 | ncurses | 5.9+20140913-1 | There is an infinite loop in the next_char function in |
| | | | | comp_scan.c in ncurses 6.0, related to libtic. A crafted |
| | | | | input will lead to a remote denial of service attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13728 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2017-11113 | ncurses | 5.9+20140913-1 | In ncurses 6.0, there is a NULL Pointer Dereference in the |
| | | | | _nc_parse_entry function of tinfo/parse_entry.c. It could |
| | | | | lead to a remote denial of service attack if the terminfo |
| | | | | library code is used to process untrusted terminfo data. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-11113 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Medium CVE-2016-10228 | glibc | 2.19-18+deb8u10 | The iconv program in the GNU C Library (aka glibc or |
| | | | | libc6) 2.25 and earlier, when invoked with the -c option, |
| | | | | enters an infinite loop when processing invalid multi-byte |
| | | | | input sequences, leading to a denial of service. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-10228 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Low CVE-2016-3189 | bzip2 | 1.0.6-7 | Use-after-free vulnerability in bzip2recover in bzip2 |
| | | | | 1.0.6 allows remote attackers to cause a denial of |
| | | | | service (crash) via a crafted bzip2 file, related |
| | | | | to block ends set to before the start of the block. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-3189 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Low CVE-2017-11671 | gcc-4.9 | 4.9.2-10 | Under certain circumstances, the ix86_expand_builtin |
| | | | | function in i386.c in GNU Compiler Collection (GCC) |
| | | | | version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before |
| | | | | 6.4 will generate instruction sequences that clobber the |
| | | | | status flag of the RDRAND and RDSEED intrinsics before |
| | | | | it can be read, potentially causing failures of these |
| | | | | instructions to go unreported. This could potentially |
| | | | | lead to less randomness in random number generation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-11671 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Low CVE-2016-9401 | bash | 4.3-11+deb8u1 | popd in bash might allow local users to |
| | | | | bypass the restricted shell and cause a |
| | | | | use-after-free via a crafted address. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9401 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Low CVE-2016-2781 | coreutils | 8.23-4 | chroot in GNU coreutils, when used with --userspec, |
| | | | | allows local users to escape to the parent session |
| | | | | via a crafted TIOCSTI ioctl call, which pushes |
| | | | | characters to the terminal's input buffer. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-2781 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Low CVE-2015-5180 | glibc | 2.19-18+deb8u10 | res_query in libresolv in glibc before 2.25 allows |
| | | | | remote attackers to cause a denial of service |
| | | | | (NULL pointer dereference and process crash). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2015-5180 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2010-4756 | glibc | 2.19-18+deb8u10 | The glob implementation in the GNU C Library (aka glibc |
| | | | | or libc6) allows remote authenticated users to cause a |
| | | | | denial of service (CPU and memory consumption) via crafted |
| | | | | glob expressions that do not match any pathnames, as |
| | | | | demonstrated by glob expressions in STAT commands to an |
| | | | | FTP daemon, a different vulnerability than CVE-2010-2632. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2010-4756 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-12837 | perl | 5.20.2-3+deb8u8 | |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-12837 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-12883 | perl | 5.20.2-3+deb8u8 | |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-12883 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2011-4116 | perl | 5.20.2-3+deb8u8 | |
| | | | | https://security-tracker.debian.org/tracker/CVE-2011-4116 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2015-8985 | glibc | 2.19-18+deb8u10 | The pop_fail_stack function in the GNU C Library |
| | | | | (aka glibc or libc6) allows context-dependent |
| | | | | attackers to cause a denial of service (assertion |
| | | | | failure and application crash) via vectors related |
| | | | | to extended regular expression processing. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2015-8985 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2010-4051 | glibc | 2.19-18+deb8u10 | The regcomp implementation in the GNU C Library (aka |
| | | | | glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, |
| | | | | allows context-dependent attackers to cause a denial |
| | | | | of service (application crash) via a regular expression |
| | | | | containing adjacent bounded repetitions that bypass the |
| | | | | intended RE_DUP_MAX limitation, as demonstrated by a |
| | | | | {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c |
| | | | | exploit for ProFTPD, related to a "RE_DUP_MAX overflow." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2010-4051 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2012-3878 | perl | 5.20.2-3+deb8u8 | |
| | | | | https://security-tracker.debian.org/tracker/CVE-2012-3878 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2011-3374 | apt | 1.0.9.8.4 | |
| | | | | https://security-tracker.debian.org/tracker/CVE-2011-3374 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2010-4052 | glibc | 2.19-18+deb8u10 | Stack consumption vulnerability in the regcomp |
| | | | | implementation in the GNU C Library (aka glibc or |
| | | | | libc6) through 2.11.3, and 2.12.x through 2.12.2, |
| | | | | allows context-dependent attackers to cause a |
| | | | | denial of service (resource exhaustion) via a |
| | | | | regular expression containing adjacent repetition |
| | | | | operators, as demonstrated by a {10,}{10,}{10,}{10,} |
| | | | | sequence in the proftpd.gnu.c exploit for ProFTPD. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2010-4052 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2015-5186 | audit | 1:2.4-1 | Audit before 2.4.4 in Linux does not |
| | | | | sanitize escape characters in filenames. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2015-5186 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-7246 | pcre3 | 2:8.35-3.3+deb8u4 | Stack-based buffer overflow in the pcre32_copy_substring |
| | | | | function in pcre_get.c in libpcre1 in PCRE 8.40 |
| | | | | allows remote attackers to cause a denial of |
| | | | | service (WRITE of size 268) or possibly have |
| | | | | unspecified other impact via a crafted file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-7246 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-7245 | pcre3 | 2:8.35-3.3+deb8u4 | Stack-based buffer overflow in the pcre32_copy_substring |
| | | | | function in pcre_get.c in libpcre1 in PCRE |
| | | | | 8.40 allows remote attackers to cause a denial |
| | | | | of service (WRITE of size 4) or possibly have |
| | | | | unspecified other impact via a crafted file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-7245 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2015-5218 | util-linux | 2.25.2-6 | Buffer overflow in text-utils/colcrt.c in colcrt |
| | | | | in util-linux before 2.27 allows local users to |
| | | | | cause a denial of service (crash) via a crafted |
| | | | | file, related to the page global variable. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2015-5218 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-2616 | util-linux | 2.25.2-6 | |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-2616 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-11164 | pcre3 | 2:8.35-3.3+deb8u4 | In PCRE 8.41, the OP_KETRMAX feature in the match function |
| | | | | in pcre_exec.c allows stack exhaustion (uncontrolled |
| | | | | recursion) when processing a crafted regular expression. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-11164 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2015-5224 | util-linux | 2.25.2-6 | The mkostemp function in login-utils in util-linux |
| | | | | when used incorrectly allows remote attackers to |
| | | | | cause file name collision and possibly other attacks. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2015-5224 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-8283 | dpkg | 1.17.27 | dpkg-source in dpkg 1.3.0 through 1.18.23 is able |
| | | | | to use a non-GNU patch program and does not offer a |
| | | | | protection mechanism for blank-indented diff hunks, |
| | | | | which allows remote attackers to conduct directory |
| | | | | traversal attacks via a crafted Debian source package, |
| | | | | as demonstrated by use of dpkg-source on NetBSD. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-8283 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2013-4392 | systemd | 215-17+deb8u7 | systemd, when updating file permissions, allows |
| | | | | local users to change the permissions and |
| | | | | SELinux security contexts for arbitrary files |
| | | | | via a symlink attack on unspecified files. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2013-4392 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2013-4235 | shadow | 1:4.2-3+deb8u4 | |
| | | | | https://security-tracker.debian.org/tracker/CVE-2013-4235 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2005-2541 | tar | 1.27.1-2+deb8u1 | Tar 1.15.1 does not properly warn the user when |
| | | | | extracting setuid or setgid files, which may allow |
| | | | | local users or remote attackers to gain privileges. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2005-2541 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Negligible CVE-2007-5686 | shadow | 1:4.2-3+deb8u4 | initscripts in rPath Linux 1 sets insecure permissions |
| | | | | for the /var/log/btmp file, which allows local |
| | | | | users to obtain sensitive information regarding |
| | | | | authentication attempts. NOTE: because sshd detects |
| | | | | the insecure permissions and does not log certain |
| | | | | events, this also prevents sshd from logging failed |
| | | | | authentication attempts by remote attackers. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2007-5686 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
| Unapproved | Unknown CVE-2017-10140 | db5.3 | 5.3.28-9 | |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-10140 |
+------------+---------------------------+--------------+-------------------+------------------------------------------------------------+
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.