docker-ubuntu/Dockerfile at master · Chekote/docker-ubuntu · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# chekote/ubuntu:latest
# chekote/ubuntu:$RELEASE_NAME
# chekote/ubuntu:$RELEASE_NAME-$(date +%Y-%m-%d)
ARG FROM_TAG=latest

FROM ubuntu:$FROM_TAG

ARG TARGETPLATFORM

ENV DEBIAN_FRONTEND=noninteractive

RUN set -eu; \
    #
    # Update repo data
    apt-get update; \
    #
    # Upgrade all packages
    apt-get upgrade -y; \
    #
    apt-get install -y --no-install-suggests --no-install-recommends \
      # Fix 'debconf: delaying package configuration, since apt-utils is not installed'
      apt-utils \
      #
      # Fix -u may not run as fully supported user (no home, no /etc/passwd entry, etc). See entrypoint.sh
      gosu \
      #
      # Make sure we have the most recent Certificate Authority Certificates
      ca-certificates; \
    #
    # Cleanup
    apt-get autoremove -y; \
    apt-get clean; \
    rm -rf /var/lib/apt/lists/*; \
    #
    # Mitigate CVE-2024-2961 (https://nvd.nist.gov/vuln/detail/CVE-2024-2961)
    ARCH=$(echo ${TARGETPLATFORM} | cut -d '/' -f2); \
    #
    # Determine the gnu dir based on the system architecture
    if [ "$ARCH" = "arm" ]; then \
        DIR="arm-linux-gnueabihf"; \
    elif [ "$ARCH" = "amd64" ]; then \
        DIR="x86_64-linux-gnu"; \
    elif [ "$ARCH" = "arm64" ]; then \
        DIR="aarch64-linux-gnu"; \
    else \
        echo "Unrecognized architecture '$ARCH'"; \
        exit 1; \
    fi; \
    #
    # Remove the vulnerable character sets
    sed -i -E '/CN-?EXT/d' "/usr/lib/$DIR/gconv/gconv-modules.d/gconv-modules-extra.conf"; \
    #
    # Remove default "ubuntu" user
    userdel -r ubuntu;

COPY entrypoint.sh /usr/local/bin/entrypoint.sh

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]