From 24801f5c275395e96ce33e3365f4d788bf9f8717 Mon Sep 17 00:00:00 2001 From: Sam Batschelet Date: Thu, 30 Sep 2021 08:19:37 -0400 Subject: [PATCH] Dockerfile: bump debian bullseye-20210927 fixes: CVE-2021-3711, CVE-2021-35942, CVE-2019-9893 Signed-off-by: Sam Batschelet --- Dockerfile-release | 3 ++- Dockerfile-release.arm64 | 9 ++++++++- Dockerfile-release.ppc64le | 9 ++++++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/Dockerfile-release b/Dockerfile-release index 736445fcc57..1a2337b598f 100644 --- a/Dockerfile-release +++ b/Dockerfile-release @@ -1,4 +1,5 @@ -FROM alpine:latest +# TODO: move to k8s.gcr.io/build-image/debian-base:bullseye-v1.y.z when patched +FROM debian:bullseye-20210927 ADD etcd /usr/local/bin/ ADD etcdctl /usr/local/bin/ diff --git a/Dockerfile-release.arm64 b/Dockerfile-release.arm64 index d8816e58d22..7aa74566e3c 100644 --- a/Dockerfile-release.arm64 +++ b/Dockerfile-release.arm64 @@ -1,10 +1,17 @@ -FROM aarch64/ubuntu:16.04 +# TODO: move to k8s.gcr.io/build-image/debian-base-arm64:bullseye-1.y.z when patched +FROM arm64v8/debian:bullseye-20210927 ADD etcd /usr/local/bin/ ADD etcdctl /usr/local/bin/ ADD var/etcd /var/etcd ADD var/lib/etcd /var/lib/etcd +# Alpine Linux doesn't use pam, which means that there is no /etc/nsswitch.conf, +# but Golang relies on /etc/nsswitch.conf to check the order of DNS resolving +# (see https://github.com/golang/go/commit/9dee7771f561cf6aee081c0af6658cc81fac3918) +# To fix this we just create /etc/nsswitch.conf and add the following line: +RUN echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf + EXPOSE 2379 2380 # Define default command. diff --git a/Dockerfile-release.ppc64le b/Dockerfile-release.ppc64le index 2fb02c412cb..a30b20b47b4 100644 --- a/Dockerfile-release.ppc64le +++ b/Dockerfile-release.ppc64le @@ -1,10 +1,17 @@ -FROM ppc64le/ubuntu:16.04 +# TODO: move to k8s.gcr.io/build-image/debian-base-ppc64le:bullseye-1.y.z when patched +FROM ppc64le/debian:bullseye-20210927 ADD etcd /usr/local/bin/ ADD etcdctl /usr/local/bin/ ADD var/etcd /var/etcd ADD var/lib/etcd /var/lib/etcd +# Alpine Linux doesn't use pam, which means that there is no /etc/nsswitch.conf, +# but Golang relies on /etc/nsswitch.conf to check the order of DNS resolving +# (see https://github.com/golang/go/commit/9dee7771f561cf6aee081c0af6658cc81fac3918) +# To fix this we just create /etc/nsswitch.conf and add the following line: +RUN echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf + EXPOSE 2379 2380 # Define default command.