Merge pull request #1298 from tianon/debian-eol
This commit is contained in:
Simen Bekkhus
GitHub
commit
34b507fb66
14
.travis.yml
14
.travis.yml
|
|
@ -67,20 +67,6 @@ jobs:
|
|||
|
||||
# Docker Build #
|
||||
|
||||
- stage: Build
|
||||
before_script: *auto_skip
|
||||
name: 10 on jessie
|
||||
env:
|
||||
- NODE_VERSION="10"
|
||||
- VARIANT="jessie"
|
||||
|
||||
- stage: Build
|
||||
before_script: *auto_skip
|
||||
name: 10 on jessie-slim
|
||||
env:
|
||||
- NODE_VERSION="10"
|
||||
- VARIANT="jessie-slim"
|
||||
|
||||
- stage: Build
|
||||
before_script: *auto_skip
|
||||
name: 10 on stretch
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
bashbrew-arch variants
|
||||
amd64 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
amd64 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
arm32v6 alpine3.9,alpine3.10,alpine3.11
|
||||
arm32v7 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
arm32v7 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
i386 alpine3.9,alpine3.10,alpine3.11
|
||||
ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
s390x stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
ppc64le buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
s390x buster,buster-slim,alpine3.9,alpine3.10,alpine3.11
|
||||
|
|
|
|||
|
|
@ -1,97 +0,0 @@
|
|||
FROM debian:jessie-slim
|
||||
|
||||
RUN groupadd --gid 1000 node \
|
||||
&& useradd --uid 1000 --gid node --shell /bin/bash --create-home node
|
||||
|
||||
ENV NODE_VERSION 10.22.0
|
||||
|
||||
RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
|
||||
&& case "${dpkgArch##*-}" in \
|
||||
amd64) ARCH='x64';; \
|
||||
ppc64el) ARCH='ppc64le';; \
|
||||
s390x) ARCH='s390x';; \
|
||||
arm64) ARCH='arm64';; \
|
||||
armhf) ARCH='armv7l';; \
|
||||
i386) ARCH='x86';; \
|
||||
*) echo "unsupported architecture"; exit 1 ;; \
|
||||
esac \
|
||||
&& set -ex \
|
||||
# libatomic1 for arm
|
||||
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& for key in \
|
||||
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
|
||||
FD3A5288F042B6850C66B31F09FE44734EB7990E \
|
||||
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
|
||||
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
|
||||
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
|
||||
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
|
||||
77984A986EBC2AA786BC0F66B01FBB92821C587A \
|
||||
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
|
||||
4ED778F539E3634C779C87C6D7062848A1AB005C \
|
||||
A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
|
||||
B9E2F5981AA6E0CD28160D9FF13993A75599653C \
|
||||
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
|
||||
; do \
|
||||
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
|
||||
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
|
||||
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
|
||||
done \
|
||||
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
|
||||
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
|
||||
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
|
||||
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
|
||||
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
|
||||
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
|
||||
&& apt-mark auto '.*' > /dev/null \
|
||||
&& find /usr/local -type f -executable -exec ldd '{}' ';' \
|
||||
| awk '/=>/ { print $(NF-1) }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query --search \
|
||||
| cut -d: -f1 \
|
||||
| sort -u \
|
||||
| xargs -r apt-mark manual \
|
||||
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
|
||||
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs \
|
||||
# smoke tests
|
||||
&& node --version \
|
||||
&& npm --version
|
||||
|
||||
ENV YARN_VERSION 1.22.4
|
||||
|
||||
RUN set -ex \
|
||||
&& savedAptMark="$(apt-mark showmanual)" \
|
||||
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& for key in \
|
||||
6A010C5166006599AA17F08146C2130DFD2497F5 \
|
||||
; do \
|
||||
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
|
||||
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
|
||||
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
|
||||
done \
|
||||
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
|
||||
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
|
||||
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
|
||||
&& mkdir -p /opt \
|
||||
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
|
||||
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
|
||||
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
|
||||
&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
|
||||
&& apt-mark auto '.*' > /dev/null \
|
||||
&& { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \
|
||||
&& find /usr/local -type f -executable -exec ldd '{}' ';' \
|
||||
| awk '/=>/ { print $(NF-1) }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query --search \
|
||||
| cut -d: -f1 \
|
||||
| sort -u \
|
||||
| xargs -r apt-mark manual \
|
||||
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
|
||||
# smoke test
|
||||
&& yarn --version
|
||||
|
||||
COPY docker-entrypoint.sh /usr/local/bin/
|
||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||
|
||||
CMD [ "node" ]
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then
|
||||
set -- node "$@"
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
|
|
@ -1,73 +0,0 @@
|
|||
FROM buildpack-deps:jessie
|
||||
|
||||
RUN groupadd --gid 1000 node \
|
||||
&& useradd --uid 1000 --gid node --shell /bin/bash --create-home node
|
||||
|
||||
ENV NODE_VERSION 10.22.0
|
||||
|
||||
RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
|
||||
&& case "${dpkgArch##*-}" in \
|
||||
amd64) ARCH='x64';; \
|
||||
ppc64el) ARCH='ppc64le';; \
|
||||
s390x) ARCH='s390x';; \
|
||||
arm64) ARCH='arm64';; \
|
||||
armhf) ARCH='armv7l';; \
|
||||
i386) ARCH='x86';; \
|
||||
*) echo "unsupported architecture"; exit 1 ;; \
|
||||
esac \
|
||||
# gpg keys listed at https://github.com/nodejs/node#release-keys
|
||||
&& set -ex \
|
||||
&& for key in \
|
||||
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
|
||||
FD3A5288F042B6850C66B31F09FE44734EB7990E \
|
||||
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
|
||||
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
|
||||
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
|
||||
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
|
||||
77984A986EBC2AA786BC0F66B01FBB92821C587A \
|
||||
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
|
||||
4ED778F539E3634C779C87C6D7062848A1AB005C \
|
||||
A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
|
||||
B9E2F5981AA6E0CD28160D9FF13993A75599653C \
|
||||
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
|
||||
; do \
|
||||
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
|
||||
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
|
||||
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
|
||||
done \
|
||||
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
|
||||
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
|
||||
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
|
||||
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
|
||||
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
|
||||
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
|
||||
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs \
|
||||
# smoke tests
|
||||
&& node --version \
|
||||
&& npm --version
|
||||
|
||||
ENV YARN_VERSION 1.22.4
|
||||
|
||||
RUN set -ex \
|
||||
&& for key in \
|
||||
6A010C5166006599AA17F08146C2130DFD2497F5 \
|
||||
; do \
|
||||
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
|
||||
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
|
||||
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
|
||||
done \
|
||||
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
|
||||
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
|
||||
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
|
||||
&& mkdir -p /opt \
|
||||
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
|
||||
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
|
||||
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
|
||||
&& rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
|
||||
# smoke test
|
||||
&& yarn --version
|
||||
|
||||
COPY docker-entrypoint.sh /usr/local/bin/
|
||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||
|
||||
CMD [ "node" ]
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then
|
||||
set -- node "$@"
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
|
|
@ -4,5 +4,5 @@ arm32v6 alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
|||
arm32v7 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
i386 alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
s390x stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
ppc64le buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
s390x buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ arm32v6 alpine3.10,alpine3.11,alpine3.12
|
|||
arm32v7 stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11,alpine3.12
|
||||
arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11,alpine3.12
|
||||
i386 alpine3.10,alpine3.11,alpine3.12
|
||||
ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11,alpine3.12
|
||||
s390x stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11,alpine3.12
|
||||
ppc64le buster,buster-slim,alpine3.10,alpine3.11,alpine3.12
|
||||
s390x buster,buster-slim,alpine3.10,alpine3.11,alpine3.12
|
||||
|
|
|
|||
|
|
@ -7,6 +7,6 @@ Security issues relating to Node.js project should follow the process documented
|
|||
CVEs for the base image packages should be reported to those repositories. Nothing to address those CVEs is in the hands of this repos.
|
||||
|
||||
- [Alpine](https://github.com/alpinelinux/docker-alpine)
|
||||
- [Debian (buster, jessie, stretch)](https://github.com/debuerreotype/docker-debian-artifacts)
|
||||
- [Debian (buster, stretch)](https://github.com/debuerreotype/docker-debian-artifacts)
|
||||
|
||||
When base images are patched, the images are rebuilt and rolled out to the Docker hub without intervention by this repo. This process is explained in <https://github.com/docker-library/faq/#why-does-my-security-scanner-show-that-an-image-has-cves>.
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
bashbrew-arch variants
|
||||
amd64 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
arm32v6 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
arm32v7 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
arm64v8 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
i386 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
ppc64le jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
s390x jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
amd64 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
arm32v6 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
arm32v7 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
i386 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
s390x stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11,alpine3.12
|
||||
|
|
|
|||
Loading…
Reference in New Issue