mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-10 06:42:45 +02:00
The debian 'stable' images configure apt to install from the rolling 'stable' repository, rather than a specific Debian release. Thus even though we pin to a specific Docker image digest, the packages installed by 'apt-get' can change when a new Debian release is promoted to stable. Instead, pin to an image where apt is configured to install from repositories for a specific Debian release (in this case, bullseye).
This commit is contained in:
parent
cd833fcf00
commit
d8d59ddded
5 changed files with 10 additions and 10 deletions
4
.github/Dockerfile-release
vendored
4
.github/Dockerfile-release
vendored
|
@ -1,6 +1,6 @@
|
|||
# build our own root trust store from current stable
|
||||
FROM debian:stable@sha256:1c3446475ac28a9f42a4627d8945d7bed88b8128b5850b61c5890ff47f317681 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates
|
||||
FROM debian:latest@sha256:432f545c6ba13b79e2681f4cc4858788b0ab099fc1cca799cc0fae4687c69070 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates=20210119
|
||||
# Remove expired root (https://github.com/pomerium/pomerium/issues/2653)
|
||||
RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates
|
||||
|
||||
|
|
4
.github/Dockerfile-release-debug
vendored
4
.github/Dockerfile-release-debug
vendored
|
@ -1,6 +1,6 @@
|
|||
# build our own root trust store from current stable
|
||||
FROM debian:stable@sha256:1c3446475ac28a9f42a4627d8945d7bed88b8128b5850b61c5890ff47f317681 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates
|
||||
FROM debian:latest@sha256:432f545c6ba13b79e2681f4cc4858788b0ab099fc1cca799cc0fae4687c69070 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates=20210119
|
||||
# Remove expired root (https://github.com/pomerium/pomerium/issues/2653)
|
||||
RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates
|
||||
|
||||
|
|
4
.github/Dockerfile-release-debug-nonroot
vendored
4
.github/Dockerfile-release-debug-nonroot
vendored
|
@ -1,6 +1,6 @@
|
|||
# build our own root trust store from current stable
|
||||
FROM debian:stable@sha256:1c3446475ac28a9f42a4627d8945d7bed88b8128b5850b61c5890ff47f317681 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates
|
||||
FROM debian:latest@sha256:432f545c6ba13b79e2681f4cc4858788b0ab099fc1cca799cc0fae4687c69070 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates=20210119
|
||||
# Remove expired root (https://github.com/pomerium/pomerium/issues/2653)
|
||||
RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates
|
||||
|
||||
|
|
4
.github/Dockerfile-release-nonroot
vendored
4
.github/Dockerfile-release-nonroot
vendored
|
@ -1,6 +1,6 @@
|
|||
# build our own root trust store from current stable
|
||||
FROM debian:stable@sha256:1c3446475ac28a9f42a4627d8945d7bed88b8128b5850b61c5890ff47f317681 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates
|
||||
FROM debian:latest@sha256:432f545c6ba13b79e2681f4cc4858788b0ab099fc1cca799cc0fae4687c69070 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates=20210119
|
||||
# Remove expired root (https://github.com/pomerium/pomerium/issues/2653)
|
||||
RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates
|
||||
|
||||
|
|
|
@ -30,8 +30,8 @@ RUN make build-go NAME=pomerium
|
|||
RUN touch /config.yaml
|
||||
|
||||
# build our own root trust store from current stable
|
||||
FROM debian:stable@sha256:1fbdbcfb07b174d245e5f26191aa0401294ae5612a406cdb407f1f6fa6e29e23 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates
|
||||
FROM debian:latest@sha256:432f545c6ba13b79e2681f4cc4858788b0ab099fc1cca799cc0fae4687c69070 as casource
|
||||
RUN apt-get update && apt-get install -y ca-certificates=20210119
|
||||
# Remove expired root (https://github.com/pomerium/pomerium/issues/2653)
|
||||
RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue