This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch v2-8-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 45a5f13d3190d6ae6b8a70aa60e4a21948ad324a Author: Jarek Potiuk <[email protected]> AuthorDate: Sat Feb 24 20:07:28 2024 +0100 Remove gosu binary from our images (#37677) We have a "gosu" binary installed in Airflow image but it does not seem to be used and it brings in a number of security vulnerabilities because gosu uses an older go stdlib library. This PR removes the gosu binary from the image altogether. (cherry picked from commit 349e8bdfaa19f949806971943fa2c487e3e11aaf) --- Dockerfile | 4 ++-- Dockerfile.ci | 6 +++--- INSTALL | 2 +- contributing-docs/03_contributors_quick_start.rst | 2 +- docs/apache-airflow/installation/dependencies.rst | 4 ++-- scripts/docker/install_os_dependencies.sh | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1ada5269c8..358da9b315 100644 --- a/Dockerfile +++ b/Dockerfile @@ -93,7 +93,7 @@ fi function get_dev_apt_deps() { if [[ "${DEV_APT_DEPS=}" == "" ]]; then DEV_APT_DEPS="apt-transport-https apt-utils build-essential ca-certificates dirmngr \ -freetds-bin freetds-dev git gosu graphviz graphviz-dev krb5-user ldap-utils libffi-dev libgeos-dev \ +freetds-bin freetds-dev git graphviz graphviz-dev krb5-user ldap-utils libffi-dev libgeos-dev \ libkrb5-dev libldap2-dev libleveldb1d libleveldb-dev libsasl2-2 libsasl2-dev libsasl2-modules \ libssl-dev libxmlsec1 libxmlsec1-dev locales lsb-release openssh-client pkgconf sasl2-bin \ software-properties-common sqlite3 sudo unixodbc unixodbc-dev zlib1g-dev" @@ -120,7 +120,7 @@ function get_runtime_apt_deps() { echo if [[ "${RUNTIME_APT_DEPS=}" == "" ]]; then RUNTIME_APT_DEPS="apt-transport-https apt-utils ca-certificates \ -curl dumb-init freetds-bin gosu krb5-user libgeos-dev \ +curl dumb-init freetds-bin krb5-user libgeos-dev \ ldap-utils libsasl2-2 libsasl2-modules libxmlsec1 locales ${debian_version_apt_deps} \ lsb-release openssh-client python3-selinux rsync sasl2-bin sqlite3 sudo unixodbc" export RUNTIME_APT_DEPS diff --git a/Dockerfile.ci b/Dockerfile.ci index b63fd0896b..295f2adb53 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -53,7 +53,7 @@ fi function get_dev_apt_deps() { if [[ "${DEV_APT_DEPS=}" == "" ]]; then DEV_APT_DEPS="apt-transport-https apt-utils build-essential ca-certificates dirmngr \ -freetds-bin freetds-dev git gosu graphviz graphviz-dev krb5-user ldap-utils libffi-dev libgeos-dev \ +freetds-bin freetds-dev git graphviz graphviz-dev krb5-user ldap-utils libffi-dev libgeos-dev \ libkrb5-dev libldap2-dev libleveldb1d libleveldb-dev libsasl2-2 libsasl2-dev libsasl2-modules \ libssl-dev libxmlsec1 libxmlsec1-dev locales lsb-release openssh-client pkgconf sasl2-bin \ software-properties-common sqlite3 sudo unixodbc unixodbc-dev zlib1g-dev" @@ -80,7 +80,7 @@ function get_runtime_apt_deps() { echo if [[ "${RUNTIME_APT_DEPS=}" == "" ]]; then RUNTIME_APT_DEPS="apt-transport-https apt-utils ca-certificates \ -curl dumb-init freetds-bin gosu krb5-user libgeos-dev \ +curl dumb-init freetds-bin krb5-user libgeos-dev \ ldap-utils libsasl2-2 libsasl2-modules libxmlsec1 locales ${debian_version_apt_deps} \ lsb-release openssh-client python3-selinux rsync sasl2-bin sqlite3 sudo unixodbc" export RUNTIME_APT_DEPS @@ -1031,7 +1031,7 @@ RUN echo "Base image version: ${PYTHON_BASE_IMAGE}" ARG DEV_APT_COMMAND="" ARG ADDITIONAL_DEV_APT_COMMAND="" ARG ADDITIONAL_DEV_ENV_VARS="" -ARG ADDITIONAL_DEV_APT_DEPS="bash-completion dumb-init git graphviz gosu krb5-user \ +ARG ADDITIONAL_DEV_APT_DEPS="bash-completion dumb-init git graphviz krb5-user \ less libenchant-2-2 libgcc-11-dev libgeos-dev libpq-dev net-tools netcat-openbsd \ openssh-server postgresql-client software-properties-common rsync tmux unzip vim xxd" diff --git a/INSTALL b/INSTALL index ee63ff12df..1aa8b49fa5 100644 --- a/INSTALL +++ b/INSTALL @@ -11,7 +11,7 @@ systems/prerequisites are known to work: Linux (Debian Bookworm): sudo apt install -y --no-install-recommends apt-transport-https apt-utils ca-certificates \ - curl dumb-init freetds-bin gosu krb5-user libgeos-dev \ + curl dumb-init freetds-bin krb5-user libgeos-dev \ ldap-utils libsasl2-2 libsasl2-modules libxmlsec1 locales libffi8 libldap-2.5-0 libssl3 netcat-openbsd \ lsb-release openssh-client python3-selinux rsync sasl2-bin sqlite3 sudo unixodbc diff --git a/contributing-docs/03_contributors_quick_start.rst b/contributing-docs/03_contributors_quick_start.rst index bed3928d9c..1aa7dd99bf 100644 --- a/contributing-docs/03_contributors_quick_start.rst +++ b/contributing-docs/03_contributors_quick_start.rst @@ -164,7 +164,7 @@ like system, this command will install all necessary dependencies that should be .. code-block:: bash sudo apt install apt-transport-https apt-utils build-essential ca-certificates dirmngr \ - freetds-bin freetds-dev git gosu graphviz graphviz-dev krb5-user ldap-utils libffi-dev \ + freetds-bin freetds-dev git graphviz graphviz-dev krb5-user ldap-utils libffi-dev \ libkrb5-dev libldap2-dev libpq-dev libsasl2-2 libsasl2-dev libsasl2-modules \ libssl-dev locales lsb-release openssh-client sasl2-bin \ software-properties-common sqlite3 sudo unixodbc unixodbc-dev diff --git a/docs/apache-airflow/installation/dependencies.rst b/docs/apache-airflow/installation/dependencies.rst index a17f55d64d..08d491abc6 100644 --- a/docs/apache-airflow/installation/dependencies.rst +++ b/docs/apache-airflow/installation/dependencies.rst @@ -83,7 +83,7 @@ for development and testing as well as production use. .. code-block:: bash sudo apt install -y --no-install-recommends apt-transport-https apt-utils ca-certificates \ - curl dumb-init freetds-bin gosu krb5-user libgeos-dev \ + curl dumb-init freetds-bin krb5-user libgeos-dev \ ldap-utils libsasl2-2 libsasl2-modules libxmlsec1 locales libffi8 libldap-2.5-0 libssl3 netcat-openbsd \ lsb-release openssh-client python3-selinux rsync sasl2-bin sqlite3 sudo unixodbc @@ -98,7 +98,7 @@ for Bullseye and we will only build images and explain system level dependencies .. code-block:: bash sudo apt install -y --no-install-recommends apt-transport-https apt-utils ca-certificates \ - curl dumb-init freetds-bin gosu krb5-user libgeos-dev \ + curl dumb-init freetds-bin krb5-user libgeos-dev \ ldap-utils libsasl2-2 libsasl2-modules libxmlsec1 locales libffi7 libldap-2.4-2 libssl1.1 netcat \ lsb-release openssh-client python3-selinux rsync sasl2-bin sqlite3 sudo unixodbc diff --git a/scripts/docker/install_os_dependencies.sh b/scripts/docker/install_os_dependencies.sh index f848846cb6..283895f1da 100644 --- a/scripts/docker/install_os_dependencies.sh +++ b/scripts/docker/install_os_dependencies.sh @@ -35,7 +35,7 @@ fi function get_dev_apt_deps() { if [[ "${DEV_APT_DEPS=}" == "" ]]; then DEV_APT_DEPS="apt-transport-https apt-utils build-essential ca-certificates dirmngr \ -freetds-bin freetds-dev git gosu graphviz graphviz-dev krb5-user ldap-utils libffi-dev libgeos-dev \ +freetds-bin freetds-dev git graphviz graphviz-dev krb5-user ldap-utils libffi-dev libgeos-dev \ libkrb5-dev libldap2-dev libleveldb1d libleveldb-dev libsasl2-2 libsasl2-dev libsasl2-modules \ libssl-dev libxmlsec1 libxmlsec1-dev locales lsb-release openssh-client pkgconf sasl2-bin \ software-properties-common sqlite3 sudo unixodbc unixodbc-dev zlib1g-dev" @@ -62,7 +62,7 @@ function get_runtime_apt_deps() { echo if [[ "${RUNTIME_APT_DEPS=}" == "" ]]; then RUNTIME_APT_DEPS="apt-transport-https apt-utils ca-certificates \ -curl dumb-init freetds-bin gosu krb5-user libgeos-dev \ +curl dumb-init freetds-bin krb5-user libgeos-dev \ ldap-utils libsasl2-2 libsasl2-modules libxmlsec1 locales ${debian_version_apt_deps} \ lsb-release openssh-client python3-selinux rsync sasl2-bin sqlite3 sudo unixodbc" export RUNTIME_APT_DEPS
