Skip to content

Commit 3278e6f

Browse files
miller79miller79
authored
Update run.Dockerfile to create dpkg/info/$pkg.list files (#7)
* Updated run.Dockerfile to address OpenSSL CVE scanning issues Updated the run.Dockerfile to include dpkg-deb command to create $pkg.list files * Updated `metadata_tiny_stack_test.go` to include tests for the newly added list files from the run.Dockerfilefile. * Delete stacks/noble-tiny-stack/run.Dockerfile This file shows naming that mentioned the Paketo Buildpacks Full Noble so I believe this file is not needed.
1 parent 5edf014 commit 3278e6f

File tree

3 files changed

+39
-29
lines changed

3 files changed

+39
-29
lines changed

metadata_tiny_stack_test.go

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,12 +118,20 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
118118
ContainSubstring("Architecture: arm64")),
119119
)))
120120

121+
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/info/base-files.list", SatisfyAll(
122+
ContainSubstring("/."),
123+
)))
124+
121125
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/ca-certificates", SatisfyAll(
122126
ContainSubstring("Package: ca-certificates"),
123127
MatchRegexp("Version: [0-9]+"),
124128
ContainSubstring("Architecture: all"),
125129
)))
126130

131+
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/info/ca-certificates.list", SatisfyAll(
132+
ContainSubstring("/."),
133+
)))
134+
127135
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/libc6", SatisfyAll(
128136
ContainSubstring("Package: libc6"),
129137
MatchRegexp("Version: [0-9\\.\\-]+ubuntu[0-9\\.]+"),
@@ -132,6 +140,10 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
132140
ContainSubstring("Architecture: arm64")),
133141
)))
134142

143+
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/info/libc6.list", SatisfyAll(
144+
ContainSubstring("/."),
145+
)))
146+
135147
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/libssl3t64", SatisfyAll(
136148
ContainSubstring("Package: libssl3t64"),
137149
MatchRegexp("Version: [0-9\\.\\-]+ubuntu[0-9\\.]+"),
@@ -140,12 +152,20 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
140152
ContainSubstring("Architecture: arm64")),
141153
)))
142154

155+
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/info/libssl3t64.list", SatisfyAll(
156+
ContainSubstring("/."),
157+
)))
158+
143159
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/netbase", SatisfyAll(
144160
ContainSubstring("Package: netbase"),
145161
MatchRegexp("Version: [0-9\\.]+"),
146162
ContainSubstring("Architecture: all"),
147163
)))
148164

165+
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/info/netbase.list", SatisfyAll(
166+
ContainSubstring("/."),
167+
)))
168+
149169
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/openssl", SatisfyAll(
150170
ContainSubstring("Package: openssl"),
151171
MatchRegexp("Version: [0-9\\.\\-]+ubuntu[0-9\\.]+"),
@@ -154,12 +174,20 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
154174
ContainSubstring("Architecture: arm64")),
155175
)))
156176

177+
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/info/openssl.list", SatisfyAll(
178+
ContainSubstring("/."),
179+
)))
180+
157181
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/tzdata", SatisfyAll(
158182
ContainSubstring("Package: tzdata"),
159183
MatchRegexp("Version: [a-z0-9\\.\\-]+ubuntu[0-9\\.]+"),
160184
ContainSubstring("Architecture: all"),
161185
)))
162186

187+
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/info/tzdata.list", SatisfyAll(
188+
ContainSubstring("/."),
189+
)))
190+
163191
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/status.d/zlib1g", SatisfyAll(
164192
ContainSubstring("Package: zlib1g"),
165193
MatchRegexp("Version: [a-z0-9\\.\\-\\:]+ubuntu[0-9\\.]+"),
@@ -168,6 +196,10 @@ func testMetadataTinyStack(t *testing.T, context spec.G, it spec.S) {
168196
ContainSubstring("Architecture: arm64")),
169197
)))
170198

199+
Expect(image).To(HaveFileWithContent("/var/lib/dpkg/info/zlib1g.list", SatisfyAll(
200+
ContainSubstring("/."),
201+
)))
202+
171203
Expect(image).NotTo(HaveFile("/usr/share/ca-certificates"))
172204

173205
Expect(image).To(HaveFileWithContent("/etc/os-release", SatisfyAll(

stacks/noble-tiny-stack/run.Dockerfile

Lines changed: 0 additions & 27 deletions
This file was deleted.

stacks/noble-tiny-stack/run/run.Dockerfile

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,20 @@ ADD files/passwd /tiny/etc/passwd
1515
ADD files/nsswitch.conf /tiny/etc/nsswitch.conf
1616
ADD files/group /tiny/etc/group
1717

18-
RUN mkdir -p /tiny/tmp /tiny/var/lib/dpkg/status.d/
18+
RUN mkdir -p /tiny/tmp /tiny/var/lib/dpkg/status.d/ /tiny/var/lib/dpkg/info/
1919

2020
# We can't use dpkg -i (even with --instdir=/tiny) because we don't want to
2121
# install the dependencies, and dpkg-deb has no way to ignore all dependencies;
2222
# each dependency must be explicitly listed
2323
RUN apt download $packages \
2424
&& for pkg in $packages; do \
2525
dpkg-deb --field $pkg*.deb > /tiny/var/lib/dpkg/status.d/$pkg \
26-
&& dpkg-deb --extract $pkg*.deb /tiny; \
26+
&& dpkg-deb --extract $pkg*.deb /tiny \
27+
&& dpkg-deb -c $pkg*.deb | \
28+
sed -e 's| -> .*||' \
29+
-e 's|.* ||p' | \
30+
sed -e 's|^\./|/|' \
31+
-e 's|^/$|/.|' > /tiny/var/lib/dpkg/info/$pkg.list; \
2732
done
2833

2934
RUN ./install-certs.sh

0 commit comments

Comments
 (0)