Skip to content

Commit

Permalink
Dockerfile: unpin ca-certificates version
Browse files Browse the repository at this point in the history
this is just unnecessary and insecure
actually you want to use the newest version of ca-certificates
as it might have excluded CAs that lost their private keys

Signed-off-by: Christoph Ostarek <[email protected]>
  • Loading branch information
christoph-zededa committed Sep 10, 2024
1 parent 8bd49ae commit 00a1981
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ RUN make tools OUTDIR=/usr/local/bin

# Deploy the application binaries into a lean image
FROM alpine:3.20
RUN apk --no-cache add ca-certificates=20240226-r0 \
# hadolint ignore=DL3018
RUN apk --no-cache add ca-certificates \
&& update-ca-certificates

COPY --from=builder /usr/local/bin/* /usr/local/bin/
Expand Down

0 comments on commit 00a1981

Please sign in to comment.