From 298e8896b3f443f8d22c8db8a02aa55bd7f06372 Mon Sep 17 00:00:00 2001 From: abraunegg Date: Fri, 1 Aug 2025 12:08:44 +1000 Subject: [PATCH] Update Debian Dockerfile to use upstream gosu (#3402) * Update Debian Dockerfile to use upstream gosu version rather than Debian provided version --- contrib/docker/Dockerfile-debian | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/contrib/docker/Dockerfile-debian b/contrib/docker/Dockerfile-debian index 9f738b17..65b7cac9 100644 --- a/contrib/docker/Dockerfile-debian +++ b/contrib/docker/Dockerfile-debian @@ -30,7 +30,7 @@ RUN apt-get clean \ && echo "deb http://deb.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/debian-12-backports.list \ && apt-get update \ && apt-get upgrade -y \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gosu libsqlite3-0 ca-certificates libphobos2-ldc-shared100 libdbus-1-3 \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends libsqlite3-0 ca-certificates libphobos2-ldc-shared100 libdbus-1-3 \ # Install|update curl and libcurl4 from backports && apt-get install -t bookworm-backports -y curl libcurl4 \ && rm -rf /var/lib/apt/lists/* \ @@ -38,6 +38,13 @@ RUN apt-get clean \ && /usr/bin/c_rehash \ && mkdir -p /onedrive/conf /onedrive/data +# Install gosu v1.17 from trusted upstream source (built against Go 1.18.2) +RUN set -eux; \ + arch="$(dpkg --print-architecture)"; \ + curl -fsSL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.17/gosu-${arch}"; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true + COPY --from=builder-onedrive /usr/local/bin/onedrive /usr/local/bin/ COPY contrib/docker/entrypoint.sh /