2022-03-17 05:37:08 -04:00
|
|
|
# syntax=docker/dockerfile:1
|
2021-07-22 08:48:09 -04:00
|
|
|
|
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:19:38 -04:00
|
|
|
ARG GO_VERSION=1.19.1
|
2019-07-18 05:13:45 -04:00
|
|
|
|
2022-08-16 19:06:06 -04:00
|
|
|
ARG BUILDX_VERSION=0.9.0
|
2022-02-03 04:37:55 -05:00
|
|
|
FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx
|
|
|
|
|
|
2020-08-28 07:12:07 -04:00
|
|
|
FROM golang:${GO_VERSION}-alpine AS golang
|
|
|
|
|
ENV CGO_ENABLED=0
|
|
|
|
|
|
Use gofumpt if available, and enable gofumpt linter
gofumpt provides a supserset of gofmt / go fmt, but not every developer may have
it installed, so for situations where it's not available, fall back to gofmt.
As our code has been formatted with gofumpt already, in most cases contributions
will follow those formatting rules, but in some cases there may be a difference,
which would already be flagged by manual code review, but let's also enable the
gofumpt linter.
With this change, `make fmt` will use gofumpt is available; gofumpt has been
added to the dev-container, so `make -f docker.Makefile fmt` will always use it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 07:10:53 -04:00
|
|
|
FROM golang AS gofumpt
|
|
|
|
|
ARG GOFUMPT_VERSION=v0.4.0
|
|
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
|
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
|
|
|
|
--mount=type=tmpfs,target=/go/src/ \
|
|
|
|
|
GO111MODULE=on go install "mvdan.cc/gofumpt@${GOFUMPT_VERSION}" \
|
|
|
|
|
&& gofumpt --version
|
|
|
|
|
|
2020-08-28 07:12:07 -04:00
|
|
|
FROM golang AS gotestsum
|
2020-08-28 07:16:28 -04:00
|
|
|
ARG GOTESTSUM_VERSION=v0.4.0
|
2020-08-28 07:20:11 -04:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
|
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
|
|
|
|
--mount=type=tmpfs,target=/go/src/ \
|
2021-07-15 09:15:38 -04:00
|
|
|
GO111MODULE=on go install gotest.tools/gotestsum@${GOTESTSUM_VERSION}
|
2020-08-28 07:12:07 -04:00
|
|
|
|
2021-10-11 10:54:09 -04:00
|
|
|
FROM golang AS goversioninfo
|
|
|
|
|
ARG GOVERSIONINFO_VERSION=v1.3.0
|
|
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
|
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
|
|
|
|
--mount=type=tmpfs,target=/go/src/ \
|
|
|
|
|
GO111MODULE=on go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@${GOVERSIONINFO_VERSION}
|
|
|
|
|
|
2020-08-28 07:12:07 -04:00
|
|
|
FROM golang AS dev
|
|
|
|
|
RUN apk add --no-cache \
|
|
|
|
|
bash \
|
|
|
|
|
build-base \
|
|
|
|
|
ca-certificates \
|
|
|
|
|
coreutils \
|
|
|
|
|
curl \
|
2022-04-06 12:54:32 -04:00
|
|
|
git \
|
|
|
|
|
jq \
|
|
|
|
|
nano
|
2020-08-28 07:12:07 -04:00
|
|
|
|
2022-04-06 12:54:32 -04:00
|
|
|
RUN echo -e "\nYou are now in a development container. Run '\e\033[1mmake help\e\033[0m' to learn about\navailable make targets.\n" > /etc/motd \
|
|
|
|
|
&& echo -e "cat /etc/motd\nPS1=\"\e[0;32m\u@docker-cli-dev\\$ \e[0m\"" >> /root/.bashrc
|
2020-08-28 07:19:09 -04:00
|
|
|
CMD bash
|
2020-08-28 07:12:07 -04:00
|
|
|
ENV DISABLE_WARN_OUTSIDE_CONTAINER=1
|
|
|
|
|
ENV PATH=$PATH:/go/src/github.com/docker/cli/build
|
|
|
|
|
|
2022-02-03 04:37:55 -05:00
|
|
|
COPY --from=buildx /buildx /usr/libexec/docker/cli-plugins/docker-buildx
|
Use gofumpt if available, and enable gofumpt linter
gofumpt provides a supserset of gofmt / go fmt, but not every developer may have
it installed, so for situations where it's not available, fall back to gofmt.
As our code has been formatted with gofumpt already, in most cases contributions
will follow those formatting rules, but in some cases there may be a difference,
which would already be flagged by manual code review, but let's also enable the
gofumpt linter.
With this change, `make fmt` will use gofumpt is available; gofumpt has been
added to the dev-container, so `make -f docker.Makefile fmt` will always use it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 07:10:53 -04:00
|
|
|
COPY --from=gofumpt /go/bin/* /go/bin/
|
2021-10-11 10:54:09 -04:00
|
|
|
COPY --from=gotestsum /go/bin/* /go/bin/
|
|
|
|
|
COPY --from=goversioninfo /go/bin/* /go/bin/
|
2020-08-28 07:12:07 -04:00
|
|
|
|
2017-04-18 19:12:24 -04:00
|
|
|
WORKDIR /go/src/github.com/docker/cli
|
2021-07-15 09:15:38 -04:00
|
|
|
ENV GO111MODULE=auto
|
2020-08-28 07:12:07 -04:00
|
|
|
COPY . .
|
