p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
73d88f514b6eab63fa879cbc801243ad48e44420
docker-cli/dockerfiles/Dockerfile.dev
Austin Vazquez 6769f62746 update to go1.24.6 
- https://github.com/golang/go/issues?q=milestone%3AGo1.24.6+label%3ACherryPickApproved
- full diff: golang/go@go1.24.5...go1.24.6

These minor releases include 2 security fixes following the security policy:

- os/exec: LookPath may return unexpected paths

If the PATH environment variable contains paths which are executables (rather
than just directories), passing certain strings to LookPath ("", ".", and ".."),
can result in the binaries listed in the PATH being unexpectedly returned.

Thanks to Olivier Mengué for reporting this issue.

This is CVE-2025-47906 and Go issue https://go.dev/issue/74466.

- database/sql: incorrect results returned from Rows.Scan

Cancelling a query (e.g. by cancelling the context passed to one of the query
methods) during a call to the Scan method of the returned Rows can result in
unexpected results if other queries are being made in parallel. This can result
in a race condition that may overwrite the expected results with those of
another query, causing the call to Scan to return either unexpected results
from the other query or an error.

We believe this affects most database/sql drivers.

Thanks to Spike Curtis from Coder for reporting this issue.

This is CVE-2025-47907 and https://go.dev/issue/74831.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.6

Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
2025-08-08 10:15:50 -05:00

91 lines
2.9 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1
ARG GO_VERSION=1.24.6
# ALPINE_VERSION sets the version of the alpine base image to use, including for the golang image.
# It must be a supported tag in the docker.io/library/alpine image repository
# that's also available as alpine image variant for the Golang version used.
ARG ALPINE_VERSION=3.22
# BUILDX_VERSION sets the version of buildx to install in the dev container.
# It must be a valid tag in the docker.io/docker/buildx-bin image repository
# on Docker Hub.
ARG BUILDX_VERSION=0.25.0
FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx
FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS golang
ENV GOTOOLCHAIN=local
ENV CGO_ENABLED=0
FROM golang AS gofumpt
ARG GOFUMPT_VERSION=v0.7.0
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=tmpfs,target=/go/src/ \
GO111MODULE=on go install "mvdan.cc/gofumpt@${GOFUMPT_VERSION}" \
&& gofumpt --version
FROM golang AS gotestsum
# GOTESTSUM_VERSION sets the version of gotestsum to install in the dev container.
# It must be a valid tag in the https://github.com/gotestyourself/gotestsum repository.
ARG GOTESTSUM_VERSION=v1.12.3
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=tmpfs,target=/go/src/ \
GO111MODULE=on go install gotest.tools/gotestsum@${GOTESTSUM_VERSION}
FROM golang AS goversioninfo
ARG GOVERSIONINFO_VERSION=v1.4.1
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=tmpfs,target=/go/src/ \
GO111MODULE=on go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@${GOVERSIONINFO_VERSION}
FROM golang AS dev
RUN apk add --no-cache \
bash \
bash-completion \
build-base \
ca-certificates \
coreutils \
curl \
git \
git-daemon \
jq \
nano
RUN <<-'EOF'
cat > /etc/motd <<-'EOM'
\e[1;32mYou are now in a development container.\e[0m
Run \e[1;36mmake help\e[0m to see available targets.
EOM
cat >> /root/.bashrc <<-'EOB'
# print the MOTD when opening the dev-container (interactive shell only).
if [[ $- == *i* ]] && [[ -z "$MOTD_SHOWN" ]]; then
printf "%b\n" "$(cat /etc/motd)"
export MOTD_SHOWN=1
fi
# set a custom prompt to make it more visible when inside the dev-container.
PS1='\[\e[0;32m\]\u@docker-cli-dev\$ \[\e[0m\]'
# set-up bash completion for testing.
source /etc/bash/bash_completion.sh
EOB
EOF
CMD ["/bin/bash"]
ENV DISABLE_WARN_OUTSIDE_CONTAINER=1
ENV PATH=$PATH:/go/src/github.com/docker/cli/build
COPY --link --from=buildx /buildx /usr/libexec/docker/cli-plugins/docker-buildx
COPY --link --from=gofumpt /go/bin/* /go/bin/
COPY --link --from=gotestsum /go/bin/* /go/bin/
COPY --link --from=goversioninfo /go/bin/* /go/bin/
WORKDIR /go/src/github.com/docker/cli
ENV GO111MODULE=auto
COPY --link . .
Reference in New Issue View Git Blame Copy Permalink