[checkmk-commits] [tribe29/checkmk] cbf691: Remove unnecessary build arg

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: cbf691950e07186475de0f703dce297b3414ed09 https://github.com/tribe29/checkmk/commit/cbf691950e07186475de0f703dce297b3… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-10-25 (Tue, 25 Oct 2022) Changed paths: M tests/docker/test_docker.py Log Message: ----------- Remove unnecessary build arg The download credentials are downloaded by a sidecar container, so this arg is not used. Change-Id: I1fe16823e8c73fcc05f33b205086f7acb94c6ab1 Commit: 0eac0636f7f87e7c573ec239d29d3582978815d4 https://github.com/tribe29/checkmk/commit/0eac0636f7f87e7c573ec239d29d35829… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-10-25 (Tue, 25 Oct 2022) Changed paths: M docker/Dockerfile Log Message: ----------- Make CREDENTIALS_URL a build_arg When trying to build the container locally the network setup is kinda difficult. Now you can have a *python SimpleHTTPServer* aka `python -m http.server 8000` running and serving the secret file. Change-Id: I15ed06b95e4e0e4c65bffc43ea872e0fcd57ff70 Commit: 80fc4b8883afcac0f3f043b7d6ccb9e7edda43b1 https://github.com/tribe29/checkmk/commit/80fc4b8883afcac0f3f043b7d6ccb9e7e… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2022-10-25 (Tue, 25 Oct 2022) Changed paths: A .werks/14918 M buildscripts/docker_image_aliases/IMAGE_CMK_BASE/Dockerfile M buildscripts/docker_image_aliases/IMAGE_CMK_BASE/meta.yml M docker/Dockerfile M docker/Makefile M tests/docker/test_docker.py Log Message: ----------- 14918 SEC Change base image of docker container With this Werk we change the base image of the Checkmk docker container from Debian buster to Ubuntu jammy. Ubuntu jammy has more up to date packages. This should reduce the amount of "vulnerabilities" found in the docker container by ~90%. Please note that these vulnerabilities are either fixed by a backport of the fix or the configuration did not allow a exploitation. The packages in the container were updated whenever a new container was build. Unfortunately not all vulnerability-scanners were able to recognise this. To our knowledge none of the vulnerabilities were exploitable. We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). This CVSS is primarily meant to please automatic scanners. Change-Id: I9129099f9f5bb814c3c9a5893f7be1229eaa7d8d Compare: https://github.com/tribe29/checkmk/compare/4ad899a88e99...80fc4b8883af