ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

containerfile: consolidate security pins in requirements.txt

Browse Source
This commit is contained in:
Username
2026-01-20 08:20:55 +01:00
parent 677cdff58d
commit 66d7948073
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Containerfile.slim
View File

@@ -18,10 +18,9 @@ RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
RUN pip install --no-cache-dir --upgrade "pip>=25.3" wheel
# Install Python dependencies
# Install Python dependencies (includes security pins from requirements.txt)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt gunicorn && \
pip install --no-cache-dir --upgrade "pip>=25.3" "jaraco.context>=6.1.0"
RUN pip install --no-cache-dir -r requirements.txt gunicorn
# Stage 2: Alpine runtime (minimal)
@@ -30,8 +29,10 @@ FROM python:3.11-alpine
LABEL maintainer="FlaskPaste"
LABEL description="Minimal secure pastebin REST API (Alpine)"
# Upgrade base image pip to fix CVE-2025-8869
RUN pip install --no-cache-dir --upgrade "pip>=25.3" "jaraco.context>=6.1.0"
# Apply security fixes to base image (versions from requirements.txt)
COPY requirements.txt /tmp/
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r /tmp/requirements.txt && rm /tmp/requirements.txt
# Create non-root user
RUN addgroup -g 65532 -S flaskpaste && adduser -u 65532 -S -G flaskpaste flaskpaste