ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

container: clean apt caches and upgrade setuptools for CVE fix

Browse Source
This commit is contained in:
Username
2026-01-18 10:44:24 +01:00
parent eb60193348
commit ba0e591dda
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Containerfile
View File

@@ -7,15 +7,19 @@ FROM python:3.11-slim AS builder
WORKDIR /build
# Install build dependencies
# Install build dependencies and clean up
RUN apt-get update && apt-get install -y --no-install-recommends \
gcc \
&& rm -rf /var/lib/apt/lists/*
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Create virtual environment
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
# Upgrade pip/setuptools first (pulls in security-fixed jaraco.context)
RUN pip install --no-cache-dir --upgrade pip setuptools wheel
# Install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt gunicorn
@@ -27,8 +31,9 @@ FROM python:3.11-slim
LABEL maintainer="FlaskPaste"
LABEL description="Lightweight secure pastebin REST API"
# Create non-root user
RUN groupadd -r flaskpaste && useradd -r -g flaskpaste flaskpaste
# Clean base image caches and create non-root user
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& groupadd -r flaskpaste && useradd -r -g flaskpaste flaskpaste
# Copy virtual environment from builder
COPY --from=builder /opt/venv /opt/venv