go.mod: bump osbuild/images to 0.55

2024-04-13 15:47:23 +02:00 · 2024-04-13 15:47:23 +02:00 · 22140aa7c9
commit 22140aa7c9
parent eab44ca8a8
700 changed files with 30353 additions and 27556 deletions
--- a/vendor/github.com/vmware/govmomi/Dockerfile.govc
+++ b/vendor/github.com/vmware/govmomi/Dockerfile.govc
@ -0,0 +1,45 @@
+# Create a builder container
+# golang:1.18.0-buster amd64
+FROM golang@sha256:7d39537344486528f8cdb3bd8adb98ab7f0f4236044b6944fed8631da35a4ce5 AS build
+WORKDIR /go/src/app
+
+# Create appuser to isolate potential vulnerabilities
+# See https://stackoverflow.com/a/55757473/12429735
+ENV USER=appuser
+ENV UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
+# Create a new tmp directory so no bad actors can manipulate it
+RUN mkdir /temporary-tmp-directory && chmod 777 /temporary-tmp-directory
+
+###############################################################################
+# Final stage
+FROM scratch
+
+# Allow container to use latest TLS certificates
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+# Copy over appuser to run as non-root
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
+
+# Copy over the /tmp directory for golang/os.TmpDir
+COPY --chown=appuser --from=build /temporary-tmp-directory /tmp
+
+# Copy application from external build
+COPY govc /govc
+
+# Run all commands as non-root
+USER appuser:appuser
+
+# session cache, etc
+ENV GOVMOMI_HOME=/tmp
+
+# Set CMD to application with container defaults
+CMD ["/govc"]