Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dockerfile编写时软件包版本固定的规范讨论 #198

Open
x0day opened this issue May 12, 2020 · 2 comments
Open

Dockerfile编写时软件包版本固定的规范讨论 #198

x0day opened this issue May 12, 2020 · 2 comments
Labels
In Progress

Comments

@x0day
Copy link

x0day commented May 12, 2020

测试之前历史漏洞的时候,需要进行一些地方的微调,然后就发现历史的dockerfile现在已经无法重新编译。

比如这里

https://github.com/vulhub/vulhub/blob/master/base/thinkphp/5.0.9/Dockerfile

出错的原因是当前写dockerfile的时候,安装composer直接用的是最新版,所以当现在再去编译的时候依然拉取的是composer最新版,导致最后安装出现了不兼容的问题。

image

所以考虑到这个项目能够尽可能的复现历史场景,在写dockerfile的时候应该注意某些包的版本固定问题。

需要重新固定composer的版本

RUN set -ex \
    && cd /var/www \
    && curl -#sSL https://getcomposer.org/download/1.7.3/composer.phar -o composer.phar \
    && php composer.phar install \
    && chown www-data:www-data -R .
@phith0n phith0n mentioned this issue Jun 9, 2020
Open
@phith0n
Copy link
Member

phith0n commented Jun 9, 2020

不过我发现你截图里只是个警告,也没有导致编译失败

@x0day
Copy link
Author

x0day commented Jun 11, 2020

不过我发现你截图里只是个警告,也没有导致编译失败

截图里是我进到现在线上的image里查看composer版本时的警告,你拿着上面说的dockerfile再编译一遍就会发现问题了。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
In Progress
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phith0n @x0day