Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Redis Versions List & Entrypoint Implementation for 8.0 #17587

Merged
merged 2 commits into from
Sep 19, 2024
Merged

Update Redis Versions List & Entrypoint Implementation for 8.0 #17587

merged 2 commits into from
Sep 19, 2024

Conversation

adamiBs
Copy link
Contributor

@adamiBs adamiBs commented Sep 19, 2024

  • Removal of Redis 7.0.
  • Replace usage of eval with exec in the entrypoint script to avoid the risk of arbitrary code execution.

Relates to:

@adamiBs
Remove 7.0 and 7.0-alpine versions
62202f8 
Based off of https://github.com/redis/redis/security/policy#supported-versions
@adamiBs
Updated Redis entrypoint
f7337d7 
Replace usage of `eval` with `exec` in the entrypoint script to avoid the risk of arbitrary code execution.
@adamiBs adamiBs requested a review from a team as a code owner September 19, 2024 13:16
@github-actions GitHub Actions
Copy link

Diff for f7337d7: 
diff --git a/_bashbrew-cat b/_bashbrew-cat
index aa426a6..19e4f06 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -11,16 +11,6 @@ Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
 GitCommit: 5f08363e6d64b97a0c2e651f4bdcec6e71a32ab4
 Directory: 6.2/alpine
 
-Tags: 7.0.15, 7.0, 7.0.15-bookworm, 7.0-bookworm
-Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 5f08363e6d64b97a0c2e651f4bdcec6e71a32ab4
-Directory: 7.0/debian
-
-Tags: 7.0.15-alpine, 7.0-alpine, 7.0.15-alpine3.20, 7.0-alpine3.20
-Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 5f08363e6d64b97a0c2e651f4bdcec6e71a32ab4
-Directory: 7.0/alpine
-
 Tags: 7.2.5, 7.2, 7.2.5-bookworm, 7.2-bookworm
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
 GitCommit: 5f08363e6d64b97a0c2e651f4bdcec6e71a32ab4
@@ -44,5 +34,5 @@ Directory: 7.4/alpine
 Tags: 8.0-M01, 8.0-M01-bookworm
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
 GitFetch: refs/heads/release/8.0
-GitCommit: af8fe134a94d9d3ac4c696a5d8fd0096e7df6794
+GitCommit: 1b88507c82861395a5c1b354baab795c73c051e3
 Directory: debian
diff --git a/_bashbrew-list b/_bashbrew-list
index e1c196f..6d72fa5 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -14,14 +14,6 @@ redis:7
 redis:7-alpine
 redis:7-alpine3.20
 redis:7-bookworm
-redis:7.0
-redis:7.0-alpine
-redis:7.0-alpine3.20
-redis:7.0-bookworm
-redis:7.0.15
-redis:7.0.15-alpine
-redis:7.0.15-alpine3.20
-redis:7.0.15-bookworm
 redis:7.2
 redis:7.2-alpine
 redis:7.2-alpine3.20
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index 2ec6767..538cb1d 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -1,7 +1,5 @@
 redis:6-alpine3.20
 redis:6-bookworm
-redis:7.0-alpine3.20
-redis:7.0-bookworm
 redis:7.2-alpine3.20
 redis:7.2-bookworm
 redis:8.0-M01-bookworm
diff --git a/redis_7.0-alpine3.20/Dockerfile b/redis_7.0-alpine3.20/Dockerfile
deleted file mode 100644
index 80aaa20..0000000
diff --git a/redis_7.0-alpine3.20/docker-entrypoint.sh b/redis_7.0-alpine3.20/docker-entrypoint.sh
deleted file mode 100755
index 30406a5..0000000
diff --git a/redis_7.0-bookworm/Dockerfile b/redis_7.0-bookworm/Dockerfile
deleted file mode 100644
index d252fa6..0000000
diff --git a/redis_7.0-bookworm/docker-entrypoint.sh b/redis_7.0-bookworm/docker-entrypoint.sh
deleted file mode 100755
index 30406a5..0000000
diff --git a/redis_8.0-M01-bookworm/docker-entrypoint.sh b/redis_8.0-M01-bookworm/docker-entrypoint.sh
index 114e094..f7d408c 100755
--- a/redis_8.0-M01-bookworm/docker-entrypoint.sh
+++ b/redis_8.0-M01-bookworm/docker-entrypoint.sh
@@ -48,12 +48,13 @@ if [ "$1" = 'redis-server' ]; then
 
 			if [ ! -x "$module" ]; then
 				echo "Warning: Module $module is not executable."
+				continue
 			fi
 			
-			command="$command --loadmodule $module"
+			set -- "$@" --loadmodule "$module"
 		done
 	fi
 fi
 
 
-eval "$command"
\ No newline at end of file
+exec "$@"
\ No newline at end of file

Relevant Maintainers:

tianon
tianon approved these changes Sep 19, 2024
View reviewed changes
Copy link
Member

@tianon tianon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I think you might've left in the command='exec "$@"' line above the for loop, but it should be harmless 👍)

@tianon tianon merged commit 9690406 into docker-library:master Sep 19, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tianon tianon tianon approved these changes

Assignees
No one assigned
Labels
library/redis
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamiBs @tianon