Skip to content

Remove gosu in favour of alpines iputils-ping #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Remove gosu in favour of alpines iputils-ping #77

wants to merge 1 commit into from

Conversation

@CRCinAU
Copy link

@CRCinAU CRCinAU commented Aug 25, 2024

Not only is the iputils-ping package smaller, it correctly works within a docker container.

The side effect of removing gosu is that docker containers built without it show ~52 fewer security vulnerabilities without the gosu binary installed.

While the author of gosu says this isn't a problem anyway, its just a bad practice. As such, we end up with a smaller window for issues, and a smaller container size as a bonus.

@CRCinAU
Remove gosu in favour of alpines iputils-ping
c943492 
Not only is the iputils-ping package smaller, it correctly works
within a docker container.

The side effect of removing gosu is that docker containers built
without it show ~52 fewer security vulnerabilities without the
gosu binary installed.

While the author of gosu says this isn't a problem anyway, its
just a bad practice. As such, we end up with a smaller window
for issues, and a smaller container size as a bonus.
@manios
Copy link
Owner

manios commented Aug 30, 2024

Ηι @CRCinAU !

Thank you for your contribution! At the moment I cannot merge it because the package is not available in Alpine 3.12 as you can see here. As soon as #45 is unblocked we will test and merge it .

Thanks!

@CRCinAU
Copy link
Author

CRCinAU commented Aug 30, 2024

Ah - I totally missed this as I only run on x86_64 - so I bumped all the way to alpine:edge because I use perl-string-random that doesn't seem to appear in anything else. In reality, I probably should just fix that perl code I use for checking a SIP service to generate a random string without using String::Random.

I'm not sure I have an arm system I can test things beyond alpine:3.12 to confirm your findings, but I'll see what I can do...

@manios
Copy link
Owner

manios commented Apr 10, 2025
edited
Loading

Hi @CRCinAU !

Since nagioscore #1025 will take some time to be fixed , we will follow the "mixed" mode:

  • Use Alpine 3.21 as base image for amd64, i386, arm64. Until nagioscore #1025 is fixed, we are going to use 3.12 as base image for arm/v6 and arm/v7. (#92)

I have released build-30 2 hours ago which uses the native Alpine ping without gosu. Can you please execute docker pull manios/nagios:latest and try again?

Thanks!

@CRCinAU
Copy link
Author

CRCinAU commented Apr 11, 2025

Hi @manios,

I updated, and the only difference I can see now is that bash isn't included by default.

While that's ok, it may cause a number of custom plugins to fail. I just installed it in my init-script that adds some other things on container start too.

@manios
Copy link
Owner

manios commented Dec 1, 2025
edited
Loading

Hi @CRCinAU !

Since Build 29 (commit f8680f8) the image stopped using gosu and worked without the need of iputils-ping. Therefore, I think that this PR is redundant at the moment. If is needed in the future we can add it.

Thank you for your time,
Best regards,
Chris

@manios manios closed this Dec 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CRCinAU @manios