build(docker): harden geo-database downloads in Dockerfile#2294
Open
Tsunami43 wants to merge 1 commit into
Open
build(docker): harden geo-database downloads in Dockerfile#2294Tsunami43 wants to merge 1 commit into
Tsunami43 wants to merge 1 commit into
Conversation
The two `curl` calls that fetch the IP geolocation databases (ip2asn-v4.tsv.gz, countries.csv) had no error or integrity checking: RUN curl https://iptoasn.com/data/ip2asn-v4.tsv.gz -o /tmp/... RUN curl https://storage.googleapis.com/.../countries.csv -o /tmp/... Without `-f`, curl exits 0 on an HTTP 4xx/5xx and writes the error page body into the output file. The build then succeeds and the image silently ships a corrupt geo database. There was also no verification that the downloaded payload is what was expected. Changes: - Add `-fsSL` so curl fails loudly on HTTP errors and follows redirects. - Add `test -s` after each download (and after gunzip) so an empty or truncated file fails the build instead of being baked into the image. - Add optional `IP2ASN_SHA256` / `COUNTRIES_SHA256` build args; when set, the download is checksum-verified with `sha256sum -c`. They default to empty (skipped) because the ip2asn dataset is refreshed upstream frequently, so operators can pin a known-good digest at build time without breaking the default build. Note: the bucket name `lavanet-public-asssets` (triple-s) is the actual GCS bucket and is intentionally left unchanged.
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The two
curlcalls that fetch the IP geolocation databases (ip2asn-v4.tsv.gz, countries.csv) had no error or integrity checking:Without
-f, curl exits 0 on an HTTP 4xx/5xx and writes the error page body into the output file. The build then succeeds and the image silently ships a corrupt geo database. There was also no verification that the downloaded payload is what was expected.Changes:
-fsSLso curl fails loudly on HTTP errors and follows redirects.test -safter each download (and after gunzip) so an empty ortruncated file fails the build instead of being baked into the image.
IP2ASN_SHA256/COUNTRIES_SHA256build args; when set, the download is checksum-verified withsha256sum -c. They default to empty (skipped) because the ip2asn dataset is refreshed upstream frequently, so operators can pin a known-good digest at build time without breaking the default build.