From cec8a552a41864e7838ed6c93e2284d0665584e9 Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Mon, 12 Aug 2024 14:46:53 +0100 Subject: [PATCH] pin wafv5 module (#6167) --- build/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index cb1993de71..eecb2c4cee 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -198,7 +198,7 @@ RUN --mount=type=bind,from=alpine-fips-3.17,target=/tmp/fips/ \ && cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \ && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && ldconfig /usr/local/lib/ \ - && apk add --no-cache app-protect-module-plus \ + && apk add --no-cache app-protect-module-plus~=32.5.48 \ && sed -i -e '/nginx.com/d' /etc/apk/repositories \ && nap-waf.sh \ && if [ "${NGINX_AGENT}" = "true" ]; then \ @@ -299,7 +299,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && apt-get update \ && if [ "${NGINX_AGENT}" = "true" ]; then apt-get install --no-install-recommends --no-install-suggests -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus; \ + apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=32+5.48*; \ rm -f /etc/apt/sources.list.d/app-protect.sources; \ nap-waf.sh; \ fi \ @@ -442,7 +442,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ cp /tmp/app-protect-9.repo /etc/yum.repos.d/app-protect-9.repo \ - && microdnf --enablerepo=codeready-builder-for-rhel-9-x86_64-rpms --nodocs install -y app-protect-module-plus \ + && microdnf --enablerepo=codeready-builder-for-rhel-9-x86_64-rpms --nodocs install -y app-protect-module-plus-32+5.48* \ && rm -f /etc/yum.repos.d/app-protect-9.repo \ && nap-waf.sh \ && rm -f /etc/yum.repos.d/app-protect-9.repo; \ @@ -518,7 +518,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && dnf clean all -############################################# Base image for UBI with NGINX Plus and App Protect WAFv5 ############################################# +############################################# Base image for UBI8 with NGINX Plus and App Protect WAFv5 ############################################# FROM redhat/ubi8@sha256:44d75007b39e0e1bbf1bcfd0721245add54c54c3f83903f8926fb4bef6827aa2 AS ubi-8-plus-nap-v5 ARG NAP_MODULES ARG NGINX_AGENT @@ -553,7 +553,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && dnf config-manager --set-enabled codeready-builder-for-rhel-8-x86_64-rpms \ && dnf --nodocs install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - dnf --nodocs install -y app-protect-module-plus; \ + dnf --nodocs install -y app-protect-module-plus-32+5.48*; \ fi \ && subscription-manager unregister \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \