Comments (6)
tonistiigi
commented on June 12, 2024
duplicate of #4482 I think
from buildkit.
fenollp
commented on June 12, 2024
Ah I missed that one sorry.
Could --checksum=.. have some weight in the "Is this legacy behavior due to security reasons?" department?
from buildkit.
tonistiigi
commented on June 12, 2024
No, --checksum is much newer feature than ADD <url>
from buildkit.
fenollp
commented on June 12, 2024
Sorry, I mean can --checksum help solve the (potential?) security issue of extracting some URL?
from buildkit.
tonistiigi
commented on June 12, 2024
I don't get what you mean. --checksum can work with or without unpacking. Verification happens on download of the URL.
from buildkit.
fenollp
commented on June 12, 2024
Sorry again!
I insinuated that, if the reason for legacy code to disallow extracting URLs was because with time the downloaded content can change to something else, the domain point to another host, an attacker does anything, .... then, now that we "recently" introduced --checksum=digest, then today we have a solution to that attack surface.
Thus making the argument that extraction should now be allowed but only for --checksumed URLs and only when a to-be-introduced flag is used.
Would you guys agree with that view?
from buildkit.
Related Issues (20)
- Inconsistencies in RUN mount options parsing/handling HOT 1
- dockerfile: Add integration test for ARG with empty value and default
- [v0.13] It seems that "registry.insecure=true" doesn't work. HOT 7
- buildkit remote cache fails if manifest is larger than 1MB
- Windows buildkit: copy context error HOT 6
- Proposal: lint disable controls HOT 4
- windows differ is not implemented HOT 1
- `FROM --platform=$BUILDPLATFORM a as b` not overriding `TARGETPLATFORM` for multi-stage builds HOT 7
- `checksum`ing "local files" for remote builder contexts HOT 2
- Docker buildkit stuck with high CPU and unresponsive HOT 7
- COPY argument `--chmod` not working on directories
- dockerfile:1.7-labs: COPY fails where there exists broken symbolic link and --exclude is specified
- ResourceExhausted: grpc: received message larger than max (_ vs. 4194304) HOT 1
- COPY creates file with incorrect contents HOT 2
- Th
- Getting error when trying to build multiarch images with an argoworkflow - failed to solve: process "/dev/.buildkit_qemu_emulator HOT 2
- Network Issue with using RUN in dockerfile in Windows Builds HOT 11
- Debug upload to gha cache HOT 1
- Buildkit export getting delayed on exporting layers stage HOT 2
- docs: proposal to raise awareness about an unexpected behavior of COPY --link
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from buildkit.