nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docker: add apt-get upgrade to all Dockerfiles (#45384) 

* docker: add apt-get upgrade to patch base-image vulnerabilities

Closes #45159

* docker: add DEBIAN_FRONTEND and --no-install-recommends to apt-get upgrade

Prevents debconf hangs during Docker builds and avoids pulling in
recommended packages that silently grow the image.

Co-Authored-By: Claude <noreply@anthropic.com>

* Revert "docker: add DEBIAN_FRONTEND and --no-install-recommends to apt-get upgrade"

This reverts commit 6fc3839cb5.

* docker: add DEBIAN_FRONTEND and --no-install-recommends to apt-get upgrade

Prevents debconf hangs during Docker builds and avoids pulling in
recommended packages that silently grow the image.

Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Jacob Tomlinson 2026-03-13 23:23:02 +00:00 committed by GitHub
parent 1803d16d5c
commit 63802c1112
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -132,6 +132,7 @@ WORKDIR /app
RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \ RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,id=openclaw-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \ --mount=type=cache,id=openclaw-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \
apt-get update && \ apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --no-install-recommends && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
procps hostname curl git openssl procps hostname curl git openssl

1
Dockerfile.sandbox
View File

@ -7,6 +7,7 @@ ENV DEBIAN_FRONTEND=noninteractive
RUN --mount=type=cache,id=openclaw-sandbox-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \ RUN --mount=type=cache,id=openclaw-sandbox-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,id=openclaw-sandbox-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \ --mount=type=cache,id=openclaw-sandbox-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \
apt-get update \ apt-get update \
&& apt-get upgrade -y --no-install-recommends \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
bash \ bash \
ca-certificates \ ca-certificates \

1
Dockerfile.sandbox-browser
View File

@ -7,6 +7,7 @@ ENV DEBIAN_FRONTEND=noninteractive
RUN --mount=type=cache,id=openclaw-sandbox-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \ RUN --mount=type=cache,id=openclaw-sandbox-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,id=openclaw-sandbox-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \ --mount=type=cache,id=openclaw-sandbox-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \
apt-get update \ apt-get update \
&& apt-get upgrade -y --no-install-recommends \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
bash \ bash \
ca-certificates \ ca-certificates \

1
Dockerfile.sandbox-common
View File

@ -24,6 +24,7 @@ ENV PATH=${BUN_INSTALL_DIR}/bin:${BREW_INSTALL_DIR}/bin:${BREW_INSTALL_DIR}/sbin
RUN --mount=type=cache,id=openclaw-sandbox-common-apt-cache,target=/var/cache/apt,sharing=locked \ RUN --mount=type=cache,id=openclaw-sandbox-common-apt-cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,id=openclaw-sandbox-common-apt-lists,target=/var/lib/apt,sharing=locked \ --mount=type=cache,id=openclaw-sandbox-common-apt-lists,target=/var/lib/apt,sharing=locked \
apt-get update \ apt-get update \
&& apt-get upgrade -y --no-install-recommends \
&& apt-get install -y --no-install-recommends ${PACKAGES} && apt-get install -y --no-install-recommends ${PACKAGES}
RUN if [ "${INSTALL_PNPM}" = "1" ]; then npm install -g pnpm; fi RUN if [ "${INSTALL_PNPM}" = "1" ]; then npm install -g pnpm; fi

1
scripts/docker/cleanup-smoke/Dockerfile
View File

@ -5,6 +5,7 @@ FROM node:24-bookworm-slim@sha256:b4687aef2571c632a1953695ce4d61d6462a7eda471fe6
RUN --mount=type=cache,id=openclaw-cleanup-smoke-apt-cache,target=/var/cache/apt,sharing=locked \ RUN --mount=type=cache,id=openclaw-cleanup-smoke-apt-cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,id=openclaw-cleanup-smoke-apt-lists,target=/var/lib/apt,sharing=locked \ --mount=type=cache,id=openclaw-cleanup-smoke-apt-lists,target=/var/lib/apt,sharing=locked \
apt-get update \ apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --no-install-recommends \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
bash \ bash \
ca-certificates \ ca-certificates \

1
scripts/docker/install-sh-e2e/Dockerfile
View File

@ -5,6 +5,7 @@ FROM node:24-bookworm-slim@sha256:b4687aef2571c632a1953695ce4d61d6462a7eda471fe6
RUN --mount=type=cache,id=openclaw-install-sh-e2e-apt-cache,target=/var/cache/apt,sharing=locked \ RUN --mount=type=cache,id=openclaw-install-sh-e2e-apt-cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,id=openclaw-install-sh-e2e-apt-lists,target=/var/lib/apt,sharing=locked \ --mount=type=cache,id=openclaw-install-sh-e2e-apt-lists,target=/var/lib/apt,sharing=locked \
apt-get update \ apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --no-install-recommends \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
bash \ bash \
ca-certificates \ ca-certificates \

1
scripts/docker/install-sh-nonroot/Dockerfile
View File

@ -11,6 +11,7 @@ RUN --mount=type=cache,id=openclaw-install-sh-nonroot-apt-cache,target=/var/cach
if [ "${attempt}" -eq 3 ]; then exit 1; fi; \ if [ "${attempt}" -eq 3 ]; then exit 1; fi; \
sleep 3; \ sleep 3; \
done; \ done; \
DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::Retries=3 upgrade -y --no-install-recommends; \
apt-get -o Acquire::Retries=3 install -y --no-install-recommends \ apt-get -o Acquire::Retries=3 install -y --no-install-recommends \
bash \ bash \
ca-certificates \ ca-certificates \

1
scripts/docker/install-sh-smoke/Dockerfile
View File

@ -11,6 +11,7 @@ RUN --mount=type=cache,id=openclaw-install-sh-smoke-apt-cache,target=/var/cache/
if [ "${attempt}" -eq 3 ]; then exit 1; fi; \ if [ "${attempt}" -eq 3 ]; then exit 1; fi; \
sleep 3; \ sleep 3; \
done; \ done; \
DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::Retries=3 upgrade -y --no-install-recommends; \
apt-get -o Acquire::Retries=3 install -y --no-install-recommends \ apt-get -o Acquire::Retries=3 install -y --no-install-recommends \
bash \ bash \
ca-certificates \ ca-certificates \