We use cookies to ensure that we give you the best experience on our website.  Visit our Privacy Policy to learn more. If you continue to use this site, we will assume that you are okay with it.

Your choices regarding cookies on this site.
Your preferences have been updated.
In order for the changes to take effect completely please clear your browser cookies and cache. Then reload the page.

Werk #10385: Do not expose download credentials to the image history

Componentpackages
TitleDo not expose download credentials to the image history
Date2019-11-06 17:00:50
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version1.6.0p7,1.7.0i1
LevelTrivial Change
ClassBug Fix
CompatibilityCompatible - no manual interaction needed

The previous "docker build" mechanism was using docker build arguments for handing over the Checkmk enterprise download credentials to the docker image build procedure. This was making the credentials available in the meta information of the docker image, which may not be acceptable in many situations.

If you simply want to use the Checkmk docker container, you don't need to care about the details below. This is just relevant for the ones building own docker images with Checkmk using the standard build logic.

This change switches the image build logic to use a small busybox based container during image building that manages the secret download credentials and provides it to the "docker build" command. These containers will either be stopped and removed after the build finished successfully or after 180 seconds.

If you build images on your own, you don't have to change anything if you use our build logic (docker/Makefile).