Werk #10385: Do not expose download credentials to the image history
Komponente | Other components |
Titel | Do not expose download credentials to the image history |
Datum | 06.11.2019 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.6.0p7 2.0.0i1 |
Level | Kleine Änderung |
Klasse | Bugfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
The previous "docker build" mechanism was using docker build arguments for handing over the Checkmk enterprise download credentials to the docker image build procedure. This was making the credentials available in the meta information of the docker image, which may not be acceptable in many situations.
If you simply want to use the Checkmk docker container, you don't need to care about the details below. This is just relevant for the ones building own docker images with Checkmk using the standard build logic.
This change switches the image build logic to use a small busybox based container during image building that manages the secret download credentials and provides it to the "docker build" command. These containers will either be stopped and removed after the build finished successfully or after 180 seconds.
If you build images on your own, you don't have to change anything if you use our build logic (docker/Makefile).