| Message ID | 20260518-prserv-v1-1-9625c3239954@pbarker.dev |
|---|---|
| State | New |
| Headers | show |
| Series | prserv/Dockerfile: Update to Alpine 3.23 | expand |
Hi Paul, On 5/18/26 11:15 AM, Paul Barker via lists.openembedded.org wrote: > Alpine 3.13 is long obsolete, update to use the current version of > Alpine as our base image > > Signed-off-by: Paul Barker <paul@pbarker.dev> > --- > contrib/prserv/Dockerfile | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/contrib/prserv/Dockerfile b/contrib/prserv/Dockerfile > index 9585fe3f076c..c630ce99722f 100644 > --- a/contrib/prserv/Dockerfile > +++ b/contrib/prserv/Dockerfile > @@ -28,7 +28,7 @@ > # prserv > # > > -FROM alpine:3.14.4 > +FROM alpine:3.23 > FYI, these are "tags" but they have the same meaning as in git. They aren't immutable and they actually are very often changed to point to a different layer. e.g. 3.23 currently points at the same layer as 3.23.4, but a month ago it very likely was pointing at 3.23.3. The only way to work around this limitation (if desired) is to use the digest value of the tag as argument, this guarantees that alpine:3.23 is the same from any machine and does not depend on when it was first pulled or whether --pull=always was passed. I'm not sure this is a necessity here but wanted to bring this up :) Cheers, Quentin
On Mon, 2026-05-18 at 12:28 +0200, Quentin Schulz wrote: > Hi Paul, > > On 5/18/26 11:15 AM, Paul Barker via lists.openembedded.org wrote: > > Alpine 3.13 is long obsolete, update to use the current version of > > Alpine as our base image > > > > Signed-off-by: Paul Barker <paul@pbarker.dev> > > --- > > contrib/prserv/Dockerfile | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/contrib/prserv/Dockerfile b/contrib/prserv/Dockerfile > > index 9585fe3f076c..c630ce99722f 100644 > > --- a/contrib/prserv/Dockerfile > > +++ b/contrib/prserv/Dockerfile > > @@ -28,7 +28,7 @@ > > # prserv > > # > > > > -FROM alpine:3.14.4 > > +FROM alpine:3.23 > > > > FYI, these are "tags" but they have the same meaning as in git. They > aren't immutable and they actually are very often changed to point to a > different layer. > > e.g. 3.23 currently points at the same layer as 3.23.4, but a month ago > it very likely was pointing at 3.23.3. > > The only way to work around this limitation (if desired) is to use the > digest value of the tag as argument, this guarantees that alpine:3.23 is > the same from any machine and does not depend on when it was first > pulled or whether --pull=always was passed. > > I'm not sure this is a necessity here but wanted to bring this up :) Hi Quentin, We do want to pick up the latest updates in the Alpine 3.23 series when this container image is built. What we don't want is to automatically jump to 3.24 or later without some human review as that may need some other changes to be made in the Dockerfile. Best regards,
Hi Paul, On 5/18/26 12:31 PM, Paul Barker wrote: > On Mon, 2026-05-18 at 12:28 +0200, Quentin Schulz wrote: >> Hi Paul, >> >> On 5/18/26 11:15 AM, Paul Barker via lists.openembedded.org wrote: >>> Alpine 3.13 is long obsolete, update to use the current version of >>> Alpine as our base image >>> >>> Signed-off-by: Paul Barker <paul@pbarker.dev> >>> --- >>> contrib/prserv/Dockerfile | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/contrib/prserv/Dockerfile b/contrib/prserv/Dockerfile >>> index 9585fe3f076c..c630ce99722f 100644 >>> --- a/contrib/prserv/Dockerfile >>> +++ b/contrib/prserv/Dockerfile >>> @@ -28,7 +28,7 @@ >>> # prserv >>> # >>> >>> -FROM alpine:3.14.4 >>> +FROM alpine:3.23 >>> >> >> FYI, these are "tags" but they have the same meaning as in git. They >> aren't immutable and they actually are very often changed to point to a >> different layer. >> >> e.g. 3.23 currently points at the same layer as 3.23.4, but a month ago >> it very likely was pointing at 3.23.3. >> >> The only way to work around this limitation (if desired) is to use the >> digest value of the tag as argument, this guarantees that alpine:3.23 is >> the same from any machine and does not depend on when it was first >> pulled or whether --pull=always was passed. >> >> I'm not sure this is a necessity here but wanted to bring this up :) > > Hi Quentin, > > We do want to pick up the latest updates in the Alpine 3.23 series when > this container image is built. What we don't want is to automatically > jump to 3.24 or later without some human review as that may need some > other changes to be made in the Dockerfile. > Yup, :latest for sure is a bad idea. Note that by default docker/podman will not pull a newer image base if there's one available locally already. The pull policy for podman-build by default is missing: • missing: Only pull the image when it does not exist in the local containers storage. Throw an error if no image is found and the pull fails. You likely want --pull=always or --pull=newer. docker-buildx has a --pull argument (which doesn't accept an argument) to "Always attempt to pull all referenced images" which I'm assuming means the default is the same as podman-build's and passing --pull would be equivalent to podman-build's --pull=always. Cheers, Quentin
diff --git a/contrib/prserv/Dockerfile b/contrib/prserv/Dockerfile index 9585fe3f076c..c630ce99722f 100644 --- a/contrib/prserv/Dockerfile +++ b/contrib/prserv/Dockerfile @@ -28,7 +28,7 @@ # prserv # -FROM alpine:3.14.4 +FROM alpine:3.23 RUN apk add --no-cache python3
Alpine 3.13 is long obsolete, update to use the current version of Alpine as our base image Signed-off-by: Paul Barker <paul@pbarker.dev> --- contrib/prserv/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- base-commit: f903a5595c5f22f15530304bd5f058026390c4e2 change-id: 20260518-prserv-6983dde69553 Best regards, -- Paul Barker