Skip to content

Commit 60c89a3

Browse files
ishaan-jaffishaan-jaff
authored
(Fix) security of base image (BerriAI#7620)
* fix security of base images * fix dockerfile
1 parent 59133e8 commit 60c89a3

File tree

2 files changed

+26
-14
lines changed

2 files changed

+26
-14
lines changed

Dockerfile

+13-7
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,20 @@
11
# Base image for building
2-
ARG LITELLM_BUILD_IMAGE=python:3.13.1-slim
2+
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/python:latest-dev
33

44
# Runtime image
5-
ARG LITELLM_RUNTIME_IMAGE=python:3.13.1-slim
5+
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/python:latest-dev
66
# Builder stage
77
FROM $LITELLM_BUILD_IMAGE AS builder
88

99
# Set the working directory to /app
1010
WORKDIR /app
1111

12+
USER root
13+
1214
# Install build dependencies
13-
RUN apt-get clean && apt-get update && \
14-
apt-get install -y gcc python3-dev && \
15-
rm -rf /var/lib/apt/lists/*
15+
RUN apk update && \
16+
apk add --no-cache gcc python3-dev openssl openssl-dev
17+
1618

1719
RUN pip install --upgrade pip && \
1820
pip install build
@@ -49,8 +51,12 @@ RUN chmod +x docker/build_admin_ui.sh && ./docker/build_admin_ui.sh
4951
# Runtime stage
5052
FROM $LITELLM_RUNTIME_IMAGE AS runtime
5153

52-
# Update dependencies and clean up - handles debian security issue
53-
RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/*
54+
# Ensure runtime stage runs as root
55+
USER root
56+
57+
# Install runtime dependencies
58+
RUN apk update && \
59+
apk add --no-cache openssl
5460

5561
WORKDIR /app
5662
# Copy the current directory contents into the container at /app

docker/Dockerfile.database

+13-7
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,20 @@
11
# Base image for building
2-
ARG LITELLM_BUILD_IMAGE=python:3.13.1-slim
2+
ARG LITELLM_BUILD_IMAGE=cgr.dev/chainguard/python:latest-dev
33

44
# Runtime image
5-
ARG LITELLM_RUNTIME_IMAGE=python:3.13.1-slim
5+
ARG LITELLM_RUNTIME_IMAGE=cgr.dev/chainguard/python:latest-dev
66
# Builder stage
77
FROM $LITELLM_BUILD_IMAGE AS builder
88

99
# Set the working directory to /app
1010
WORKDIR /app
1111

12+
USER root
13+
1214
# Install build dependencies
13-
RUN apt-get clean && apt-get update && \
14-
apt-get install -y gcc python3-dev && \
15-
rm -rf /var/lib/apt/lists/*
15+
RUN apk update && \
16+
apk add --no-cache gcc python3-dev openssl openssl-dev
17+
1618

1719
RUN pip install --upgrade pip && \
1820
pip install build
@@ -38,8 +40,12 @@ RUN pip wheel --no-cache-dir --wheel-dir=/wheels/ -r requirements.txt
3840
# Runtime stage
3941
FROM $LITELLM_RUNTIME_IMAGE AS runtime
4042

41-
# Update dependencies and clean up - handles debian security issue
42-
RUN apt-get update && apt-get upgrade -y && rm -rf /var/lib/apt/lists/*
43+
# Ensure runtime stage runs as root
44+
USER root
45+
46+
# Install runtime dependencies
47+
RUN apk update && \
48+
apk add --no-cache openssl
4349

4450
WORKDIR /app
4551
# Copy the current directory contents into the container at /app

0 commit comments

Comments
 (0)