[bitnami/nginx] Release 1.23.4-debian-11-r18 (#34540)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2023-05-19 08:02:40 +01:00 · 2023-05-19 08:02:40 +01:00 · 5947056853
parent 2d085397c2
commit 5947056853
3 changed files with 15 additions and 4 deletions
--- a/bitnami/nginx/1.23/debian-11/Dockerfile
+++ b/bitnami/nginx/1.23/debian-11/Dockerfile
@ -3,10 +3,10 @@ FROM docker.io/bitnami/minideb:bullseye
 ARG TARGETARCH

 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-05-16T06:25:42Z" \
+      org.opencontainers.image.created="2023-05-19T06:48:34Z" \
      org.opencontainers.image.description="Application packaged by VMware, Inc" \
      org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="1.23.4-debian-11-r17" \
+      org.opencontainers.image.ref.name="1.23.4-debian-11-r18" \
      org.opencontainers.image.title="nginx" \
      org.opencontainers.image.vendor="VMware, Inc." \
      org.opencontainers.image.version="1.23.4"
@ -19,7 +19,7 @@ ENV HOME="/" \
 COPY prebuildfs /
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # Install required system packages and dependencies
-RUN install_packages ca-certificates curl libcrypt1 libgeoip1 libpcre3 libssl1.1 procps zlib1g
+RUN install_packages ca-certificates curl libcrypt1 libgeoip1 libpcre3 libssl1.1 openssl procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
    COMPONENTS=( \
      "render-template-1.0.5-5-linux-${OS_ARCH}-debian-11" \
--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh
@ -652,7 +652,12 @@ nginx_generate_sample_certs() {
            SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1"
            rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE"
            openssl genrsa -out "$SSL_KEY_FILE" 4096
-            openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT"
+            # OpenSSL version 1.0.x does not use the same parameters as OpenSSL >= 1.1.x
+            if [[ "$(openssl version | grep -oE "[0-9]+\.[0-9]+")" == "1.0" ]]; then
+                openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ"
+            else
+                openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT"
+            fi
            openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT")
            rm -f "$SSL_CSR_FILE"
        else
--- a/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh
+++ b/bitnami/nginx/1.23/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh
@ -64,3 +64,9 @@ ln -sf /certs "${NGINX_CONF_DIR}/bitnami/certs"

 ln -sf "/dev/stdout" "${NGINX_LOGS_DIR}/access.log"
 ln -sf "/dev/stderr" "${NGINX_LOGS_DIR}/error.log"
+
+# This file is necessary for avoiding the error
+# "unable to write random state"
+# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean
+
+touch /.rnd && chmod g+rw /.rnd