[bitnami/acmesolver,cainjector,cert-manager,cert-manager-webhook] Branch 1.19 is the LTS (#87307)

Signed-off-by: David Gomez <david.gomez@broadcom.com>
2025-10-09 11:14:24 +02:00 · 2025-10-09 11:14:24 +02:00 · f6d035afac
parent a92acefcfa
commit f6d035afac
24 changed files with 40 additions and 536 deletions
--- a/bitnami/acmesolver/1.18/README.md
+++ b/bitnami/acmesolver/1.18/README.md
@ -0,0 +1,10 @@
 # ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
 Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
 - Granting community users access for the first time to security-optimized versions of popular container images.
 - Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
 - Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
 - For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
 These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).
--- a/bitnami/acmesolver/1.18/debian-12/Dockerfile
+++ b/bitnami/acmesolver/1.18/debian-12/Dockerfile
@ -1,55 +0,0 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 FROM docker.io/bitnami/minideb:bookworm
 ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
 ARG TARGETARCH
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
      org.opencontainers.image.created="2025-10-07T20:10:46Z" \
      org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
      org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/acmesolver/README.md" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/acmesolver" \
      org.opencontainers.image.title="acmesolver" \
      org.opencontainers.image.vendor="Broadcom, Inc." \
      org.opencontainers.image.version="1.18.2"
 ENV HOME="/" \
    OS_ARCH="${TARGETARCH:-amd64}" \
    OS_FLAVOUR="debian-12" \
    OS_NAME="linux"
 COPY prebuildfs /
 SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 # Install required system packages and dependencies
 RUN install_packages ca-certificates curl procps
 RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
    DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
    mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
    COMPONENTS=( \
      "acmesolver-1.18.2-7-linux-${OS_ARCH}-debian-12" \
    ) ; \
    for COMPONENT in "${COMPONENTS[@]}"; do \
      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
      fi ; \
      sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
      tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
    done
 RUN apt-get update && apt-get upgrade -y && \
    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
 RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
 RUN uninstall_packages curl
 ENV APP_VERSION="1.18.2" \
    BITNAMI_APP_NAME="acmesolver" \
    IMAGE_REVISION="9" \
    PATH="/opt/bitnami/acmesolver/bin:$PATH"
 WORKDIR /opt/bitnami/acmesolver
 USER 1001
 ENTRYPOINT [ "/opt/bitnami/acmesolver/bin/acmesolver" ]
--- a/bitnami/acmesolver/1.18/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
+++ b/bitnami/acmesolver/1.18/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
@ -1,2 +0,0 @@
 Bitnami containers ship with software bundles. You can find the licenses under:
 /opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt
--- a/bitnami/acmesolver/1.18/debian-12/prebuildfs/usr/sbin/install_packages
+++ b/bitnami/acmesolver/1.18/debian-12/prebuildfs/usr/sbin/install_packages
@ -1,27 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -eu
 n=0
 max=2
 export DEBIAN_FRONTEND=noninteractive
 until [ $n -gt $max ]; do
    set +e
    (
      apt-get update -qq &&
      apt-get install -y --no-install-recommends "$@"
    )
    CODE=$?
    set -e
    if [ $CODE -eq 0 ]; then
        break
    fi
    if [ $n -eq $max ]; then
        exit $CODE
    fi
    echo "apt failed, retrying"
    n=$(($n + 1))
 done
 apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
--- a/bitnami/acmesolver/1.18/debian-12/prebuildfs/usr/sbin/run-script
+++ b/bitnami/acmesolver/1.18/debian-12/prebuildfs/usr/sbin/run-script
@ -1,24 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -u
 if [ $# -eq 0 ]; then
    >&2 echo "No arguments provided"
    exit 1
 fi
 script=$1
 exit_code="${2:-96}"
 fail_if_not_present="${3:-n}"
 if test -f "$script"; then
  sh $script
  if [ $? -ne 0 ]; then
    exit $((exit_code))
  fi
 elif [ "$fail_if_not_present" = "y" ]; then
  >&2 echo "script not found: $script"
  exit 127
 fi
--- a/bitnami/acmesolver/1.18/debian-12/prebuildfs/usr/sbin/uninstall_packages
+++ b/bitnami/acmesolver/1.18/debian-12/prebuildfs/usr/sbin/uninstall_packages
@ -1,26 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -eu
 n=0
 max=2
 export DEBIAN_FRONTEND=noninteractive
 until [ $n -gt $max ]; do
    set +e
    (
        apt-get autoremove --purge -y "$@"
    )
    CODE=$?
    set -e
    if [ $CODE -eq 0 ]; then
        break
    fi
    if [ $n -eq $max ]; then
        exit $CODE
    fi
    echo "apt failed, retrying"
    n=$(($n + 1))
 done
 apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
--- a/bitnami/cainjector/1.18/README.md
+++ b/bitnami/cainjector/1.18/README.md
@ -0,0 +1,10 @@
 # ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
 Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
 - Granting community users access for the first time to security-optimized versions of popular container images.
 - Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
 - Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
 - For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
 These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).
--- a/bitnami/cainjector/1.18/debian-12/Dockerfile
+++ b/bitnami/cainjector/1.18/debian-12/Dockerfile
@ -1,55 +0,0 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 FROM docker.io/bitnami/minideb:bookworm
 ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
 ARG TARGETARCH
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
      org.opencontainers.image.created="2025-10-07T20:35:48Z" \
      org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
      org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cainjector/README.md" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cainjector" \
      org.opencontainers.image.title="cainjector" \
      org.opencontainers.image.vendor="Broadcom, Inc." \
      org.opencontainers.image.version="1.18.2"
 ENV HOME="/" \
    OS_ARCH="${TARGETARCH:-amd64}" \
    OS_FLAVOUR="debian-12" \
    OS_NAME="linux"
 COPY prebuildfs /
 SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 # Install required system packages and dependencies
 RUN install_packages ca-certificates curl procps
 RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
    DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
    mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
    COMPONENTS=( \
      "cainjector-1.18.2-5-linux-${OS_ARCH}-debian-12" \
    ) ; \
    for COMPONENT in "${COMPONENTS[@]}"; do \
      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
      fi ; \
      sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
      tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
    done
 RUN apt-get update && apt-get upgrade -y && \
    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
 RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
 RUN uninstall_packages curl
 ENV APP_VERSION="1.18.2" \
    BITNAMI_APP_NAME="cainjector" \
    IMAGE_REVISION="9" \
    PATH="/opt/bitnami/cainjector/bin:$PATH"
 WORKDIR /opt/bitnami/cainjector
 USER 1001
 ENTRYPOINT [ "/opt/bitnami/cainjector/bin/cainjector" ]
--- a/bitnami/cainjector/1.18/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
+++ b/bitnami/cainjector/1.18/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
@ -1,2 +0,0 @@
 Bitnami containers ship with software bundles. You can find the licenses under:
 /opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt
--- a/bitnami/cainjector/1.18/debian-12/prebuildfs/usr/sbin/install_packages
+++ b/bitnami/cainjector/1.18/debian-12/prebuildfs/usr/sbin/install_packages
@ -1,27 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -eu
 n=0
 max=2
 export DEBIAN_FRONTEND=noninteractive
 until [ $n -gt $max ]; do
    set +e
    (
      apt-get update -qq &&
      apt-get install -y --no-install-recommends "$@"
    )
    CODE=$?
    set -e
    if [ $CODE -eq 0 ]; then
        break
    fi
    if [ $n -eq $max ]; then
        exit $CODE
    fi
    echo "apt failed, retrying"
    n=$(($n + 1))
 done
 apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
--- a/bitnami/cainjector/1.18/debian-12/prebuildfs/usr/sbin/run-script
+++ b/bitnami/cainjector/1.18/debian-12/prebuildfs/usr/sbin/run-script
@ -1,24 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -u
 if [ $# -eq 0 ]; then
    >&2 echo "No arguments provided"
    exit 1
 fi
 script=$1
 exit_code="${2:-96}"
 fail_if_not_present="${3:-n}"
 if test -f "$script"; then
  sh $script
  if [ $? -ne 0 ]; then
    exit $((exit_code))
  fi
 elif [ "$fail_if_not_present" = "y" ]; then
  >&2 echo "script not found: $script"
  exit 127
 fi
--- a/bitnami/cainjector/1.18/debian-12/prebuildfs/usr/sbin/uninstall_packages
+++ b/bitnami/cainjector/1.18/debian-12/prebuildfs/usr/sbin/uninstall_packages
@ -1,26 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -eu
 n=0
 max=2
 export DEBIAN_FRONTEND=noninteractive
 until [ $n -gt $max ]; do
    set +e
    (
        apt-get autoremove --purge -y "$@"
    )
    CODE=$?
    set -e
    if [ $CODE -eq 0 ]; then
        break
    fi
    if [ $n -eq $max ]; then
        exit $CODE
    fi
    echo "apt failed, retrying"
    n=$(($n + 1))
 done
 apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
--- a/bitnami/cert-manager-webhook/1.18/README.md
+++ b/bitnami/cert-manager-webhook/1.18/README.md
@ -0,0 +1,10 @@
 # ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
 Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
 - Granting community users access for the first time to security-optimized versions of popular container images.
 - Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
 - Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
 - For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
 These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).
--- a/bitnami/cert-manager-webhook/1.18/debian-12/Dockerfile
+++ b/bitnami/cert-manager-webhook/1.18/debian-12/Dockerfile
@ -1,55 +0,0 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 FROM docker.io/bitnami/minideb:bookworm
 ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
 ARG TARGETARCH
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
      org.opencontainers.image.created="2025-10-07T20:38:48Z" \
      org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
      org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cert-manager-webhook/README.md" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cert-manager-webhook" \
      org.opencontainers.image.title="cert-manager-webhook" \
      org.opencontainers.image.vendor="Broadcom, Inc." \
      org.opencontainers.image.version="1.18.2"
 ENV HOME="/" \
    OS_ARCH="${TARGETARCH:-amd64}" \
    OS_FLAVOUR="debian-12" \
    OS_NAME="linux"
 COPY prebuildfs /
 SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 # Install required system packages and dependencies
 RUN install_packages ca-certificates curl procps
 RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
    DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
    mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
    COMPONENTS=( \
      "cert-manager-webhook-1.18.2-5-linux-${OS_ARCH}-debian-12" \
    ) ; \
    for COMPONENT in "${COMPONENTS[@]}"; do \
      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
      fi ; \
      sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
      tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
    done
 RUN apt-get update && apt-get upgrade -y && \
    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
 RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
 RUN uninstall_packages curl
 ENV APP_VERSION="1.18.2" \
    BITNAMI_APP_NAME="cert-manager-webhook" \
    IMAGE_REVISION="9" \
    PATH="/opt/bitnami/cert-manager-webhook/bin:$PATH"
 WORKDIR /opt/bitnami/cert-manager-webhook
 USER 1001
 ENTRYPOINT [ "/opt/bitnami/cert-manager-webhook/bin/cert-manager-webhook" ]
--- a/bitnami/cert-manager-webhook/1.18/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
+++ b/bitnami/cert-manager-webhook/1.18/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
@ -1,2 +0,0 @@
 Bitnami containers ship with software bundles. You can find the licenses under:
 /opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt
--- a/bitnami/cert-manager-webhook/1.18/debian-12/prebuildfs/usr/sbin/install_packages
+++ b/bitnami/cert-manager-webhook/1.18/debian-12/prebuildfs/usr/sbin/install_packages
@ -1,27 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -eu
 n=0
 max=2
 export DEBIAN_FRONTEND=noninteractive
 until [ $n -gt $max ]; do
    set +e
    (
      apt-get update -qq &&
      apt-get install -y --no-install-recommends "$@"
    )
    CODE=$?
    set -e
    if [ $CODE -eq 0 ]; then
        break
    fi
    if [ $n -eq $max ]; then
        exit $CODE
    fi
    echo "apt failed, retrying"
    n=$(($n + 1))
 done
 apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
--- a/bitnami/cert-manager-webhook/1.18/debian-12/prebuildfs/usr/sbin/run-script
+++ b/bitnami/cert-manager-webhook/1.18/debian-12/prebuildfs/usr/sbin/run-script
@ -1,24 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -u
 if [ $# -eq 0 ]; then
    >&2 echo "No arguments provided"
    exit 1
 fi
 script=$1
 exit_code="${2:-96}"
 fail_if_not_present="${3:-n}"
 if test -f "$script"; then
  sh $script
  if [ $? -ne 0 ]; then
    exit $((exit_code))
  fi
 elif [ "$fail_if_not_present" = "y" ]; then
  >&2 echo "script not found: $script"
  exit 127
 fi
--- a/bitnami/cert-manager-webhook/1.18/debian-12/prebuildfs/usr/sbin/uninstall_packages
+++ b/bitnami/cert-manager-webhook/1.18/debian-12/prebuildfs/usr/sbin/uninstall_packages
@ -1,26 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -eu
 n=0
 max=2
 export DEBIAN_FRONTEND=noninteractive
 until [ $n -gt $max ]; do
    set +e
    (
        apt-get autoremove --purge -y "$@"
    )
    CODE=$?
    set -e
    if [ $CODE -eq 0 ]; then
        break
    fi
    if [ $n -eq $max ]; then
        exit $CODE
    fi
    echo "apt failed, retrying"
    n=$(($n + 1))
 done
 apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
--- a/bitnami/cert-manager/1.18/README.md
+++ b/bitnami/cert-manager/1.18/README.md
@ -0,0 +1,10 @@
 # ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
 Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
 - Granting community users access for the first time to security-optimized versions of popular container images.
 - Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
 - Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
 - For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
 These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).
--- a/bitnami/cert-manager/1.18/debian-12/Dockerfile
+++ b/bitnami/cert-manager/1.18/debian-12/Dockerfile
@ -1,55 +0,0 @@
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 FROM docker.io/bitnami/minideb:bookworm
 ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
 ARG TARGETARCH
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
      org.opencontainers.image.created="2025-10-07T20:43:53Z" \
      org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
      org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cert-manager/README.md" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cert-manager" \
      org.opencontainers.image.title="cert-manager" \
      org.opencontainers.image.vendor="Broadcom, Inc." \
      org.opencontainers.image.version="1.18.2"
 ENV HOME="/" \
    OS_ARCH="${TARGETARCH:-amd64}" \
    OS_FLAVOUR="debian-12" \
    OS_NAME="linux"
 COPY prebuildfs /
 SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 # Install required system packages and dependencies
 RUN install_packages ca-certificates curl procps
 RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
    DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
    mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
    COMPONENTS=( \
      "cert-manager-1.18.2-4-linux-${OS_ARCH}-debian-12" \
    ) ; \
    for COMPONENT in "${COMPONENTS[@]}"; do \
      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
        curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
      fi ; \
      sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
      tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
    done
 RUN apt-get update && apt-get upgrade -y && \
    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
 RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
 RUN uninstall_packages curl
 ENV APP_VERSION="1.18.2" \
    BITNAMI_APP_NAME="cert-manager" \
    IMAGE_REVISION="9" \
    PATH="/opt/bitnami/cert-manager/bin:$PATH"
 WORKDIR /opt/bitnami/cert-manager
 USER 1001
 ENTRYPOINT [ "/opt/bitnami/cert-manager/bin/cert-manager" ]
--- a/bitnami/cert-manager/1.18/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
+++ b/bitnami/cert-manager/1.18/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
@ -1,2 +0,0 @@
 Bitnami containers ship with software bundles. You can find the licenses under:
 /opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt
--- a/bitnami/cert-manager/1.18/debian-12/prebuildfs/usr/sbin/install_packages
+++ b/bitnami/cert-manager/1.18/debian-12/prebuildfs/usr/sbin/install_packages
@ -1,27 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -eu
 n=0
 max=2
 export DEBIAN_FRONTEND=noninteractive
 until [ $n -gt $max ]; do
    set +e
    (
      apt-get update -qq &&
      apt-get install -y --no-install-recommends "$@"
    )
    CODE=$?
    set -e
    if [ $CODE -eq 0 ]; then
        break
    fi
    if [ $n -eq $max ]; then
        exit $CODE
    fi
    echo "apt failed, retrying"
    n=$(($n + 1))
 done
 apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
--- a/bitnami/cert-manager/1.18/debian-12/prebuildfs/usr/sbin/run-script
+++ b/bitnami/cert-manager/1.18/debian-12/prebuildfs/usr/sbin/run-script
@ -1,24 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -u
 if [ $# -eq 0 ]; then
    >&2 echo "No arguments provided"
    exit 1
 fi
 script=$1
 exit_code="${2:-96}"
 fail_if_not_present="${3:-n}"
 if test -f "$script"; then
  sh $script
  if [ $? -ne 0 ]; then
    exit $((exit_code))
  fi
 elif [ "$fail_if_not_present" = "y" ]; then
  >&2 echo "script not found: $script"
  exit 127
 fi
--- a/bitnami/cert-manager/1.18/debian-12/prebuildfs/usr/sbin/uninstall_packages
+++ b/bitnami/cert-manager/1.18/debian-12/prebuildfs/usr/sbin/uninstall_packages
@ -1,26 +0,0 @@
 #!/bin/sh
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
 set -eu
 n=0
 max=2
 export DEBIAN_FRONTEND=noninteractive
 until [ $n -gt $max ]; do
    set +e
    (
        apt-get autoremove --purge -y "$@"
    )
    CODE=$?
    set -e
    if [ $CODE -eq 0 ]; then
        break
    fi
    if [ $n -eq $max ]; then
        exit $CODE
    fi
    echo "apt failed, retrying"
    n=$(($n + 1))
 done
 apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
		`@ -1,2 +0,0 @@`
			`Bitnami containers ship with software bundles. You can find the licenses under:`
			`/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt`