From 91ee1989af2d47d7001e736024078b4a88028ccd Mon Sep 17 00:00:00 2001
From: "S. Seide" <account-github@seide.st>
Date: Tue, 23 Apr 2024 11:57:40 +0200
Subject: [PATCH 1/2] docker all-in-one image updates for Debian Bookworm base
 image

---
 deploy/docker/Dockerfile | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile
index f0b1b28c1..603201257 100644
--- a/deploy/docker/Dockerfile
+++ b/deploy/docker/Dockerfile
@@ -51,7 +51,7 @@ CMD [ "/bin/bash" , "/lowcoder/api-service/entrypoint.sh" ]
 ##
 FROM ubuntu:jammy as build-node-service
 
-RUN apt update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates build-essential gnupg
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates build-essential gnupg
 
 # Add nodejs repo and keys
 RUN mkdir -p /etc/apt/keyrings \
@@ -83,7 +83,7 @@ RUN chmod +x /lowcoder/node-service/*.sh
 FROM ubuntu:jammy as lowcoder-ce-node-service
 LABEL maintainer="lowcoder"
 
-RUN apt update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates gnupg
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates gnupg
 
 # Add nodejs repo and keys
 RUN mkdir -p /etc/apt/keyrings \
@@ -200,15 +200,9 @@ RUN mkdir -p /etc/apt/keyrings \
 # Install required packages
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y bash gnupg curl lsb-release \
   && curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg \
-  && echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb bullseye main" | tee /etc/apt/sources.list.d/redis.list \
+  && echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb bookworm main" | tee /etc/apt/sources.list.d/redis.list \
   && curl -fsSL https://www.mongodb.org/static/pgp/server-4.4.asc | gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg \
-  && echo "deb [signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg arch=amd64,arm64] http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list \
-  && if [ "$(dpkg --print-architecture)" = "amd64" ] || [ "$(dpkg --print-architecture)" = "i386" ]; then \
-    curl -sL http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_$(dpkg --print-architecture).deb --output libssl1.1_1.1.1f-1ubuntu2_$(dpkg --print-architecture).deb; \
-  else \
-    curl -sL http://ports.ubuntu.com/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_$(dpkg --print-architecture).deb --output libssl1.1_1.1.1f-1ubuntu2_$(dpkg --print-architecture).deb; \
-  fi \
-  && dpkg -i libssl1.1_1.1.1f-1ubuntu2_$(dpkg --print-architecture).deb \
+  && echo "deb [signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] https://repo.mongodb.org/apt/debian bookworm/mongodb-org/4.4 main" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list \
   && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends -y \
       mongodb-org \
       redis \

From de2af71445e6345c1370fb0c6bd899db622b5dbb Mon Sep 17 00:00:00 2001
From: "S. Seide" <account-github@seide.st>
Date: Tue, 23 Apr 2024 12:09:26 +0200
Subject: [PATCH 2/2] disable unauthenticated inet server http access to
 supervisord for security reasons

---
 deploy/docker/all-in-one/etc/supervisord.conf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/deploy/docker/all-in-one/etc/supervisord.conf b/deploy/docker/all-in-one/etc/supervisord.conf
index c6d035aff..39f6bd93a 100644
--- a/deploy/docker/all-in-one/etc/supervisord.conf
+++ b/deploy/docker/all-in-one/etc/supervisord.conf
@@ -4,8 +4,8 @@
 file=/var/run/supervisor.sock   ; (the path to the socket file)
 chmod=0700                       ; sockef file mode (default 0700)
 
-[inet_http_server]         ; inet (TCP) server disabled by default
-port=*:9001        ; (ip_address:port specifier, *:port for all iface)
+;[inet_http_server]         ; inet (TCP) server disabled by default
+;port=*:9001        ; (ip_address:port specifier, *:port for all iface)
 ;username=user              ; (default is no username (open server))
 ;password=123               ; (default is no password (open server))
 
@@ -37,8 +37,8 @@ files = /lowcoder/etc/supervisord/conf-enabled/*.conf
 # ; This event listener is used to capture processes log
 # ; and forward to container log using supervisor_stdout
 # ; Ref: https://github.com/coderanger/supervisor-stdout
-# [eventlistener:stdout] 
-# command = supervisor_stdout 
-# buffer_size = 100 
-# events = PROCESS_LOG 
+# [eventlistener:stdout]
+# command = supervisor_stdout
+# buffer_size = 100
+# events = PROCESS_LOG
 # result_handler = supervisor_stdout:event_handler