Remove unused default users, groups, set MongoDB user to UID and GID 999.
- MongoDB UID and GID are set to 999 to avoid clashes with host.
- libc6 and libc-bin v2.23 are pulled in from Debian Stretch to avoid CVE-2014-9761/CVE-2016-4429.
- Users other than root, mail and mongodb are removed.
- Groups other than root, adm, tty, mail, shadow, utmp, staff and mongodb are removed.
Install MongoDB directly from upstream (security).
-
MongoDB is now installed directly from upstream (version 3.2).
- Debian introduced an exception to their security support policy for libv8 and node:
The Node.js platform is built on top of libv8-3.14, which experiences a high volume of security issues, but there are currently no volunteers within the project or the security team sufficiently interested and willing to spend the large amount of time required to stem those incoming issues. Unfortunately, this means that libv8-3.14, nodejs, and the associated node-* package ecosystem should not currently be used with untrusted content, such as unsanitized data from the Internet. In addition, these packages will not receive any security updates during the lifetime of the Jessie release. -
Builds are now automated via CircleCI.
- Images tagged with
latestare built from the master branch. - Images tagged with
x.y.zrefer to signed tagged releases.
- Images tagged with
-
Gosu was removed, leveraging Docker USER directive instead.
Initial development release.
- Based off tklx/base:0.1.0.
- MongoDB installed directly from Debian.
- Uses tini for zombia reaping and signal forwarding.
- Uses gosu for dropping privileges to mongodb user.
- Includes
VOLUME /data/dbfor dbPath persistence. - Includes
EXPOSE 27017for container linking. - Basic bats testing suite.