Jason Woltje
7c2df59499
Added explicit package update/upgrade step to patch CVE-2025-58183, CVE-2025-61726, CVE-2025-61728, and CVE-2025-61729 in Go stdlib components from Alpine Linux packages (likely LLVM or transitive dependencies). The fix ensures all base image packages are up-to-date before pgvector build, capturing any security patches released for Alpine components. Fixes #181 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
29 lines
883 B
Docker
29 lines
883 B
Docker
FROM postgres:17-alpine
|
|
|
|
LABEL maintainer="Mosaic Stack <dev@mosaic.local>"
|
|
LABEL description="PostgreSQL 17 with pgvector extension"
|
|
|
|
# Update Alpine packages to patch Go stdlib vulnerabilities (CVE-2025-58183, CVE-2025-61726, CVE-2025-61728, CVE-2025-61729)
|
|
RUN apk update && apk upgrade
|
|
|
|
# Install build dependencies for pgvector
|
|
RUN apk add --no-cache --virtual .build-deps \
|
|
git \
|
|
build-base
|
|
|
|
# Clone and build pgvector v0.7.4 (without LLVM bitcode compilation)
|
|
RUN git clone --branch v0.7.4 https://github.com/pgvector/pgvector.git /tmp/pgvector \
|
|
&& cd /tmp/pgvector \
|
|
&& make OPTFLAGS="" with_llvm=no \
|
|
&& make install with_llvm=no \
|
|
&& rm -rf /tmp/pgvector
|
|
|
|
# Clean up build dependencies to reduce image size
|
|
RUN apk del .build-deps
|
|
|
|
# Copy initialization scripts
|
|
COPY init-scripts/ /docker-entrypoint-initdb.d/
|
|
|
|
# Expose PostgreSQL port
|
|
EXPOSE 5432
|