[nats] Release v2.10.16 #16797
Merged
[nats] Release v2.10.16 #16797
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Details can be found [here](https://github.com/nats-io/nats-server/releases/tag/v2.10.16) Signed-off-by: Byron Ruth <byron@nats.io>
Diff for b9e1e30:diff --git a/_bashbrew-cat b/_bashbrew-cat
index aa44b04..5a2d036 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,7 +1,7 @@
Maintainers: Derek Collison <derek@synadia.com> (@derekcollison), Waldemar Quevedo Salinas <wally@synadia.com> (@wallyqs), Byron Ruth <byron@synadia.com> (@bruth), Neil Twigg <neil@synadia.com> (@neilalexander), Phil Pennock <pdp@synadia.com> (@philpennock)
GitRepo: https://github.com/nats-io/nats-docker.git
GitFetch: refs/heads/main
-GitCommit: b39950ece3064f20a2a5e25806d093793e455769
+GitCommit: 8d800ec8480ff944f4ee16619ef84082bdc14cf5
Tags: 2.9.25-alpine3.18, 2.9-alpine3.18, 2.9.25-alpine, 2.9-alpine
Architectures: amd64, arm32v6, arm32v7, arm64v8
@@ -24,23 +24,23 @@ Architectures: windows-amd64
Directory: 2.9.x/windowsservercore-1809
Constraints: windowsservercore-1809
-Tags: 2.10.14-alpine3.19, 2.10-alpine3.19, 2-alpine3.19, alpine3.19, 2.10.14-alpine, 2.10-alpine, 2-alpine, alpine
+Tags: 2.10.16-alpine3.19, 2.10-alpine3.19, 2-alpine3.19, alpine3.19, 2.10.16-alpine, 2.10-alpine, 2-alpine, alpine
Architectures: amd64, arm32v6, arm32v7, arm64v8, ppc64le, s390x
Directory: 2.10.x/alpine3.19
-Tags: 2.10.14-nanoserver-1809, 2.10-nanoserver-1809, 2-nanoserver-1809, nanoserver-1809
-SharedTags: 2.10.14-nanoserver, 2.10-nanoserver, 2-nanoserver, nanoserver, 2.10.14, 2.10, 2, latest
+Tags: 2.10.16-nanoserver-1809, 2.10-nanoserver-1809, 2-nanoserver-1809, nanoserver-1809
+SharedTags: 2.10.16-nanoserver, 2.10-nanoserver, 2-nanoserver, nanoserver, 2.10.16, 2.10, 2, latest
Architectures: windows-amd64
Directory: 2.10.x/nanoserver-1809
Constraints: nanoserver-1809, windowsservercore-1809
-Tags: 2.10.14-scratch, 2.10-scratch, 2-scratch, scratch, 2.10.14-linux, 2.10-linux, 2-linux, linux
-SharedTags: 2.10.14, 2.10, 2, latest
+Tags: 2.10.16-scratch, 2.10-scratch, 2-scratch, scratch, 2.10.16-linux, 2.10-linux, 2-linux, linux
+SharedTags: 2.10.16, 2.10, 2, latest
Architectures: amd64, arm32v6, arm32v7, arm64v8, ppc64le, s390x
Directory: 2.10.x/scratch
-Tags: 2.10.14-windowsservercore-1809, 2.10-windowsservercore-1809, 2-windowsservercore-1809, windowsservercore-1809
-SharedTags: 2.10.14-windowsservercore, 2.10-windowsservercore, 2-windowsservercore, windowsservercore
+Tags: 2.10.16-windowsservercore-1809, 2.10-windowsservercore-1809, 2-windowsservercore-1809, windowsservercore-1809
+SharedTags: 2.10.16-windowsservercore, 2.10-windowsservercore, 2-windowsservercore, windowsservercore
Architectures: windows-amd64
Directory: 2.10.x/windowsservercore-1809
Constraints: windowsservercore-1809
diff --git a/_bashbrew-list b/_bashbrew-list
index 4e25818..6101804 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -34,15 +34,15 @@ nats:2.10-nanoserver-1809
nats:2.10-scratch
nats:2.10-windowsservercore
nats:2.10-windowsservercore-1809
-nats:2.10.14
-nats:2.10.14-alpine
-nats:2.10.14-alpine3.19
-nats:2.10.14-linux
-nats:2.10.14-nanoserver
-nats:2.10.14-nanoserver-1809
-nats:2.10.14-scratch
-nats:2.10.14-windowsservercore
-nats:2.10.14-windowsservercore-1809
+nats:2.10.16
+nats:2.10.16-alpine
+nats:2.10.16-alpine3.19
+nats:2.10.16-linux
+nats:2.10.16-nanoserver
+nats:2.10.16-nanoserver-1809
+nats:2.10.16-scratch
+nats:2.10.16-windowsservercore
+nats:2.10.16-windowsservercore-1809
nats:alpine
nats:alpine3.19
nats:latest
diff --git a/nats_2.9-alpine/Dockerfile b/nats_2.9-alpine/Dockerfile
index 1066c4c..2505799 100644
--- a/nats_2.9-alpine/Dockerfile
+++ b/nats_2.9-alpine/Dockerfile
@@ -27,6 +27,10 @@ RUN set -eux; \
COPY nats-server.conf /etc/nats/nats-server.conf
COPY docker-entrypoint.sh /usr/local/bin
+RUN apk add --no-cache libcap \
+ && setcap cap_net_bind_service=+ep /usr/local/bin/nats-server \
+ && apk del libcap
+
EXPOSE 4222 8222 6222
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["nats-server", "--config", "/etc/nats/nats-server.conf"]
diff --git a/nats_alpine/Dockerfile b/nats_alpine/Dockerfile
index fcae3d7..84e77d7 100644
--- a/nats_alpine/Dockerfile
+++ b/nats_alpine/Dockerfile
@@ -1,17 +1,17 @@
FROM alpine:3.19
-ENV NATS_SERVER 2.10.14
+ENV NATS_SERVER 2.10.16
RUN set -eux; \
apkArch="$(apk --print-arch)"; \
case "$apkArch" in \
- aarch64) natsArch='arm64'; sha256='57aa4464759d211df247b645dae6d0c0724d84aa2db3dc042cd2dc9fe8553302' ;; \
- armhf) natsArch='arm6'; sha256='125dba652ee7c4c60bf1af3ced1c590e7d32f7624e27364c278069da660f04ea' ;; \
- armv7) natsArch='arm7'; sha256='1215a787ac52d03bc2c43069ac4229b891be7dafeb2ea44f58dc5c854001629c' ;; \
- x86_64) natsArch='amd64'; sha256='8e1ba988220e7f3a0156c085b7c4fe47222ee8342cf1cfa7b364e30d9d6aa47d' ;; \
- x86) natsArch='386'; sha256='29b361db7d0ece5ba74ac6aa1911446573db3a4806c175df4bd37142bccf5e06' ;; \
- s390x) natsArch='s390x'; sha256='f9a3c2b1ca2d89bc865b08d37451e5c1949112e042c69fdb88bbb6938ad774a8' ;; \
- ppc64le) natsArch='ppc64le'; sha256='276f4f5d080a96c31c4e1a15e84aafefef5d82dd93c112ea659f17f068ab4b6a' ;; \
+ aarch64) natsArch='arm64'; sha256='a7d9cee900c7035efadeeffced4ede6ceb32f19028a839148d3fb4c285b0106e' ;; \
+ armhf) natsArch='arm6'; sha256='d8f2807df727d3f8adbc54694813a18b53768903075805c4bf4bd978d961461e' ;; \
+ armv7) natsArch='arm7'; sha256='a395fe2af1d167429ad8284c8b30abb33f0eca97b2dd6d6bed38697104cef0f5' ;; \
+ x86_64) natsArch='amd64'; sha256='ed2585edff10a393916e665ad808f97124c726407d926d5f033ad43805ae4de1' ;; \
+ x86) natsArch='386'; sha256='8e16f3d9cc0cc08f45125c05b456d15c7d0e813d919de65a655abd222a35e4ab' ;; \
+ s390x) natsArch='s390x'; sha256='5caf7848375536e0e585ac18245635d617eb265f1ec894adeddfad2b78cec223' ;; \
+ ppc64le) natsArch='ppc64le'; sha256='82e2559bccf20c27bfbd4bceb2daea753a93981a11cbb371fbe5f5802f5ca0a7' ;; \
*) echo >&2 "error: $apkArch is not supported!"; exit 1 ;; \
esac; \
\
@@ -28,6 +28,10 @@ RUN set -eux; \
COPY nats-server.conf /etc/nats/nats-server.conf
COPY docker-entrypoint.sh /usr/local/bin
+RUN apk add --no-cache libcap \
+ && setcap cap_net_bind_service=+ep /usr/local/bin/nats-server \
+ && apk del libcap
+
EXPOSE 4222 8222 6222
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["nats-server", "--config", "/etc/nats/nats-server.conf"]
diff --git a/nats_linux/Dockerfile b/nats_linux/Dockerfile
index 23a6a98..23f9d2d 100644
--- a/nats_linux/Dockerfile
+++ b/nats_linux/Dockerfile
@@ -1,7 +1,7 @@
FROM scratch
ENV PATH="$PATH:/"
-COPY --from=nats:2.10.14-alpine3.19 /usr/local/bin/nats-server /nats-server
+COPY --from=nats:2.10.16-alpine3.19 /usr/local/bin/nats-server /nats-server
COPY nats-server.conf /nats-server.conf
EXPOSE 4222 8222 6222
diff --git a/nats_nanoserver-1809/Dockerfile b/nats_nanoserver-1809/Dockerfile
index 6c7dd9f..5dbcf82 100644
--- a/nats_nanoserver-1809/Dockerfile
+++ b/nats_nanoserver-1809/Dockerfile
@@ -1,7 +1,7 @@
FROM mcr.microsoft.com/windows/nanoserver:1809
ENV NATS_DOCKERIZED 1
-COPY --from=nats:2.10.14-windowsservercore-1809 C:\\nats-server.exe C:\\nats-server.exe
+COPY --from=nats:2.10.16-windowsservercore-1809 C:\\nats-server.exe C:\\nats-server.exe
COPY nats-server.conf C:\\nats-server.conf
EXPOSE 4222 8222 6222
diff --git a/nats_windowsservercore-1809/Dockerfile b/nats_windowsservercore-1809/Dockerfile
index 2a34ba0..33dac79 100644
--- a/nats_windowsservercore-1809/Dockerfile
+++ b/nats_windowsservercore-1809/Dockerfile
@@ -4,9 +4,9 @@ FROM mcr.microsoft.com/windows/servercore:1809
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"]
ENV NATS_DOCKERIZED 1
-ENV NATS_SERVER 2.10.14
+ENV NATS_SERVER 2.10.16
ENV NATS_SERVER_DOWNLOAD https://github.com/nats-io/nats-server/releases/download/v${NATS_SERVER}/nats-server-v${NATS_SERVER}-windows-amd64.zip
-ENV NATS_SERVER_SHASUM ee799a0cdf79a631749dd8603186c09e2502e5cfde984552e461b89a23fb6551
+ENV NATS_SERVER_SHASUM 22a5ef3a54200ebdebaa325822f477c89dc6533ec6fc1f531d897aa876517ccf
RUN Set-PSDebug -Trace 2Relevant Maintainers: |
|
@yosifkit reviewers used to automatically get assigned. Has the workflow changed for anyone on the Docker team to review and merge the PRs? If so, understood and I will not ping you :) |
|
It still auto-assigns, but now via group instead of individually (the group is the same individuals as previously were directly assigned). No need to ping, we've got it and it's in-queue for review. 👍 |
|
(I wish the teams themselves could be public, especially when their existence is already public due to being part of the appropriate file: official-images/.github/CODEOWNERS Line 1 in 6a521d5 |
|
@tianon Ah missed that, thanks. I see |
|
I think it's probably fine to leave it, but I'd just note the warning that I'm guessing that's probably to be able to bind to "privileged" ports, which is already enabled by default for containers in recent Docker versions (since in a private network namespace, the concept of "privileged ports" doesn't really hold much meaning), so there's other mitigations in place already. 👍 |
tianon
approved these changes
May 21, 2024
|
thanks for the clarification @tianon, that is helpful to know 👍 |
|
You might also enjoy moby/moby#8460 and moby/moby#41030 (which is the PR that finally fixed this for the engine 🥳). |
|
@tianon It turns out that adding this setcap change broke a few people when pulling the image for more restrictive environments. We reverted the change in the Dockerfile. The NATS binary did not change of course, so we are safe to open a new PR with an update to the GitCommit to the new nats-docker version to re-build/push the image for 2.10.16? |
|
Yeah, that's fine. |
bruth
added a commit
to nats-io/official-images
that referenced
this pull request
May 22, 2024
This is a follow-up to docker-library#16797 to remove a setcap call in the Dockerfile which caused issues for users in more constrained environments. The NATS binary remains the same. Signed-off-by: Byron Ruth <byron@nats.io>
bruth
added a commit
to nats-io/official-images
that referenced
this pull request
May 22, 2024
This is a follow-up to docker-library#16797 to remove a setcap call in the Dockerfile which caused issues for users in more constrained environments. The NATS binary remains the same. Signed-off-by: Byron Ruth <byron@nats.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Details can be found here