Security update for curl actions

2024-11-25 09:13:50 +01:00 · 2024-03-24 20:15:18 +09:00 · 2024-03-24 20:15:18 +09:00 · 0d6c8e5b66
commit 0d6c8e5b66
parent 28ece2bc92
11 changed files with 11 additions and 11 deletions
--- a/Dockerfiles/agent/rhel/Dockerfile
+++ b/Dockerfiles/agent/rhel/Dockerfile
@ -59,7 +59,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            pcre2 \
            libmodbus \
            libcurl-minimal" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    microdnf -y install \
--- a/Dockerfiles/build-base/rhel/Dockerfile
+++ b/Dockerfiles/build-base/rhel/Dockerfile
@ -57,7 +57,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            git \
            gettext \
            unixODBC-devel" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    ARCH_SUFFIX="$(arch)"; \
--- a/Dockerfiles/proxy-mysql/rhel/Dockerfile
+++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile
@ -75,7 +75,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            pcre2 \
            gzip \
            unixODBC" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    ARCH_SUFFIX="$(arch)"; \
--- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile
+++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile
@ -72,7 +72,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            pcre2 \
            sqlite-libs \
            unixODBC" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    ARCH_SUFFIX="$(arch)"; \
--- a/Dockerfiles/server-mysql/rhel/Dockerfile
+++ b/Dockerfiles/server-mysql/rhel/Dockerfile
@ -78,7 +78,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            pcre2 \
            gzip \
            unixODBC" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    ARCH_SUFFIX="$(arch)"; \
--- a/Dockerfiles/server-pgsql/rhel/Dockerfile
+++ b/Dockerfiles/server-pgsql/rhel/Dockerfile
@ -80,7 +80,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            postgresql-libs \
            gzip \
            unixODBC" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    ARCH_SUFFIX="$(arch)"; \
--- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile
@ -67,7 +67,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            php-mbstring \
            php-mysqlnd \
            php-xml" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    ARCH_SUFFIX="$(arch)"; \
--- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
@ -58,7 +58,7 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \
            --no-install-recommends install \
        ${INSTALL_TEMP_PKGS} && \
    GNUPGHOME="$(mktemp -d)"; export GNUPGHOME && \
-    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
+    curl --tlsv1.2 -sSf -L https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
    gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
    DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
    echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
--- a/Dockerfiles/web-nginx-pgsql/rhel/Dockerfile
+++ b/Dockerfiles/web-nginx-pgsql/rhel/Dockerfile
@ -67,7 +67,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            php-mbstring \
            php-pgsql \
            php-xml" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    ARCH_SUFFIX="$(arch)"; \
--- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
+++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
@ -58,7 +58,7 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \
            --no-install-recommends install \
        ${INSTALL_TEMP_PKGS} && \
    GNUPGHOME="$(mktemp -d)"; export GNUPGHOME && \
-    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
+    curl --tlsv1.2 -sSf -L https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
    gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
    DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
    echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
--- a/Dockerfiles/web-service/rhel/Dockerfile
+++ b/Dockerfiles/web-service/rhel/Dockerfile
@ -55,7 +55,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
    INSTALL_PKGS="bash \
            shadow-utils \
            chromium-headless" && \
-    curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -o /tmp/epel-release-latest-9.noarch.rpm && \
    rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \
    rm -rf /tmp/epel-release-latest-9.noarch.rpm && \
    ARCH_SUFFIX="$(arch)"; \