Merge changes with 7.2

2025-01-03 04:09:31 +01:00 · 2024-12-26 02:08:30 +09:00 · 2024-12-26 02:08:30 +09:00 · 1edd6173ea
commit 1edd6173ea
parent 1f24659a8b
40 changed files with 104 additions and 108 deletions
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -1,78 +0,0 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
-name: Scorecard supply-chain security
-on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
-  schedule:
-    - cron: '39 3 * * 2'
-  push:
-    branches:
-      - '7.0'
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecard analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
-      id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
-
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
-        with:
-          egress-policy: audit
-
-      - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecard on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
-          # Public repositories:
-          #   - Publish results to OpenSSF REST API for easy access by consumers
-          #   - Allows the repository to include the Scorecard badge.
-          #   - See https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories:
-          #   - `publish_results` will always be set to `false`, regardless
-          #     of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
-        with:
-          sarif_file: results.sarif
--- a/Dockerfiles/agent/centos/Dockerfile
+++ b/Dockerfiles/agent/centos/Dockerfile
@ -79,7 +79,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            --shell /sbin/nologin \
            --home-dir ${ZABBIX_USER_HOME_DIR} \
        zabbix && \
-    mkdir -p ZABBIX_CONF_DIR/ && \
+    mkdir -p ${ZABBIX_CONF_DIR}/ && \
    mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \
    mkdir -p ${ZABBIX_USER_HOME_DIR} && \
    mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
--- a/Dockerfiles/agent/ol/Dockerfile
+++ b/Dockerfiles/agent/ol/Dockerfile
@ -30,7 +30,7 @@ STOPSIGNAL SIGTERM

 COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"]
 COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"]
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"]
 COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]

 RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@ -66,7 +66,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            --shell /sbin/nologin \
            --home-dir ${ZABBIX_USER_HOME_DIR} \
        zabbix && \
-    mkdir -p ZABBIX_CONF_DIR/ && \
+    mkdir -p ${ZABBIX_CONF_DIR}/ && \
    mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \
    mkdir -p ${ZABBIX_USER_HOME_DIR} && \
    mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
--- a/Dockerfiles/agent/rhel/Dockerfile
+++ b/Dockerfiles/agent/rhel/Dockerfile
@ -104,7 +104,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            --shell /sbin/nologin \
            --home-dir ${ZABBIX_USER_HOME_DIR} \
        zabbix && \
-    mkdir -p ZABBIX_CONF_DIR/ && \
+    mkdir -p ${ZABBIX_CONF_DIR}/ && \
    mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \
    mkdir -p ${ZABBIX_USER_HOME_DIR} && \
    mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
--- a/Dockerfiles/build-mysql/alpine/Dockerfile
+++ b/Dockerfiles/build-mysql/alpine/Dockerfile
@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -59,7 +59,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-mysql/centos/Dockerfile
+++ b/Dockerfiles/build-mysql/centos/Dockerfile
@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -59,7 +59,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-mysql/ol/Dockerfile
+++ b/Dockerfiles/build-mysql/ol/Dockerfile
@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -59,7 +59,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-mysql/rhel/Dockerfile
+++ b/Dockerfiles/build-mysql/rhel/Dockerfile
@ -43,7 +43,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -69,7 +69,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-mysql/ubuntu/Dockerfile
+++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile
@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -59,7 +59,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-pgsql/alpine/Dockerfile
+++ b/Dockerfiles/build-pgsql/alpine/Dockerfile
@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -61,7 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-pgsql/centos/Dockerfile
+++ b/Dockerfiles/build-pgsql/centos/Dockerfile
@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -61,7 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-pgsql/ol/Dockerfile
+++ b/Dockerfiles/build-pgsql/ol/Dockerfile
@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -61,7 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-pgsql/rhel/Dockerfile
+++ b/Dockerfiles/build-pgsql/rhel/Dockerfile
@ -43,7 +43,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -71,7 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-pgsql/rhel/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-pgsql/rhel/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile
+++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile
@ -33,7 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
-    --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -61,7 +61,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
-    patch -p1 < /tmp/chromedp_no_sandbox.patch && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch
+++ b/Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch
--- a/Dockerfiles/build-sqlite3/alpine/Dockerfile
+++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile
@ -33,6 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -52,6 +53,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-sqlite3/alpine/patches/.gitkeep
+++ b/Dockerfiles/build-sqlite3/alpine/patches/.gitkeep
--- a/Dockerfiles/build-sqlite3/centos/Dockerfile
+++ b/Dockerfiles/build-sqlite3/centos/Dockerfile
@ -33,6 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -52,6 +53,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-sqlite3/centos/patches/.gitkeep
+++ b/Dockerfiles/build-sqlite3/centos/patches/.gitkeep
--- a/Dockerfiles/build-sqlite3/ol/Dockerfile
+++ b/Dockerfiles/build-sqlite3/ol/Dockerfile
@ -33,6 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -52,6 +53,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-sqlite3/ol/patches/.gitkeep
+++ b/Dockerfiles/build-sqlite3/ol/patches/.gitkeep
--- a/Dockerfiles/build-sqlite3/rhel/Dockerfile
+++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile
@ -43,6 +43,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=from=sources,target=/tmp/src \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -62,6 +63,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep
+++ b/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep
--- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile
+++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile
@ -33,6 +33,7 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_
 RUN --mount=type=cache,target=/root/.cache/go-build/ \
    --mount=type=cache,target=/root/go/ \
    --mount=type=bind,source=src/,target=/tmp/src \
+    --mount=type=bind,source=patches/,target=/tmp/patches \
    set -eux && \
    cd /tmp/ && \
    mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \
@ -52,6 +53,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \
        git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \
    fi && \
    cd ${ZBX_SOURCES_DIR} && \
+    for patch_filename in /tmp/patches/*.patch; do \
+        if [ -f "$patch_filename" ]; then \
+            patch -p1 < $patch_filename; \
+        fi \
+    done && \
    zabbix_revision=`git rev-parse --short HEAD` && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
    sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \
--- a/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep
+++ b/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep
--- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile
+++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile
@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 ENV TERM=xterm \
    ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
    MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
-    NMAP_PRIVILEGED=""  \
+    NMAP_PRIVILEGED="" \
    ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
    ZABBIX_CONF_DIR="/etc/zabbix" \
    ZBX_FPINGLOCATION="/usr/bin/fping"
--- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile
+++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile
@ -14,7 +14,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 ENV TERM=xterm \
    ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
    MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
-    NMAP_PRIVILEGED=""  \
+    NMAP_PRIVILEGED="" \
    ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
    ZABBIX_CONF_DIR="/etc/zabbix" \
    ZBX_FPINGLOCATION="/usr/bin/fping"
--- a/Dockerfiles/server-pgsql/centos/Dockerfile
+++ b/Dockerfiles/server-pgsql/centos/Dockerfile
@ -108,7 +108,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            -G dialout \
            --uid 1997 \
            --shell /sbin/nologin \
-            --home-dir ${ZABBIX_USER_HOME_DIR}/ \
+            --home-dir ${ZABBIX_USER_HOME_DIR} \
        zabbix && \
    chgrp zabbix /usr/bin/nmap && \
    setcap cap_net_raw+eip /usr/bin/nmap && \
--- a/Dockerfiles/server-pgsql/ol/Dockerfile
+++ b/Dockerfiles/server-pgsql/ol/Dockerfile
@ -90,7 +90,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            -G dialout \
            --uid 1997 \
            --shell /sbin/nologin \
-            --home-dir ${ZABBIX_USER_HOME_DIR}/ \
+            --home-dir ${ZABBIX_USER_HOME_DIR} \
        zabbix && \
    chgrp zabbix /usr/bin/nmap && \
    setcap cap_net_raw+eip /usr/bin/nmap && \
--- a/Dockerfiles/server-pgsql/rhel/Dockerfile
+++ b/Dockerfiles/server-pgsql/rhel/Dockerfile
@ -136,7 +136,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
            -G dialout \
            --uid 1997 \
            --shell /sbin/nologin \
-            --home-dir ${ZABBIX_USER_HOME_DIR}/ \
+            --home-dir ${ZABBIX_USER_HOME_DIR} \
        zabbix && \
    chgrp zabbix /usr/bin/nmap && \
    setcap cap_net_raw+eip /usr/bin/nmap && \
--- a/build.sh
+++ b/build.sh
@ -42,7 +42,11 @@ else
    exit 1
 fi

-DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" --build-context sources="../../../sources" --build-arg VCS_REF="$VCS_REF" --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" -f Dockerfile .
+DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" \
+        --build-context sources="../../../sources" \
+        --build-arg VCS_REF="$VCS_REF" \
+        --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
+        -f Dockerfile .

 if [ "$type" != "build" ]; then
    links=""