Update ghost

[tianon]

Changes:

• docker-library/ghost@a74ffaa: Update to 5.86.2, ghost-cli 1.26.0
• docker-library/ghost@35ad2d4: Update to 5.86.1, ghost-cli 1.26.0
• docker-library/ghost@230753a: Merge pull request Replace su-exec with gosu ghost#417 from infosiftr/su-noexec
• docker-library/ghost@b9cd69e: Update to 5.86.0, ghost-cli 1.26.0

[tianon]

(maybe we should get docker-library/ghost#417 in first?)

[github-actions]

Diff for 705313e:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 36ca6d1..0634b4c 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,12 +1,12 @@
 Maintainers: Tianon Gravi <[email protected]> (@tianon), Joseph Ferguson <[email protected]> (@yosifkit), Austin Burdine <[email protected]> (@acburdine)
 GitRepo: https://github.com/docker-library/ghost.git
 
-Tags: 5.85.2, 5.85, 5, latest
+Tags: 5.86.2, 5.86, 5, latest
 Architectures: amd64, arm32v7, arm64v8, ppc64le, s390x
-GitCommit: f7fb70a1525f7856d16542efe916bcb809cff366
+GitCommit: a74ffaa09a98dac2d6900957d7fab2c545e2dec1
 Directory: 5/debian
 
-Tags: 5.85.2-alpine, 5.85-alpine, 5-alpine, alpine
+Tags: 5.86.2-alpine, 5.86-alpine, 5-alpine, alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8
-GitCommit: f7fb70a1525f7856d16542efe916bcb809cff366
+GitCommit: a74ffaa09a98dac2d6900957d7fab2c545e2dec1
 Directory: 5/alpine
diff --git a/_bashbrew-list b/_bashbrew-list
index b0aa834..fc6d6fa 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,8 +1,8 @@
 ghost:5
 ghost:5-alpine
-ghost:5.85
-ghost:5.85-alpine
-ghost:5.85.2
-ghost:5.85.2-alpine
+ghost:5.86
+ghost:5.86-alpine
+ghost:5.86.2
+ghost:5.86.2-alpine
 ghost:alpine
 ghost:latest
diff --git a/ghost_alpine/Dockerfile b/ghost_alpine/Dockerfile
index 8e2d8c2..3d709d6 100644
--- a/ghost_alpine/Dockerfile
+++ b/ghost_alpine/Dockerfile
@@ -2,13 +2,41 @@
 # https://github.com/nodejs/Release (looking for "LTS")
 FROM node:18-alpine3.19
 
-# grab su-exec for easy step-down from root
-RUN apk add --no-cache 'su-exec>=0.2'
-
 RUN apk add --no-cache \
 # add "bash" for "[["
 		bash
 
+# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
+ENV GOSU_VERSION 1.17
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .gosu-deps \
+		ca-certificates \
+		dpkg \
+		gnupg \
+	; \
+	\
+	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+	\
+# verify the signature
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+	\
+# clean up fetch dependencies
+	apk del --no-network .gosu-deps; \
+	\
+	chmod +x /usr/local/bin/gosu; \
+# verify that the binary works
+	gosu --version; \
+	gosu nobody true
+RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (TODO remove in Ghost 6+)
+
 ENV NODE_ENV production
 
 ENV GHOST_CLI_VERSION 1.26.0
@@ -19,7 +47,7 @@ RUN set -eux; \
 ENV GHOST_INSTALL /var/lib/ghost
 ENV GHOST_CONTENT /var/lib/ghost/content
 
-ENV GHOST_VERSION 5.85.2
+ENV GHOST_VERSION 5.86.2
 
 RUN set -eux; \
 	mkdir -p "$GHOST_INSTALL"; \
@@ -27,7 +55,7 @@ RUN set -eux; \
 	\
 	apkDel=; \
 	\
-	installCmd='su-exec node ghost install "$GHOST_VERSION" --db mysql --dbhost mysql --no-prompt --no-stack --no-setup --dir "$GHOST_INSTALL"'; \
+	installCmd='gosu node ghost install "$GHOST_VERSION" --db mysql --dbhost mysql --no-prompt --no-stack --no-setup --dir "$GHOST_INSTALL"'; \
 	if ! eval "$installCmd"; then \
 		virtual='.build-deps-ghost'; \
 		apkDel="$apkDel $virtual"; \
@@ -37,11 +65,11 @@ RUN set -eux; \
 	\
 # Tell Ghost to listen on all ips and not prompt for additional configuration
 	cd "$GHOST_INSTALL"; \
-	su-exec node ghost config --no-prompt --ip '::' --port 2368 --url 'http://localhost:2368'; \
-	su-exec node ghost config paths.contentPath "$GHOST_CONTENT"; \
+	gosu node ghost config --no-prompt --ip '::' --port 2368 --url 'http://localhost:2368'; \
+	gosu node ghost config paths.contentPath "$GHOST_CONTENT"; \
 	\
 # make a config.json symlink for NODE_ENV=development (and sanity check that it's correct)
-	su-exec node ln -s config.production.json "$GHOST_INSTALL/config.development.json"; \
+	gosu node ln -s config.production.json "$GHOST_INSTALL/config.development.json"; \
 	readlink -f "$GHOST_INSTALL/config.development.json"; \
 	\
 # need to save initial content for pre-seeding empty volumes
@@ -65,7 +93,7 @@ RUN set -eux; \
 	')"; \
 	if echo "$packages" | grep 'undefined'; then exit 1; fi; \
 	for package in $packages; do \
-		installCmd='su-exec node yarn add "$package" --force'; \
+		installCmd='gosu node yarn add "$package" --force'; \
 		if ! eval "$installCmd"; then \
 # must be some non-amd64 architecture pre-built binaries aren't published for, so let's install some build deps and do-it-all-over-again
 			virtualPackages='g++ make python3'; \
@@ -85,8 +113,8 @@ RUN set -eux; \
 		apk del --no-network $apkDel; \
 	fi; \
 	\
-	su-exec node yarn cache clean; \
-	su-exec node npm cache clean --force; \
+	gosu node yarn cache clean; \
+	gosu node npm cache clean --force; \
 	npm cache clean --force; \
 	rm -rv /tmp/yarn* /tmp/v8*
 
diff --git a/ghost_alpine/docker-entrypoint.sh b/ghost_alpine/docker-entrypoint.sh
index c4d007b..f4614d4 100755
--- a/ghost_alpine/docker-entrypoint.sh
+++ b/ghost_alpine/docker-entrypoint.sh
@@ -4,7 +4,7 @@ set -e
 # allow the container to be started with `--user`
 if [[ "$*" == node*current/index.js* ]] && [ "$(id -u)" = '0' ]; then
 	find "$GHOST_CONTENT" \! -user node -exec chown node '{}' +
-	exec su-exec node "$BASH_SOURCE" "$@"
+	exec gosu node "$BASH_SOURCE" "$@"
 fi
 
 if [[ "$*" == node*current/index.js* ]]; then
diff --git a/ghost_latest/Dockerfile b/ghost_latest/Dockerfile
index 20bb5d7..05ab105 100644
--- a/ghost_latest/Dockerfile
+++ b/ghost_latest/Dockerfile
@@ -4,7 +4,7 @@ FROM node:18-bookworm-slim
 
 # grab gosu for easy step-down from root
 # https://github.com/tianon/gosu/releases
-ENV GOSU_VERSION 1.16
+ENV GOSU_VERSION 1.17
 RUN set -eux; \
 # save list of currently installed packages for later so we can clean up
 	savedAptMark="$(apt-mark showmanual)"; \
@@ -43,7 +43,7 @@ RUN set -eux; \
 ENV GHOST_INSTALL /var/lib/ghost
 ENV GHOST_CONTENT /var/lib/ghost/content
 
-ENV GHOST_VERSION 5.85.2
+ENV GHOST_VERSION 5.86.2
 
 RUN set -eux; \
 	mkdir -p "$GHOST_INSTALL"; \

Relevant Maintainers:

• ghost: @tianon @yosifkit @acburdine