Update redmine

[tianon]

Changes:

• docker-library/redmine@957f1e0: Merge pull request Replace su-exec with gosu redmine#333 from infosiftr/su-noexec
• docker-library/redmine@f44d7a0: Replace su-exec with gosu

[github-actions]

Diff for cfcf6be:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 724d9d4..7c9b5de 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -3,30 +3,30 @@ GitRepo: https://github.com/docker-library/redmine.git
 
 Tags: 5.0.9, 5.0, 5.0.9-bookworm, 5.0-bookworm
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 01b89cb313c07c154f99f95362a0b4baa6cf71d0
+GitCommit: f44d7a06e867841594aaaf45fddf59a77fad5337
 Directory: 5.0/bookworm
 
 Tags: 5.0.9-alpine3.19, 5.0-alpine3.19
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 01b89cb313c07c154f99f95362a0b4baa6cf71d0
+GitCommit: f44d7a06e867841594aaaf45fddf59a77fad5337
 Directory: 5.0/alpine3.19
 
 Tags: 5.0.9-alpine3.20, 5.0-alpine3.20, 5.0.9-alpine, 5.0-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 01b89cb313c07c154f99f95362a0b4baa6cf71d0
+GitCommit: f44d7a06e867841594aaaf45fddf59a77fad5337
 Directory: 5.0/alpine3.20
 
 Tags: 5.1.3, 5.1, 5, latest, 5.1.3-bookworm, 5.1-bookworm, 5-bookworm, bookworm
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 00027a1ffc5010efeb4ee8562afdf20635844bd9
+GitCommit: f44d7a06e867841594aaaf45fddf59a77fad5337
 Directory: 5.1/bookworm
 
 Tags: 5.1.3-alpine3.19, 5.1-alpine3.19, 5-alpine3.19, alpine3.19
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 00027a1ffc5010efeb4ee8562afdf20635844bd9
+GitCommit: f44d7a06e867841594aaaf45fddf59a77fad5337
 Directory: 5.1/alpine3.19
 
 Tags: 5.1.3-alpine3.20, 5.1-alpine3.20, 5-alpine3.20, alpine3.20, 5.1.3-alpine, 5.1-alpine, 5-alpine, alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
-GitCommit: 00027a1ffc5010efeb4ee8562afdf20635844bd9
+GitCommit: f44d7a06e867841594aaaf45fddf59a77fad5337
 Directory: 5.1/alpine3.20
diff --git a/redmine_5.0-alpine/Dockerfile b/redmine_5.0-alpine/Dockerfile
index fa6a339..f958325 100644
--- a/redmine_5.0-alpine/Dockerfile
+++ b/redmine_5.0-alpine/Dockerfile
@@ -16,7 +16,6 @@ RUN set -eux; \
 		bash \
 		ca-certificates \
 		findutils \
-		su-exec \
 		tini \
 		tzdata \
 		wget \
@@ -34,6 +33,34 @@ RUN set -eux; \
 		imagemagick \
 	;
 
+# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
+ENV GOSU_VERSION 1.17
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .gosu-deps \
+		ca-certificates \
+		dpkg \
+		gnupg \
+	; \
+	\
+	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+	\
+	apk del --no-network .gosu-deps; \
+	\
+# smoke test
+	chmod +x /usr/local/bin/gosu; \
+	gosu --version; \
+	gosu nobody true
+RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in Redmine 5.2+)
+
 ENV RAILS_ENV production
 WORKDIR /usr/src/redmine
 
@@ -81,7 +108,7 @@ RUN set -eux; \
 		zlib-dev \
 	; \
 	\
-	su-exec redmine bundle config --local without 'development test'; \
+	gosu redmine bundle config --local without 'development test'; \
 # https://github.com/redmine/redmine/commit/23dc108e70a0794f444803ac827a690085dcd557
 # ("gem puma" already exists in the Gemfile, but under "group :test" and we want it all the time)
 	puma="$(grep -E "^[[:space:]]*gem [:'\"]puma['\",[:space:]].*\$" Gemfile)"; \
@@ -93,7 +120,7 @@ RUN set -eux; \
 		echo "$adapter:" >> ./config/database.yml; \
 		echo "  adapter: $adapter" >> ./config/database.yml; \
 	done; \
-	su-exec redmine bundle install --jobs "$(nproc)"; \
+	gosu redmine bundle install --jobs "$(nproc)"; \
 	rm ./config/database.yml; \
 # fix permissions for running as an arbitrary user
 	chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
diff --git a/redmine_5.0-alpine/docker-entrypoint.sh b/redmine_5.0-alpine/docker-entrypoint.sh
index be466aa..ff3f94b 100755
--- a/redmine_5.0-alpine/docker-entrypoint.sh
+++ b/redmine_5.0-alpine/docker-entrypoint.sh
@@ -51,7 +51,7 @@ _fix_permissions() {
 # allow the container to be started with `--user`
 if [ -n "$isLikelyRedmine" ] && [ "$(id -u)" = '0' ]; then
 	_fix_permissions
-	exec su-exec redmine "$BASH_SOURCE" "$@"
+	exec gosu redmine "$BASH_SOURCE" "$@"
 fi
 
 if [ -n "$isLikelyRedmine" ]; then
diff --git a/redmine_5.0-alpine3.19/Dockerfile b/redmine_5.0-alpine3.19/Dockerfile
index e5a52ed..17a2b89 100644
--- a/redmine_5.0-alpine3.19/Dockerfile
+++ b/redmine_5.0-alpine3.19/Dockerfile
@@ -16,7 +16,6 @@ RUN set -eux; \
 		bash \
 		ca-certificates \
 		findutils \
-		su-exec \
 		tini \
 		tzdata \
 		wget \
@@ -34,6 +33,34 @@ RUN set -eux; \
 		imagemagick \
 	;
 
+# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
+ENV GOSU_VERSION 1.17
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .gosu-deps \
+		ca-certificates \
+		dpkg \
+		gnupg \
+	; \
+	\
+	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+	\
+	apk del --no-network .gosu-deps; \
+	\
+# smoke test
+	chmod +x /usr/local/bin/gosu; \
+	gosu --version; \
+	gosu nobody true
+RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in Redmine 5.2+)
+
 ENV RAILS_ENV production
 WORKDIR /usr/src/redmine
 
@@ -81,7 +108,7 @@ RUN set -eux; \
 		zlib-dev \
 	; \
 	\
-	su-exec redmine bundle config --local without 'development test'; \
+	gosu redmine bundle config --local without 'development test'; \
 # https://github.com/redmine/redmine/commit/23dc108e70a0794f444803ac827a690085dcd557
 # ("gem puma" already exists in the Gemfile, but under "group :test" and we want it all the time)
 	puma="$(grep -E "^[[:space:]]*gem [:'\"]puma['\",[:space:]].*\$" Gemfile)"; \
@@ -93,7 +120,7 @@ RUN set -eux; \
 		echo "$adapter:" >> ./config/database.yml; \
 		echo "  adapter: $adapter" >> ./config/database.yml; \
 	done; \
-	su-exec redmine bundle install --jobs "$(nproc)"; \
+	gosu redmine bundle install --jobs "$(nproc)"; \
 	rm ./config/database.yml; \
 # fix permissions for running as an arbitrary user
 	chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
diff --git a/redmine_5.0-alpine3.19/docker-entrypoint.sh b/redmine_5.0-alpine3.19/docker-entrypoint.sh
index be466aa..ff3f94b 100755
--- a/redmine_5.0-alpine3.19/docker-entrypoint.sh
+++ b/redmine_5.0-alpine3.19/docker-entrypoint.sh
@@ -51,7 +51,7 @@ _fix_permissions() {
 # allow the container to be started with `--user`
 if [ -n "$isLikelyRedmine" ] && [ "$(id -u)" = '0' ]; then
 	_fix_permissions
-	exec su-exec redmine "$BASH_SOURCE" "$@"
+	exec gosu redmine "$BASH_SOURCE" "$@"
 fi
 
 if [ -n "$isLikelyRedmine" ]; then
diff --git a/redmine_alpine/Dockerfile b/redmine_alpine/Dockerfile
index a150cfe..edb73c9 100644
--- a/redmine_alpine/Dockerfile
+++ b/redmine_alpine/Dockerfile
@@ -16,7 +16,6 @@ RUN set -eux; \
 		bash \
 		ca-certificates \
 		findutils \
-		su-exec \
 		tini \
 		tzdata \
 		wget \
@@ -34,6 +33,34 @@ RUN set -eux; \
 		imagemagick \
 	;
 
+# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
+ENV GOSU_VERSION 1.17
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .gosu-deps \
+		ca-certificates \
+		dpkg \
+		gnupg \
+	; \
+	\
+	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+	\
+	apk del --no-network .gosu-deps; \
+	\
+# smoke test
+	chmod +x /usr/local/bin/gosu; \
+	gosu --version; \
+	gosu nobody true
+RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in Redmine 5.2+)
+
 ENV RAILS_ENV production
 WORKDIR /usr/src/redmine
 
@@ -81,7 +108,7 @@ RUN set -eux; \
 		zlib-dev \
 	; \
 	\
-	su-exec redmine bundle config --local without 'development test'; \
+	gosu redmine bundle config --local without 'development test'; \
 # https://github.com/redmine/redmine/commit/23dc108e70a0794f444803ac827a690085dcd557
 # ("gem puma" already exists in the Gemfile, but under "group :test" and we want it all the time)
 	puma="$(grep -E "^[[:space:]]*gem [:'\"]puma['\",[:space:]].*\$" Gemfile)"; \
@@ -93,7 +120,7 @@ RUN set -eux; \
 		echo "$adapter:" >> ./config/database.yml; \
 		echo "  adapter: $adapter" >> ./config/database.yml; \
 	done; \
-	su-exec redmine bundle install --jobs "$(nproc)"; \
+	gosu redmine bundle install --jobs "$(nproc)"; \
 	rm ./config/database.yml; \
 # fix permissions for running as an arbitrary user
 	chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
diff --git a/redmine_alpine/docker-entrypoint.sh b/redmine_alpine/docker-entrypoint.sh
index be466aa..ff3f94b 100755
--- a/redmine_alpine/docker-entrypoint.sh
+++ b/redmine_alpine/docker-entrypoint.sh
@@ -51,7 +51,7 @@ _fix_permissions() {
 # allow the container to be started with `--user`
 if [ -n "$isLikelyRedmine" ] && [ "$(id -u)" = '0' ]; then
 	_fix_permissions
-	exec su-exec redmine "$BASH_SOURCE" "$@"
+	exec gosu redmine "$BASH_SOURCE" "$@"
 fi
 
 if [ -n "$isLikelyRedmine" ]; then
diff --git a/redmine_alpine3.19/Dockerfile b/redmine_alpine3.19/Dockerfile
index d48795e..2997495 100644
--- a/redmine_alpine3.19/Dockerfile
+++ b/redmine_alpine3.19/Dockerfile
@@ -16,7 +16,6 @@ RUN set -eux; \
 		bash \
 		ca-certificates \
 		findutils \
-		su-exec \
 		tini \
 		tzdata \
 		wget \
@@ -34,6 +33,34 @@ RUN set -eux; \
 		imagemagick \
 	;
 
+# grab gosu for easy step-down from root
+# https://github.com/tianon/gosu/releases
+ENV GOSU_VERSION 1.17
+RUN set -eux; \
+	\
+	apk add --no-cache --virtual .gosu-deps \
+		ca-certificates \
+		dpkg \
+		gnupg \
+	; \
+	\
+	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+	gpgconf --kill all; \
+	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+	\
+	apk del --no-network .gosu-deps; \
+	\
+# smoke test
+	chmod +x /usr/local/bin/gosu; \
+	gosu --version; \
+	gosu nobody true
+RUN set -eux; ln -svf gosu /usr/local/bin/su-exec; su-exec nobody true # backwards compatibility (removed in Redmine 5.2+)
+
 ENV RAILS_ENV production
 WORKDIR /usr/src/redmine
 
@@ -81,7 +108,7 @@ RUN set -eux; \
 		zlib-dev \
 	; \
 	\
-	su-exec redmine bundle config --local without 'development test'; \
+	gosu redmine bundle config --local without 'development test'; \
 # https://github.com/redmine/redmine/commit/23dc108e70a0794f444803ac827a690085dcd557
 # ("gem puma" already exists in the Gemfile, but under "group :test" and we want it all the time)
 	puma="$(grep -E "^[[:space:]]*gem [:'\"]puma['\",[:space:]].*\$" Gemfile)"; \
@@ -93,7 +120,7 @@ RUN set -eux; \
 		echo "$adapter:" >> ./config/database.yml; \
 		echo "  adapter: $adapter" >> ./config/database.yml; \
 	done; \
-	su-exec redmine bundle install --jobs "$(nproc)"; \
+	gosu redmine bundle install --jobs "$(nproc)"; \
 	rm ./config/database.yml; \
 # fix permissions for running as an arbitrary user
 	chmod -R ugo=rwX Gemfile.lock "$GEM_HOME"; \
diff --git a/redmine_alpine3.19/docker-entrypoint.sh b/redmine_alpine3.19/docker-entrypoint.sh
index be466aa..ff3f94b 100755
--- a/redmine_alpine3.19/docker-entrypoint.sh
+++ b/redmine_alpine3.19/docker-entrypoint.sh
@@ -51,7 +51,7 @@ _fix_permissions() {
 # allow the container to be started with `--user`
 if [ -n "$isLikelyRedmine" ] && [ "$(id -u)" = '0' ]; then
 	_fix_permissions
-	exec su-exec redmine "$BASH_SOURCE" "$@"
+	exec gosu redmine "$BASH_SOURCE" "$@"
 fi
 
 if [ -n "$isLikelyRedmine" ]; then

Relevant Maintainers:

• redmine: @tianon @yosifkit