From 08d8926173b2271fc9f317f2f2fe8ea599ad8090 Mon Sep 17 00:00:00 2001
From: Pavan Navarathna <6504783+pavannd1@users.noreply.github.com>
Date: Thu, 21 Sep 2023 01:10:30 -0700
Subject: [PATCH] Fix golang vulnerabilities (#2351)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
---
 docker/tools/Dockerfile | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/docker/tools/Dockerfile b/docker/tools/Dockerfile
index dd9e8b3593..d43a9d1a60 100644
--- a/docker/tools/Dockerfile
+++ b/docker/tools/Dockerfile
@@ -1,11 +1,26 @@
 # Build Kopia binary
-FROM golang:1.19-bullseye AS builder
+FROM golang:1.21-bullseye AS builder
 
 ARG kopia_build_commit=master
 ARG kopia_repo_org=kopia
 ENV CGO_ENABLED=1 GOEXPERIMENT=boringcrypto GO_EXTLINK_ENABLED=0
 RUN apt-get install git
 
+# Build restic binary from source - released version
+# This will allow us to bring in security fixes without relying on the official
+# image which is released once every quarter
+WORKDIR /
+
+RUN git clone https://github.com/restic/restic.git
+
+ENV GITHUB_REPOSITORY=https://github.com/restic/restic
+
+WORKDIR /restic
+
+RUN git checkout v0.16.0
+RUN go run build.go
+
+# Build kopia binary from specific commit
 WORKDIR /
 
 RUN git clone https://github.com/${kopia_repo_org}/kopia.git
@@ -14,7 +29,6 @@ ENV GITHUB_REPOSITORY=https://github.com/${kopia_repo_org}/kopia
 
 WORKDIR /kopia
 
-# Build kopia binary from specific commit
 RUN git checkout ${kopia_build_commit}
 RUN GO111MODULE=on GOOS=linux GOARCH=amd64 go build -o kopia \
   -ldflags="-X github.com/kopia/kopia/repo.BuildVersion=$(git show --no-patch --format='%cs-%h') \
@@ -45,11 +59,11 @@ LABEL name="kanister-tools" \
     vendor="Kanister" \
     version="${kan_tools_version}" \
     release="${kan_tools_version}" \
-    summary="Microservice for application-specific data management for Kubernetes" \
-    maintainer="Tom Manville<tom@kasten.io>" \
-    description="Kanister tools for application-specific data management"
+    summary="Operator for data protection workflow management on Kubernetes" \
+    maintainer="Pavan N Devaraj<pavan.n.devaraj@veeam.com>" \
+    description="Tools for application-specific data protection"
 
-COPY --from=restic/restic:0.15.2 /usr/bin/restic /usr/local/bin/restic
+COPY --from=builder /restic/restic /usr/local/bin/restic
 COPY --from=builder /kopia/kopia /usr/local/bin/kopia
 COPY LICENSE /licenses/LICENSE