03juan
Missing latest hub.docker.com/r/hexpm/elixir images built with ubuntu-noble-20240423
Greetings
I was reviewing the security vulnerabilities of my production images, specifically the difference between the latest default Dockerfile configuration generated with mix phx.gen.release --docker, bullseye-20240423-slim
and Ubuntu’s recently released 24.04 LTS version, Noble Numbat, noble-20240423
Issue
Unfortunately the hexpm/elixir registry only has a few versions of elixir built with erlang 25.2.3 about 3 days ago, and only for arm64/v8.
Question
Is the service that creates these images set to build and release them slowly on purpose, or is there some issue with it?
The relevant OTP images do exist in builds.hex.pm/builds/otp/ubuntu-24.04/builds.txt
...
OTP-26.2.3 928d03e6da416208fce7b9a7dbbfbb4f25d26c37 2024-04-25T22:38:03Z
OTP-26.2.4 e26c5206dc98ec1b8f978fceaa61fd1354266ccb 2024-04-25T22:24:21Z
...
Temp fix
What I’m doing in the meantime is just building with the previous beta version of noble, and then copy and run the app with the official bare noble image
ARG ELIXIR_VERSION=1.16.2
ARG OTP_VERSION=26.2.4
ARG DISTRO_NAME=ubuntu
ARG BUILD_IMAGE_VERSION=noble-20240225
ARG RELEASE_IMAGE_VERSION=noble-20240423
ARG BUILDER_IMAGE="hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-${DISTRO_NAME}-${BUILD_IMAGE_VERSION}"
ARG RUNNER_IMAGE="${DISTRO_NAME}:${RELEASE_IMAGE_VERSION}"
Marked As Solved
03juan
Also Liked
LostKobrakai
Read from this post going forward.
dimitarvp
Thanks. Quite curious and informative. But in any case OTP 27 is due pretty soon (May 2024 IIRC) so it won’t matter.
It’s a shame that an effort to disentangle the legacy horrible mess that is libc leads to discovering how many pieces of software rely on its leaky abstractions but oh well, real software requires compromises.
altdsoy
I was surprised to see an ubuntu release without any vulnerabilities at all (even with low or unspecified severity).. But if we look now, it’s just as the usual same “vulnerable” packages.. I guess the analyzing tool (Docker Scout) had just not yet finished at that time..
I usually use Alpine images (even for other stacks than Elixir/Phoenix) and it’s just running fine.. Any reason why going with Ubuntu instead of Alpine?
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance












