Random Note #23542351: Using the GitHub API to improve Dockerfiles

March 20, 2018
randomnote docker

When writing Dockerfiles, people often use something like this to download and install software from GitHub:

ENV SOFTWARE_VERSION 1.33.7
RUN curl -sSL \
    https://github.com/user/repo/releases/download/${SOFTWARE_VERSION}/amd64.deb

This can be optimized so that always the newest version gets used, which also simplifies maintaining the Dockerfile because updating happens automatically:

curl -sSL \
   $(curl -sSL https://api.github.com/repos/user/repo/releases/latest | \
   grep "browser_download_url" | \
   grep "amd64.deb" | \
   cut -d ":" -f 2,3 | \
   tr --delete \" | \
   tr --delete " ") \
-o /tmp/software-amd64.deb \

As you can see, the endpoint at https://api.github.com/repos/user/repo/releases/latest returns a JSON object which contains the download links for the newest release for each maintained architecture (along with some additional stuff maybe). For example, let’s have a look at Atom:

"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom-1.25.0-full.nupkg"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom-amd64.deb"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom-amd64.tar.gz"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom-api.json"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom-mac-symbols.zip"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom-mac.zip"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom-windows.zip"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom-x64-windows.zip"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/atom.x86_64.rpm"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/AtomSetup-x64.exe"
"browser_download_url":
    "https://github.com/atom/atom/releases/download/v1.25.0/AtomSetup.exe"

This can be parsed with grep and tr like above or by using jq.

Information Leak in Docker

January 4, 2019
docker vulnerability

Random Note #092345: Passing binary input via GDB

October 26, 2018
randomnote gdb exploiting reverse-engineering

Random Note #632424: Backup Google Authenticator Data

June 20, 2018
randomnote backups