Shibd

The shibd image is built from ContainerFiles/shibd. This image has no dedicated CVE script; security updates are included during the build.

This container packages the Shibd service for use in the stack. The build installs the required packages, applies security updates and configuration, and prepares the service for integration.

graph LR
    A[Base image] --> B[Install packages]
    B --> C[Apply CVE patches]
    C --> D[Configure Shibd]
    D --> E[Container ready]

ContainerFile used for the build

# syntax = docker/dockerfile:1
# This Dockerfile uses multi-stage build to customize DEV and PROD images:
# https://docs.docker.com/develop/develop-images/multistage-build/

FROM debian:trixie-slim
ARG CACHEBUST=0
LABEL maintainer="Rackspace"
LABEL vendor="Rackspace OpenStack Team"
LABEL org.opencontainers.image.name="shibd"

RUN export DEBIAN_FRONTEND=noninteractive \
  && apt-get update && apt-get upgrade -y \
  && apt-get install --no-install-recommends -y shibboleth-sp-utils \
  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
  && apt-get clean -y && rm -rf /var/lib/apt/lists/* \
  && find / -name '*.pyc' -delete \
  && find / -name '*.pyo' -delete \
  && find / -name '__pycache__' -delete \
  && sed -i 's@fileName=.*@fileName=/dev/stdout@g' /etc/shibboleth/*.logger

# Set the user and group to match the original build
USER 42424:42424

# Set the entrypoint to the keystone-manage command
ENTRYPOINT ["/usr/sbin/shibd"]

Build Arguments

Argument	Default
CACHEBUST	0

Build Command

docker build \
--build-arg CACHEBUST=0 \
-f ContainerFiles/shibd \
-t shibd:local \
.

Dependencies

• Builds From Upstream Debian

Container Image

The container image is available on Github Container Registry.