Debian version in Docker image

Diego_Fernandez_Slez · April 25, 2019, 12:21pm

Hi everybody,

Current official Docker image is based on Debian wheezy.
Is there any plan to update to Debian Stretch or any supported base image?

Thanks
Diego

Alain_Mazy3 · April 27, 2019, 12:44pm

Hi Diego,

There are currently no plan to do so. Why would you need another version ?

Diego_Fernandez_Slez · April 27, 2019, 1:41pm

I am using orthanc with some Lua scripts that call python routines that need python3 and modern packages from pip and Debian/Ubuntu repositories.

For example, wheezy servers are not available any more. I have to replace apt.conf and sources.list to access Debian archives repositories. Even in the case of installing any maintenance package as vim

Alain_Mazy3 · April 27, 2019, 1:50pm

I think it shall be quite straightforward to update the base image in https://github.com/jodogne/OrthancDocker/blob/master/orthanc/Dockerfile

Feel free to test it and submit a Pull Request if your tests are successful.

Diego_Fernandez_Slez · April 27, 2019, 2:05pm

Thanks Alain.

Do you have any test suite implemented to verify the “whole” system?

Best
Diego

jodogne · April 27, 2019, 2:08pm

The unit tests are executed while building the images.

Luiz_Eduardo_Guida_V · April 27, 2019, 2:35pm

Hi, friends!

Sorry for jumping in and adding my two cents. But I see one point. Still, probably not really that much important: security advisories.

Say there’s a security issue concerning the jsoncpp version used to compile Orthanc than I’d vote for a lib upgrade. Maybe for the OS itself.

Still, I’d be surprised if there’s any. Wheezy is two generations old now. Soon it’ll be three.

Stability would be a concern IF it was another distro. But Debian is known for stability, so it’s not really an issue.

One last point is if I’m developing a plugin that needs a library whose version clashes with any Orthanc dependency (missing or not). Maybe you COULD make do with mixing different versions of the same library but I’d advise against that.

Point being: you’ve got to have a very good reason to do so.

All in all, if you really want to upgrade to, say, Buster (the next stable for Debian), generating a new Orthanc docker is very easy. I’ve been there, I’d be glad to help if you need.

Best regards,
Luiz

Diego_Fernandez_Slez · April 27, 2019, 4:11pm

Thanks Luiz. I have already replicated the dockerfile with a newer Debian version. But I prefer using official distribution, if possible.

jodogne · May 6, 2019, 6:49pm

Hello,

As requested, the base Docker image for Orthanc has been upgraded from “debian:wheezy-slim” (aka Debian 7) to “debian:stable-slim” (as of writing, Debian 9):
https://hub.docker.com/u/jodogne/

https://github.com/jodogne/OrthancDocker/commit/07d9fc886ced84d7e479bfcca792fa584fcfe2c2

Using “stable-slim” instead of a fixed version will allow to smoothly upgrade to future releases of Debian.

HTH,
Sébastien-

Diego_Fernandez_Slez · May 6, 2019, 6:54pm

Great work! Thanks.
I will test it ASAP to check that everything works correctly with this change.

Best,
Diego

ahern · May 7, 2019, 3:17pm

This is great! I just ran into this problem yesterday when trying to install packages in the orthanc plugins container. Do you know when the updated orthanc and orthanc plugins images will be available via dockerhub?

jodogne · May 7, 2019, 3:31pm

They are available on DockerHub since yesterday. Make sure to pull a new version of the images:

$ sudo docker pull jodogne/orthanc-plugins:1.5.6

abbe · January 31, 2024, 4:31pm

Hi,

On the same note, I have made a security scan of the latest Orthanc docker image from jodogne/OrthancDocker: Docker Hub repository for Orthanc (github.com) and I am getting reports of high vulnerabilities that seems to already be tracked by Debian and also fixed in some versions.

For eg. CVE-2023-45853 - https://security-tracker.debian.org/tracker/CVE-2023-45853 and CVE-2019-8457 https://security-tracker.debian.org/tracker/CVE-2019-8457 are beeing reported.

Also, according to LTS - Debian Wiki buster has LTE until June 30th this year (2024) which is around the corner.

Is there a plan for updating the Debian base image?

alainmazy · January 31, 2024, 8:17pm

Hi @abbe,

To have a more recent version of Debian, you may use the osimis/orthanc images that currently ship with bullseye and hopefully soon with bookworm.

Best regards,

Alain.

abbe · February 1, 2024, 3:59pm

Hi @alainmazy,

Ok thanks for the response, I saw that it has now changed name to orthancteam/orthanc.

Regarding bullseye, it looks like it is also vulnerable to the CVEs according to the debian security tracker, nice that an update to bookworm is on the way. Is there a timeline for it

Best regards,
Abbe

alainmazy · February 2, 2024, 8:42am

Well, it is actually already ready but not integrated yet in the main image.
You can test it in orthancteam/orthanc-pre-release:bookworm

It should be released in the next week(s).

HTH,

Alain.

jodogne · August 31, 2024, 8:36am

Dear @abbe,

The jodogne/orthanc-plugins:1.12.4 and jodogne/orthanc-plugins:latest have been upgraded to Debian 12 (bookworm) by the following changeset.

Kind Regards,
Sébastien-