Debian version in Docker image

Hi everybody,

Current official Docker image is based on Debian wheezy.
Is there any plan to update to Debian Stretch or any supported base image?

Thanks
Diego

Hi Diego,

There are currently no plan to do so. Why would you need another version ?

I am using orthanc with some Lua scripts that call python routines that need python3 and modern packages from pip and Debian/Ubuntu repositories.

For example, wheezy servers are not available any more. I have to replace apt.conf and sources.list to access Debian archives repositories. Even in the case of installing any maintenance package as vim

I think it shall be quite straightforward to update the base image in https://github.com/jodogne/OrthancDocker/blob/master/orthanc/Dockerfile

Feel free to test it and submit a Pull Request if your tests are successful.

Thanks Alain.

Do you have any test suite implemented to verify the “whole” system?

Best
Diego

The unit tests are executed while building the images.

Hi, friends!

Sorry for jumping in and adding my two cents. But I see one point. Still, probably not really that much important: security advisories.

Say there’s a security issue concerning the jsoncpp version used to compile Orthanc than I’d vote for a lib upgrade. Maybe for the OS itself.

Still, I’d be surprised if there’s any. Wheezy is two generations old now. Soon it’ll be three.

Stability would be a concern IF it was another distro. But Debian is known for stability, so it’s not really an issue.

One last point is if I’m developing a plugin that needs a library whose version clashes with any Orthanc dependency (missing or not). Maybe you COULD make do with mixing different versions of the same library but I’d advise against that.

Point being: you’ve got to have a very good reason to do so.

All in all, if you really want to upgrade to, say, Buster (the next stable for Debian), generating a new Orthanc docker is very easy. I’ve been there, I’d be glad to help if you need.

Best regards,
Luiz

Thanks Luiz. I have already replicated the dockerfile with a newer Debian version. But I prefer using official distribution, if possible.

Hello,

As requested, the base Docker image for Orthanc has been upgraded from “debian:wheezy-slim” (aka Debian 7) to “debian:stable-slim” (as of writing, Debian 9):
https://hub.docker.com/u/jodogne/

https://github.com/jodogne/OrthancDocker/commit/07d9fc886ced84d7e479bfcca792fa584fcfe2c2

Using “stable-slim” instead of a fixed version will allow to smoothly upgrade to future releases of Debian.

HTH,
Sébastien-

1 Like

Great work! Thanks.
I will test it ASAP to check that everything works correctly with this change.

Best,
Diego

This is great! I just ran into this problem yesterday when trying to install packages in the orthanc plugins container. Do you know when the updated orthanc and orthanc plugins images will be available via dockerhub?

They are available on DockerHub since yesterday. Make sure to pull a new version of the images:

$ sudo docker pull jodogne/orthanc-plugins:1.5.6

Hi,

On the same note, I have made a security scan of the latest Orthanc docker image from jodogne/OrthancDocker: Docker Hub repository for Orthanc (github.com) and I am getting reports of high vulnerabilities that seems to already be tracked by Debian and also fixed in some versions.

For eg. CVE-2023-45853 - https://security-tracker.debian.org/tracker/CVE-2023-45853 and CVE-2019-8457 https://security-tracker.debian.org/tracker/CVE-2019-8457 are beeing reported.

Also, according to LTS - Debian Wiki buster has LTE until June 30th this year (2024) which is around the corner.

Is there a plan for updating the Debian base image?

Hi @abbe,

To have a more recent version of Debian, you may use the osimis/orthanc images that currently ship with bullseye and hopefully soon with bookworm.

Best regards,

Alain.

1 Like

Hi @alainmazy,

Ok thanks for the response, I saw that it has now changed name to orthancteam/orthanc.

Regarding bullseye, it looks like it is also vulnerable to the CVEs according to the debian security tracker, nice that an update to bookworm is on the way. Is there a timeline for it :slight_smile:

Best regards,
Abbe

Well, it is actually already ready but not integrated yet in the main image.
You can test it in orthancteam/orthanc-pre-release:bookworm

It should be released in the next week(s).

HTH,

Alain.

1 Like