From b9961fed1bf1190482effad9affdaec328894a5a Mon Sep 17 00:00:00 2001
From: aj-bw <81774843+aj-bw@users.noreply.github.com>
Date: Tue, 12 Aug 2025 14:28:50 -0400
Subject: [PATCH] [bre-936] harden kc container (#220)

* hardening dockerfile

* test noble image

* add version pins
---
 src/KeyConnector/Dockerfile    | 12 ++++++------
 src/KeyConnector/entrypoint.sh |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/KeyConnector/Dockerfile b/src/KeyConnector/Dockerfile
index 5772032..e125b23 100644
--- a/src/KeyConnector/Dockerfile
+++ b/src/KeyConnector/Dockerfile
@@ -1,13 +1,13 @@
-FROM mcr.microsoft.com/dotnet/aspnet:8.0
+FROM mcr.microsoft.com/dotnet/aspnet:8.0-noble
 
 LABEL com.bitwarden.product="bitwarden"
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
-    gosu=1.14* \
-    curl=7.88.1* \
-    libc6-dev=2.36* \
-    opensc=0.23.0* \
+    gosu=1.17* \
+    curl=8.5.0* \
+    libc6-dev=2.39* \
+    opensc=0.25.0* \
     && rm -rf /var/lib/apt/lists/*
 
 # Install YubiHSM2 SDK
@@ -31,4 +31,4 @@ RUN chmod +x /entrypoint.sh
 
 HEALTHCHECK CMD curl -f http://localhost:5000/health || exit 1
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file
diff --git a/src/KeyConnector/entrypoint.sh b/src/KeyConnector/entrypoint.sh
index 7a82afe..38d86c7 100644
--- a/src/KeyConnector/entrypoint.sh
+++ b/src/KeyConnector/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # Setup