vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-16 12:30:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,644 Commits 758 Branches 80 Tags
d4d00917608ae51d23e4c7a8090efcdeade68c4e
Commit Graph

7 Commits

Author SHA1 Message Date
Altay
deada7edd3 build: default to Node 24 and keep Node 22 compat 2026-03-12 20:07:44 +05:30
Vincent Koc
3f3f66a5f7 Docker: trim runtime image payload (#40307) 
* Docker: shrink runtime image payload

* Docker: add runtime pnpm opt-in

* Docker: collapse helper entrypoint chmod layers

* Docker: restore bundled pnpm runtime

* Update CHANGELOG.md
 2026-03-08 16:07:04 -07:00
Peter Steinberger
5759b93dda fix(ci): pin multi-arch docker base digests 2026-03-08 02:55:15 +00:00
苏敏童0668001043
b29e913efe fix(docker): correct awk quoting in Docker GPG fingerprint check (#32153) 2026-03-03 02:32:46 +00:00
edincampara
577f2fa540 fix(docker): harden /app/extensions permissions to 755 (#30191) 
* fix(docker): harden /app/extensions permissions to 755

Bundled extension directories shipped as world-writable (mode 777)
in the Docker image. The plugin security scanner blocks any world-
writable path with:

  WARN: blocked plugin candidate: world-writable path
        (/app/extensions/memory-core, mode=777)

Add chmod -R 755 /app/extensions in the final USER root RUN step so
all bundled extensions are readable but not world-writable. This runs
as root before switching back to the node user, matching the pattern
already used for chmod 755 /app/openclaw.mjs.

Fixes #30139

* fix(docker): normalize plugin and agent path permissions

* docs(changelog): add docker permissions entry for #30191

* Update CHANGELOG.md

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-03-01 15:45:21 -08:00
Peter Steinberger
35976da7a0 fix: harden Docker/GCP onboarding flow (#26253) (thanks @pandego) 2026-02-26 04:46:18 +00:00
Sebastian
b7cf28f407 test(docker): cover browser install build arg 2026-02-16 22:35:27 -05:00