didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Drop unused agent-image apt deps #201

Merged
didericis merged 1 commits from drop-unused-image-deps into main 2026-06-07 09:51:15 -04:00
Conversation 0 Commits 1 Files Changed 2
+22 -8
didericis-claude commented 2026-06-06 12:39:01 -04:00
Collaborator
Copy Link
Copy Source

Summary

Removes three apt packages from Dockerfile.claude and Dockerfile.codex that no longer have a runtime caller:

  • socat — was the privileged forwarder for the in-container ssh-agent that PRD 0009 removed. The Dockerfile.claude comment block pointed at bot_bottle/ssh.py, which no longer exists.
  • openssh-client — the agent never makes outbound SSH. Git-gate's insteadOf rewrites route every declared upstream through HTTP / git-protocol (see git_gate_render_gitconfig), and ssh-keygen runs host-side from bot_bottle/contrib/gitea/deploy_key_provisioner.py.
  • dnsutils — only used by tests/integration/test_sandbox_escape.py attack 4b, which runs dig +short @8.8.8.8 from inside the agent container.

Also splits python3 / python3-pip / python3-venv onto a separate RUN layer with a comment that they're app-specific and a candidate to move to a downstream image.

Follow-up

The sandbox-escape integration test's attack 4b will now silently pass even if the network isolation regresses, because dig is no longer present in the image — the test should be reworked to install dnsutils ad hoc (or switch to a Python socket.create_connection(("8.8.8.8", 53)) probe, since python3 stays in the image). Not addressed in this PR to keep the scope tight.

## Summary Removes three apt packages from `Dockerfile.claude` and `Dockerfile.codex` that no longer have a runtime caller: - **socat** — was the privileged forwarder for the in-container ssh-agent that PRD 0009 removed. The Dockerfile.claude comment block pointed at `bot_bottle/ssh.py`, which no longer exists. - **openssh-client** — the agent never makes outbound SSH. Git-gate's `insteadOf` rewrites route every declared upstream through HTTP / git-protocol (see `git_gate_render_gitconfig`), and `ssh-keygen` runs host-side from `bot_bottle/contrib/gitea/deploy_key_provisioner.py`. - **dnsutils** — only used by `tests/integration/test_sandbox_escape.py` attack 4b, which runs `dig +short @8.8.8.8` from inside the agent container. Also splits `python3` / `python3-pip` / `python3-venv` onto a separate RUN layer with a comment that they're app-specific and a candidate to move to a downstream image. ## Follow-up The sandbox-escape integration test's attack 4b will now silently pass even if the network isolation regresses, because `dig` is no longer present in the image — the test should be reworked to install `dnsutils` ad hoc (or switch to a Python `socket.create_connection(("8.8.8.8", 53))` probe, since python3 stays in the image). Not addressed in this PR to keep the scope tight.
didericis force-pushed drop-unused-image-deps from 33fcecf91b to 783e68cb74 2026-06-06 12:44:12 -04:00 Compare
didericis force-pushed drop-unused-image-deps from 783e68cb74 to 39a5122f68 2026-06-06 16:19:53 -04:00 Compare
didericis added 1 commit 2026-06-07 09:50:38 -04:00
build: drop unused agent-image apt deps 4eff49c9c5 
Removes socat, openssh-client, and dnsutils from Dockerfile.claude
and Dockerfile.codex.

- socat was the privileged forwarder for the in-container ssh-agent
  that PRD 0009 removed; nothing in bot_bottle references it.
- openssh-client was needed back when the agent talked ssh:// to
  upstreams; git-gate's insteadOf rewrites now route every upstream
  through HTTP/git-protocol, and ssh-keygen runs host-side from the
  deploy-key provisioner.
- dnsutils was only used by tests/integration/test_sandbox_escape.py
  (attack 4b runs dig from inside the agent container).

Splits python3/python3-pip/python3-venv onto a separate layer with
a comment noting they're app-specific and a candidate to move to a
downstream image.
didericis force-pushed drop-unused-image-deps from 39a5122f68 to 4eff49c9c5 2026-06-07 09:50:38 -04:00 Compare
didericis merged commit 4eff49c9c5 into main 2026-06-07 09:51:15 -04:00
didericis deleted branch drop-unused-image-deps 2026-06-07 09:51:15 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#201
Delete Branch "drop-unused-image-deps"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?