Skip to content

Update Dockerfile base image to Ubuntu 22 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
andreia-oca wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update Dockerfile base image to Ubuntu 22 #7

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
039a324
Update Dockerfile base image to Ubuntu:22.04
andreia-oca Feb 26, 2026
e6a4b3b
Fix warnings in Dockerfile
andreia-oca Feb 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 27 additions & 49 deletions dockerfile/dropbox.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,77 +1,55 @@

# Based on Debian
FROM debian:buster
# Based on Ubuntu
FROM ubuntu:22.04
Comment on lines +2 to +3
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title and description mention updating to "Debian Bookworm", but the code changes the base image from debian:buster to ubuntu:22.04 instead. Ubuntu is not Debian Bookworm (which would be debian:bookworm). This is a significant discrepancy between the PR description and the actual changes. Please update either the PR description to accurately reflect that this is changing to Ubuntu 22.04, or change the base image to debian:bookworm if that was the original intent.

Copilot uses AI. Check for mistakes.

# Maintainer
LABEL maintainer "Alexander Graf <alex@otherguy.io>"
LABEL maintainer="Alexander Graf <alex@otherguy.io>"

# Build arguments
ARG VCS_REF=master
ARG VCS_REF=main
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The VCS_REF default value has been changed from "master" to "main", which is unrelated to updating the base image. While this may be a positive change to align with modern Git conventions, it's not mentioned in the PR description and could cause issues if the repository's default branch is still named "master". Verify that this change is intentional and that the repository's default branch is actually "main".

Suggested change
ARG VCS_REF=main
ARG VCS_REF=master

Copilot uses AI. Check for mistakes.
ARG VERSION=""
ARG BUILD_DATE=""

# http://label-schema.org/rc1/
LABEL org.label-schema.schema-version "1.0"
LABEL org.label-schema.name "Dropbox"
LABEL org.label-schema.build-date "${BUILD_DATE}"
LABEL org.label-schema.description "Standalone Dropbox client"
LABEL org.label-schema.vcs-url "https://github.com/otherguy/docker-dropbox"
LABEL org.label-schema.vcs-ref "${VCS_REF}"
LABEL org.label-schema.schema-version="1.0"
LABEL org.label-schema.name="Dropbox"
LABEL org.label-schema.version="${VERSION}"
LABEL org.label-schema.build-date="${BUILD_DATE}"
LABEL org.label-schema.description="Standalone Dropbox client"
LABEL org.label-schema.vcs-url="https://github.com/otherguy/docker-dropbox"
LABEL org.label-schema.vcs-ref="${VCS_REF}"

# Required to prevent warnings
ARG DEBIAN_FRONTEND=noninteractive
ARG DEBCONF_NONINTERACTIVE_SEEN=true

# Install prerequisites
RUN apt-get update \
&& apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl gnupg2 \
software-properties-common gosu locales locales-all \
libc6 libglapi-mesa libxdamage1 libxfixes3 libxcb-glx0 \
libxcb-dri2-0 libxcb-dri3-0 libxcb-present0 libxcb-sync1 \
libxshmfence1 libxxf86vm1 tzdata
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
wget \
libc6 \
libstdc++6 \
gosu \
tzdata \
python3 \
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous installation included several X11-related libraries (libglapi-mesa, libxdamage1, libxfixes3, libxcb-glx0, libxcb-dri2-0, libxcb-dri3-0, libxcb-present0, libxcb-sync1, libxshmfence1, libxxf86vm1) that are no longer being installed. These libraries may be required by the Dropbox client for GUI functionality. Removing them could cause runtime failures if Dropbox attempts to display notifications or use GUI features. Verify that the Dropbox daemon can function properly without these libraries in a headless environment.

Suggested change
python3 \
python3 \
libglapi-mesa \
libxdamage1 \
libxfixes3 \
libxcb-glx0 \
libxcb-dri2-0 \
libxcb-dri3-0 \
libxcb-present0 \
libxcb-sync1 \
libxshmfence1 \
libxxf86vm1 \

Copilot uses AI. Check for mistakes.
&& rm -rf /var/lib/apt/lists/*
Comment on lines +26 to +34
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Several important packages have been removed from the installation without clear justification: curl (replaced with wget), gnupg2 (for GPG verification), apt-transport-https (for secure apt operations), software-properties-common (for repository management), and python3-gpg. While wget can replace curl for basic downloads, the removal of gnupg2 and python3-gpg eliminates the ability to verify package signatures. If signature verification or secure repository access is needed later, these packages would need to be added back. Consider documenting why these packages are no longer needed or adding them back if they may be required.

Copilot uses AI. Check for mistakes.

# Create user and group
RUN mkdir -p /opt/dropbox /opt/dropbox/.dropbox /opt/dropbox/Dropbox \
RUN mkdir -p /opt/dropbox \
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The directory creation has been simplified to only create /opt/dropbox, removing the creation of /opt/dropbox/.dropbox and /opt/dropbox/Dropbox subdirectories. However, these directories are declared as VOLUME mount points on line 55. If these directories don't exist when Docker tries to create the volumes, Docker will create them with root ownership, which could cause permission issues since the dropbox user needs access to them. Consider adding back the creation of these subdirectories or verifying that volume mounting handles this correctly.

Suggested change
RUN mkdir -p /opt/dropbox \
RUN mkdir -p /opt/dropbox /opt/dropbox/.dropbox /opt/dropbox/Dropbox \

Copilot uses AI. Check for mistakes.
&& useradd --home-dir /opt/dropbox --comment "Dropbox Daemon Account" --user-group --shell /usr/sbin/nologin dropbox \
&& chown -R dropbox:dropbox /opt/dropbox

# Set language
ENV LANG "en_US.UTF-8"
ENV LANGUAGE "en_US.UTF-8"
ENV LC_ALL "en_US.UTF-8"

# Generate locales
RUN sed --in-place '/en_US.UTF-8/s/^# //' /etc/locale.gen \
&& locale-gen
ENV LANG="C.UTF-8"
ENV LC_ALL="C.UTF-8"
Comment on lines +42 to +43
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The locale configuration has been simplified to use "C.UTF-8" instead of "en_US.UTF-8", and the locale generation steps have been removed. While C.UTF-8 is a minimal locale that should work for basic functionality, this change could affect date/time formatting, number formatting, and other locale-dependent behavior. If Dropbox or any scripts rely on specific locale formatting, this could cause issues. Additionally, the removal of locales and locales-all packages means no other locales can be generated if needed later.

Copilot uses AI. Check for mistakes.

# Change working directory
WORKDIR /opt/dropbox/Dropbox
WORKDIR /opt/dropbox
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The working directory has been changed from /opt/dropbox/Dropbox to /opt/dropbox. This changes where the container starts up and could affect any scripts or entrypoints that rely on the working directory. If there are scripts that assume they're running from the Dropbox sync folder (/opt/dropbox/Dropbox), they may fail or behave unexpectedly. Verify that this change doesn't break any existing workflows or entrypoint scripts.

Copilot uses AI. Check for mistakes.

# Not really required for --net=host
EXPOSE 17500

# https://help.dropbox.com/installs-integrations/desktop/linux-repository
RUN apt-key adv --keyserver pgp.mit.edu --recv-keys 1C61A2656FB57B7E4DE0F4C1FC918B335044912E \
&& add-apt-repository 'deb http://linux.dropbox.com/debian buster main' \
&& apt-get update \
&& apt-get -qqy install python3-gpg dropbox \
&& apt-get -qqy autoclean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Dropbox insists on downloading its binaries itself via 'dropbox start -i'
RUN echo "y" | gosu dropbox dropbox start -i

# Dropbox has the nasty tendency to update itself without asking. In the processs it fills the
# file system over time with rather large files written to /opt/dropbox/ and /tmp.
#
# https://bbs.archlinux.org/viewtopic.php?id=191001
RUN mkdir -p /opt/dropbox/bin/ \
&& mv /opt/dropbox/.dropbox-dist/* /opt/dropbox/bin/ \
&& rm -rf /opt/dropbox/.dropbox-dist \
&& install -dm0 /opt/dropbox/.dropbox-dist \
&& chmod u-w /opt/dropbox/.dropbox-dist \
&& chown -R dropbox:dropbox /opt/dropbox \
&& chmod o-w /tmp \
&& chmod g-w /tmp
# Download and extract Dropbox daemon
RUN wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64" | tar xzf -
Comment on lines +51 to +52
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous Dockerfile included protections against Dropbox's automatic self-updates by creating an immutable .dropbox-dist directory. These protections have been completely removed, which means Dropbox will now be able to update itself automatically. This can lead to: (1) Unpredictable behavior as the running version drifts from the built version, (2) Accumulation of large update files in /opt/dropbox/ and /tmp over time, potentially filling up the filesystem, (3) Non-reproducible builds as different container instances may run different Dropbox versions. Consider re-implementing the update prevention mechanism to ensure consistent behavior.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Downloading and extracting the Dropbox daemon with wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64" | tar xzf - introduces a supply-chain risk because unsigned remote code is fetched and unpacked as root during the image build. If an attacker compromises the download endpoint or can perform a TLS man-in-the-middle attack, they can replace the archive and gain arbitrary code execution inside containers built from this image. Prefer installing Dropbox via a channel that enforces signature verification, or verify the downloaded archive against a pinned checksum or signature before extracting it.

Copilot uses AI. Check for mistakes.

# Create volumes
VOLUME ["/opt/dropbox/.dropbox", "/opt/dropbox/Dropbox"]
Expand Down
Loading