svrnty/docker-flutter-sdk
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 21 Wiki Activity
00fd040d67
docker-flutter-sdk/Dockerfile.android
Mathias Beaulieu-Duncan 553fee0a25 Upgrade commons-lang3 to fix CVE-2025-48924 
Replace vulnerable commons-lang3 3.16.0 with fixed version 3.18.0
to resolve CVE-2025-48924 (CVSS 6.5 Medium).

Image now has 0 vulnerabilities across all severity levels.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 02:45:13 -05:00

70 lines
2.8 KiB
Docker
Raw Blame History

FROM svrnty/base-distro:flutter-sdk-android-latest
ARG FLUTTER_VERSION=3.38.9
ARG ANDROID_SDK_TOOLS_VERSION=14742923
ARG ANDROID_COMPILE_SDK=36
ARG ANDROID_BUILD_TOOLS=36.1.0
LABEL org.opencontainers.image.title="flutter-sdk-android"
LABEL org.opencontainers.image.description="Flutter SDK for Android CI builds"
LABEL org.opencontainers.image.version="${FLUTTER_VERSION}"
USER 0
# Set up Android SDK environment
ENV ANDROID_HOME=/opt/android-sdk
ENV PATH="${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/platform-tools:${PATH}"
# Download Android SDK command-line tools, install SDK components, and remove vulnerable lint-psi
RUN mkdir -p "${ANDROID_HOME}/cmdline-tools" && \
curl -fsSL "https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_SDK_TOOLS_VERSION}_latest.zip" \
-o /tmp/cmdline-tools.zip && \
unzip -q /tmp/cmdline-tools.zip -d /tmp/cmdline-tools && \
mv /tmp/cmdline-tools/cmdline-tools "${ANDROID_HOME}/cmdline-tools/latest" && \
rm -rf /tmp/cmdline-tools.zip /tmp/cmdline-tools && \
yes | sdkmanager --licenses > /dev/null 2>&1 && \
sdkmanager --install \
"platform-tools" \
"platforms;android-${ANDROID_COMPILE_SDK}" \
"build-tools;${ANDROID_BUILD_TOOLS}" && \
# Remove lint-psi to eliminate protobuf-java 2.6.1 CVEs (saves 86MB)
rm -rf "${ANDROID_HOME}/cmdline-tools/latest/lib/external/lint-psi" && \
# Upgrade commons-lang3 from 3.16.0 to 3.18.0 to fix CVE-2025-48924
rm -f "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.16.0/commons-lang3-3.16.0.jar" && \
mkdir -p "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.18.0" && \
curl -fsSL "https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar" \
-o "${ANDROID_HOME}/cmdline-tools/latest/lib/external/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar"
# Clone Flutter SDK from git (supports both amd64 and arm64)
RUN git clone --depth 1 --branch ${FLUTTER_VERSION} https://github.com/flutter/flutter.git /opt/flutter && \
git config --global --add safe.directory /opt/flutter && \
rm -rf /opt/flutter/dev /opt/flutter/examples
# Fix ownership before switching to flutter user
RUN chown -R 65532:65532 /opt/flutter "${ANDROID_HOME}"
USER 65532
# Configure Flutter for Android-only
RUN flutter config --enable-android \
--no-enable-web \
--no-enable-ios \
--no-enable-linux-desktop \
--no-enable-macos-desktop \
--no-enable-windows-desktop \
--android-sdk "${ANDROID_HOME}"
# Precache only Android artifacts
RUN flutter precache --android \
--no-web \
--no-ios \
--no-linux \
--no-macos \
--no-windows \
--no-fuchsia \
--no-universal
RUN flutter doctor -v
WORKDIR /app
Reference in New Issue View Git Blame Copy Permalink