Alpine

[Sakujakira]

Summary

This PR migrates the project from Debian to Alpine Linux with significant improvements in security, size, and maintainability.

Key Improvements

Image Optimization:

• ✅ 3.6× smaller image size (77 MB vs 279 MB)
• ✅ 3.6× fewer packages (62 vs 224)
• ✅ 68% fewer total CVEs (55 vs 173)
• ✅ 71% fewer critical CVEs (2 vs 7)

Security Enhancements:

• ✅ Apache worker processes run as non-root (PUID/PGID)
• ✅ Apache-native privilege dropping via User/Group directives
• ✅ Proper file ownership timing (after all git operations)
• ✅ Minimal attack surface (git, jq, su-exec only)
• ✅ .dockerignore prevents sensitive files in build context

Bug Fixes:

• ✅ Fixed Apache config syntax error (printf with proper newlines)
• ✅ Fixed file ownership issues after git clone
• ✅ Improved git operations (git reset --hard + pull)
• ✅ Idempotent user/group creation for container restarts
• ✅ Idempotent git submodule handling

Infrastructure:

• ✅ Multi-arch support (linux/amd64, linux/arm64) with QEMU/buildx
• ✅ Updated to 5etools-mirror-3 repositories
• ✅ Updated image references to ghcr.io/sakujakira

Documentation:

• ✅ Added CLAUDE.md with comprehensive implementation details
• ✅ Added README comparison section with Docker Scout CVE data
• ✅ Added security section documenting privilege separation
• ✅ Added AI-assisted development disclaimer
• ✅ Updated PUID/PGID documentation

Testing

All changes have been verified with:

• ✅ Local Docker builds successful
• ✅ Apache config syntax validated (httpd -t)
• ✅ Container runs and passes healthcheck
• ✅ File ownership verified for custom PUID/PGID
• ✅ HTTP service responds correctly (200 OK)
• ✅ Apache processes verified (master as root, workers as non-root)

Breaking Changes

None. The container interface remains the same with backward-compatible environment variables.

Migration Notes

Users can simply pull the new image - no configuration changes required. Existing volumes will be updated on first run.

---

🤖 Generated with assistance from Claude Code