ROCm/composable_kernel
1
0
Fork 0
mirror of https://github.com/ROCm/composable_kernel.git synced 2026-06-28 18:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
develop
composable_kernel/Dockerfile
Illia Silin bd3713c710 [rocm-libraries] ROCm/rocm-libraries#8716 (commit 8230b20) 
[CK] [Security] remove allow-unauthenticated flag from
 dockerfile (#8716)

## Motivation

Dockerfile uses apt-get install --allow-unauthenticated which disables
APT GPG signature verification, allowing package installation without
cryptographic validation. An attacker who can perform a
man-in-the-middle attack on the build network (via corporate proxy, CI
egress, or compromised mirror) can serve trojaned .deb packages such as
libc6, cmake, or git that become embedded in published ROCm container
images distributed to users.

## Technical Details

<!-- Explain the changes along with any relevant GitHub links. -->

## Test Plan

<!-- Explain any relevant testing done to verify this PR. -->

## Test Result

<!-- Briefly summarize test outcomes. -->

## Submission Checklist

- [ ] Look over the contributing guidelines at
https://github.com/ROCm/ROCm/blob/develop/CONTRIBUTING.md#pull-requests.
2026-06-23 18:12:18 +00:00

4.5 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink