Update base image with latest security fixes
This ensures freshly built kolla images include the latest security
fixes for severity Important and above.
This was suggested by Jon Schlueter and based on the code available at
https://github.com/brianwcook/happywebserver/blob/master/Dockerfile#L27
Change-Id: Ib14f326a335d9519fb888f5486950275985a788c
(cherry picked from commit 38f18f2d12
)
This commit is contained in:
parent
52c58b6596
commit
29484bfaa9
@ -166,7 +166,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
|||||||
rpm --import {{ key }} \
|
rpm --import {{ key }} \
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
{%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %} && {% endif -%}
|
{%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %} && {% endif -%}
|
||||||
yum clean all
|
yum -y update --security --sec-severity=Important --sec-severity=Critical \
|
||||||
|
&& yum clean all
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{# Endif for base_distro centos #}
|
{# Endif for base_distro centos #}
|
||||||
@ -182,11 +183,12 @@ RUN yum -y install \
|
|||||||
&& yum-config-manager --enable rhel-7-server-optional-rpms \
|
&& yum-config-manager --enable rhel-7-server-optional-rpms \
|
||||||
&& yum -y install \
|
&& yum -y install \
|
||||||
yum-plugin-priorities \
|
yum-plugin-priorities \
|
||||||
&& yum clean all \
|
|
||||||
&& yum-config-manager --enable rhel-7-server-extras-rpms \
|
&& yum-config-manager --enable rhel-7-server-extras-rpms \
|
||||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
|
&& yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
|
||||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
|
&& yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
|
||||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms
|
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
|
||||||
|
&& yum -y update --security --sec-severity=Important --sec-severity=Critical \
|
||||||
|
&& yum clean all
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -216,6 +218,7 @@ RUN yum -y install \
|
|||||||
&& yum-config-manager --enable ol7_optional_latest ol7_addons \
|
&& yum-config-manager --enable ol7_optional_latest ol7_addons \
|
||||||
&& yum -y install \
|
&& yum -y install \
|
||||||
yum-plugin-priorities \
|
yum-plugin-priorities \
|
||||||
|
&& yum -y update --security --sec-severity=Important --sec-severity=Critical \
|
||||||
&& yum clean all
|
&& yum clean all
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- RPM based container images now include the latest security fixes available
|
||||||
|
at the time of build.
|
Loading…
Reference in New Issue
Block a user