Update base image with latest security fixes

This ensures freshly built kolla images include the latest security
fixes for severity Important and above.

This was suggested by Jon Schlueter and based on the code available at
https://github.com/brianwcook/happywebserver/blob/master/Dockerfile#L27

Change-Id: Ib14f326a335d9519fb888f5486950275985a788c
This commit is contained in:
Martin André 2018-02-22 18:34:10 +01:00
parent 6a3c5c58fe
commit 38f18f2d12
2 changed files with 10 additions and 3 deletions

View File

@ -145,7 +145,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
rpm --import {{ key }} \
{% endfor -%}
{%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %} && {% endif -%}
yum clean all
yum -y update --security --sec-severity=Important --sec-severity=Critical \
&& yum clean all
{% endif %}
{# Endif for base_distro centos #}
@ -161,11 +162,12 @@ RUN yum -y install \
&& yum-config-manager --enable rhel-7-server-optional-rpms \
&& yum -y install \
yum-plugin-priorities \
&& yum clean all \
&& yum-config-manager --enable rhel-7-server-extras-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
&& yum -y update --security --sec-severity=Important --sec-severity=Critical \
&& yum clean all
{% endblock %}
{% endif %}
@ -193,6 +195,7 @@ RUN yum -y install \
&& yum-config-manager --enable ol7_optional_latest ol7_addons \
&& yum -y install \
yum-plugin-priorities \
&& yum -y update --security --sec-severity=Important --sec-severity=Critical \
&& yum clean all
{% endblock %}

View File

@ -0,0 +1,4 @@
---
features:
- RPM based container images now include the latest security fixes available
at the time of build.