Update base image with latest security fixes
This ensures freshly built kolla images include the latest security fixes for severity Important and above. This was suggested by Jon Schlueter and based on the code available at https://github.com/brianwcook/happywebserver/blob/master/Dockerfile#L27 Change-Id: Ib14f326a335d9519fb888f5486950275985a788c
This commit is contained in:
parent
6a3c5c58fe
commit
38f18f2d12
@ -145,7 +145,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
||||
rpm --import {{ key }} \
|
||||
{% endfor -%}
|
||||
{%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %} && {% endif -%}
|
||||
yum clean all
|
||||
yum -y update --security --sec-severity=Important --sec-severity=Critical \
|
||||
&& yum clean all
|
||||
|
||||
{% endif %}
|
||||
{# Endif for base_distro centos #}
|
||||
@ -161,11 +162,12 @@ RUN yum -y install \
|
||||
&& yum-config-manager --enable rhel-7-server-optional-rpms \
|
||||
&& yum -y install \
|
||||
yum-plugin-priorities \
|
||||
&& yum clean all \
|
||||
&& yum-config-manager --enable rhel-7-server-extras-rpms \
|
||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
|
||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
|
||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms
|
||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
|
||||
&& yum -y update --security --sec-severity=Important --sec-severity=Critical \
|
||||
&& yum clean all
|
||||
{% endblock %}
|
||||
|
||||
{% endif %}
|
||||
@ -193,6 +195,7 @@ RUN yum -y install \
|
||||
&& yum-config-manager --enable ol7_optional_latest ol7_addons \
|
||||
&& yum -y install \
|
||||
yum-plugin-priorities \
|
||||
&& yum -y update --security --sec-severity=Important --sec-severity=Critical \
|
||||
&& yum clean all
|
||||
{% endblock %}
|
||||
|
||||
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
features:
|
||||
- RPM based container images now include the latest security fixes available
|
||||
at the time of build.
|
Loading…
Reference in New Issue
Block a user