refactor to pull out rpm_security_update macro
- pulled out the repeated code from 3 paths in base and moved it into docker/macros - created macros.rpm_security_update - made sure the new macro could be customized for cleanup caches - update macro to use distro_package_manager Change-Id: Ic79ff42d913e1cbb68be66743e4f79f0bcff47f5
This commit is contained in:
parent
bebfa70ad1
commit
cd307fb1ab
|
@ -156,11 +156,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
|||
rpm --import {{ key }} \
|
||||
{% endfor -%}
|
||||
{%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %} && {% endif -%}
|
||||
yum -y update --security --sec-severity=Important --sec-severity=Critical{% if clean_package_cache %} \
|
||||
&& yum clean all \
|
||||
&& rm -rf /var/cache/yum{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{{ macros.rpm_security_update(clean_package_cache) }}
|
||||
{%- endif %}
|
||||
{# Endif for base_distro centos #}
|
||||
|
||||
{% if base_distro == 'rhel' %}
|
||||
|
@ -180,9 +177,7 @@ RUN yum-config-manager --enable rhel-7-server-optional-rpms \
|
|||
&& yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
|
||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
|
||||
&& yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
|
||||
&& yum -y update --security --sec-severity=Important --sec-severity=Critical{% if clean_package_cache %} \
|
||||
&& yum clean all \
|
||||
&& rm -rf /var/cache/yum{% endif %}
|
||||
&& {{ macros.rpm_security_update(clean_package_cache) }}
|
||||
{% endblock %}
|
||||
|
||||
{% endif %}
|
||||
|
@ -210,9 +205,7 @@ RUN yum -y install \
|
|||
&& yum-config-manager --enable ol7_optional_latest ol7_addons \
|
||||
&& yum -y install \
|
||||
yum-plugin-priorities \
|
||||
&& yum -y update --security --sec-severity=Important --sec-severity=Critical{% if clean_package_cache %} \
|
||||
&& yum clean all \
|
||||
&& rm -rf /var/cache/yum{% endif %}
|
||||
&& {{ macros.rpm_security_update(clean_package_cache) }}
|
||||
{% endblock %}
|
||||
|
||||
{% endif %}
|
||||
|
|
|
@ -15,6 +15,14 @@
|
|||
{%- endif %}
|
||||
{%- endmacro %}
|
||||
|
||||
{# Be Extra vigilant about introducing any extra whitespace at the
|
||||
end of the macro for chaining purposes -#}
|
||||
{% macro rpm_security_update(cleanup) -%}
|
||||
{{ distro_package_manager }} -y update --security --sec-severity=Important --sec-severity=Critical
|
||||
{%- if cleanup %} \
|
||||
&& {{ distro_package_manager }} clean all && rm -rf /var/cache/{{ distro_package_manager }}{% endif -%}
|
||||
{%- endmacro %}
|
||||
|
||||
{% macro sed(file='', expressions=[]) -%}
|
||||
{% if file != '' and expressions|length >0 %}
|
||||
RUN {% for expression in expressions %} sed -i "{{ file }}" -e "{{ expression }}" {% if not loop.last %} && {% endif %} {% endfor %}
|
||||
|
|
Loading…
Reference in New Issue