diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 4d6006c20b..c48705dbc1 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -145,7 +145,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 rpm --import {{ key }} \ {% endfor -%} {%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %} && {% endif -%} - yum clean all + yum -y update --security --sec-severity=Important --sec-severity=Critical \ + && yum clean all {% endif %} {# Endif for base_distro centos #} @@ -161,11 +162,12 @@ RUN yum -y install \ && yum-config-manager --enable rhel-7-server-optional-rpms \ && yum -y install \ yum-plugin-priorities \ - && yum clean all \ && yum-config-manager --enable rhel-7-server-extras-rpms \ && yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \ && yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \ - && yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms + && yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \ + && yum -y update --security --sec-severity=Important --sec-severity=Critical \ + && yum clean all {% endblock %} {% endif %} @@ -193,6 +195,7 @@ RUN yum -y install \ && yum-config-manager --enable ol7_optional_latest ol7_addons \ && yum -y install \ yum-plugin-priorities \ + && yum -y update --security --sec-severity=Important --sec-severity=Critical \ && yum clean all {% endblock %} diff --git a/releasenotes/notes/update_rpm_security_fixes-f99a3fa509cb5b3b.yaml b/releasenotes/notes/update_rpm_security_fixes-f99a3fa509cb5b3b.yaml new file mode 100644 index 0000000000..8c1cb65990 --- /dev/null +++ b/releasenotes/notes/update_rpm_security_fixes-f99a3fa509cb5b3b.yaml @@ -0,0 +1,4 @@ +--- +features: + - RPM based container images now include the latest security fixes available + at the time of build.