Merge "Update base image with latest security fixes"

2018-04-18 07:15:12 +00:00 · 2018-04-18 07:15:12 +00:00 · dba0aee4d9
commit dba0aee4d9
parent 0f9953fac0 38f18f2d12
2 changed files with 10 additions and 3 deletions
--- a/docker/base/Dockerfile.j2
+++ b/docker/base/Dockerfile.j2
@ -145,7 +145,8 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
    rpm --import {{ key }} \
 {% endfor -%}
 {%- if base_centos_yum_repo_keys|customizable('centos_yum_repo_keys')|length == 0 %}RUN {% else %}    && {% endif -%}
-    yum clean all
+    yum -y update --security --sec-severity=Important --sec-severity=Critical \
    && yum clean all
    {% endif %}
    {# Endif for base_distro centos #}
@ -161,11 +162,12 @@ RUN yum -y install \
    && yum-config-manager --enable rhel-7-server-optional-rpms \
    && yum -y install \
           yum-plugin-priorities \
    && yum clean all \
    && yum-config-manager --enable rhel-7-server-extras-rpms \
    && yum-config-manager --enable rhel-7-server-rhceph-2-osd-rpms \
    && yum-config-manager --enable rhel-7-server-rhceph-2-mon-rpms \
-    && yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms
+    && yum-config-manager --enable rhel-7-server-rhceph-2-tools-rpms \
    && yum -y update --security --sec-severity=Important --sec-severity=Critical \
    && yum clean all
 {% endblock %}
    {% endif %}
@ -193,6 +195,7 @@ RUN yum -y install \
    && yum-config-manager --enable ol7_optional_latest ol7_addons \
    && yum -y install \
           yum-plugin-priorities \
    && yum -y update --security --sec-severity=Important --sec-severity=Critical \
    && yum clean all
 {% endblock %}
--- a/releasenotes/notes/update_rpm_security_fixes-f99a3fa509cb5b3b.yaml
+++ b/releasenotes/notes/update_rpm_security_fixes-f99a3fa509cb5b3b.yaml
@ -0,0 +1,4 @@
 ---
 features:
  - RPM based container images now include the latest security fixes available
    at the time of build.