Skip to content

Upgrade packages at image build time #504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 23 commits into from
Feb 21, 2020
Merged

Upgrade packages at image build time #504

merged 23 commits into from
Feb 21, 2020

Conversation

@matmerr
Copy link
Member

@matmerr matmerr commented Feb 19, 2020

What this PR does / why we need it:

Base image ubuntu:19.10 contains vulns across lubudev1, libss2, libgcrypt20. Add step in Dockerfile to upgrade all packages at image build time.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Upgrade will bump package version from installed to candidate.

https://launchpad.net/ubuntu/+source/libgcrypt20/1.8.4-5ubuntu2.1

apt-cache policy libudev1   
libudev1:
  Installed: 242-7ubuntu3
  Candidate: 242-7ubuntu3.7
  Version table:
     242-7ubuntu3.7 500
        500 http://archive.ubuntu.com/ubuntu eoan-updates/main amd64 Packages
     242-7ubuntu3.6 500
        500 http://security.ubuntu.com/ubuntu eoan-security/main amd64 Packages
 *** 242-7ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu eoan/main amd64 Packages
        100 /var/lib/dpkg/status

https://launchpad.net/ubuntu/+source/e2fsprogs/1.45.3-4ubuntu2.1

apt-cache policy libss2     
libss2:
  Installed: 1.45.3-4ubuntu2
  Candidate: 1.45.3-4ubuntu2.1
  Version table:
     1.45.3-4ubuntu2.1 500
        500 http://archive.ubuntu.com/ubuntu eoan-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu eoan-security/main amd64 Packages
 *** 1.45.3-4ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu eoan/main amd64 Packages
        100 /var/lib/dpkg/status

https://launchpad.net/ubuntu/+source/libgcrypt20/1.8.4-5ubuntu2.1

apt-cache policy libgcrypt20
libgcrypt20:
  Installed: 1.8.4-5ubuntu2
  Candidate: 1.8.4-5ubuntu2.1
  Version table:
     1.8.4-5ubuntu2.1 500
        500 http://archive.ubuntu.com/ubuntu eoan-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu eoan-security/main amd64 Packages
 *** 1.8.4-5ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu eoan/main amd64 Packages

Special notes for your reviewer:

Release note:

@matmerr matmerr requested a review from jaer-tsun February 19, 2020 19:15
@jaer-tsun
Copy link
Contributor

jaer-tsun commented Feb 19, 2020

did you test npm with update? doubt it'll fail but just checking to be certain

@matmerr
Copy link
Member Author

matmerr commented Feb 20, 2020

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Feb 20, 2020

Azure Pipelines successfully started running 1 pipeline(s).

@matmerr
Copy link
Member Author

matmerr commented Feb 20, 2020

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Feb 20, 2020

Azure Pipelines successfully started running 1 pipeline(s).

@tamilmani1989 tamilmani1989 merged commit 3587366 into Azure:master Feb 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tamilmani1989 tamilmani1989 tamilmani1989 approved these changes

@jaer-tsun jaer-tsun Awaiting requested review from jaer-tsun

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matmerr @jaer-tsun @tamilmani1989