Force update of dnsmasq

We need to upgrade the dnsmasq version to fix the vulnerability described in https://access.redhat.com/security/vulnerabilities/RHSB-2021-001
openshift · Jan 20, 2021 · 72a1090 · 72a1090
1 parent fb16227
commit 72a1090
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Dockerfile.ocp b/Dockerfile.ocp
@@ -6,7 +6,7 @@ WORKDIR /tmp
 ## that gets installed by grub2-efi-x64 (/boot/efi/EFI/centos/grubx64.efi)
 ## looks for grub.cnf in /EFI/centos, ironic puts it in /boot/grub
 RUN if [ $(uname -m) = "x86_64" ]; then \
-      yum install -y gcc git make genisoimage xz-devel grub2 grub2-efi-x64-modules shim dosfstools mtools && \
+      yum install -y --nobest gcc git make genisoimage xz-devel grub2 grub2-efi-x64-modules shim dosfstools mtools && \
       dd bs=1024 count=3200 if=/dev/zero of=esp.img && \
       mkfs.msdos -F 12 -n 'ESP_IMAGE' ./esp.img && \
       mmd -i esp.img EFI && \
@@ -23,7 +23,7 @@ FROM ubi8
 
 RUN dnf update -y && \
     dnf install -y python3-gunicorn openstack-ironic-api openstack-ironic-conductor crudini \
-        iproute dnsmasq httpd qemu-img parted gdisk ipxe-bootimgs psmisc procps-ng \
+        iproute "dnsmasq >= 2.79-11.el8_2.2" httpd qemu-img parted gdisk ipxe-bootimgs psmisc procps-ng \
         mariadb-server ipxe-roms-qemu genisoimage python3-ironic-prometheus-exporter \
         python3-jinja2 python3-sushy-oem-idrac && \
     dnf clean all && \