You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the dependency list for the package manager, those dependencies may have come in from the previous layer. So some of the packages keep getting listed for each of the layers even though they actually came from a previous layer.
Eg:
FROM vmware/photon:1.0:
vmware/photon:1.0: 52ef9064d2:
info: Loading packages from cache for layer 52ef9064d2:
Package: expat
Version: 2.2.4-1.ph1
Project URL: http://expat.sourceforge.net/
License: MIT
....
RUN tyum install -y git && tyum clean all -> 832ed18cc3:
Using invoke listing in command_lib/snippets.yml:
warning:
Unrecognized Commands:tyum clean all
version:
in container:
list=`tdnf list installed {package}`
c=0; for l in $list; do if [ $c == 1 ]; then echo $l; fi; c=$(((c+1)%3)); done;
license:
in container:
tdnf info {package} | head -10 | tail -1 | cut -f2 -d":" | xargs
src_url:
in container:
tdnf info {package} | head -9 | tail -1 | cut -f2-3 -d":" | xargs
deps:
in container:
list=`rpm -qR {package} | cut -f1 -d" "`
for l in $list; do rpm -qa --queryformat "%{NAME}\n" $l; done;
:
------------------------------------------------
Package: expat
Version: 2.2.4-1.ph1
Project URL: http://expat.sourceforge.net/
License: MIT
expat is a dependency for git but it has already been satisfied in the previous layer so it wasn't installed with this command.
To get around this, keep track of all the known package names while looking through the layers using a master list.
The text was updated successfully, but these errors were encountered:
Tern does not know about the context in which the rootfs it is
working with exists, and so cannot tell if it's list of packages
was seen before. As a result some packages are repeated in subsequent
layers in the report because they are dependencies but they already
exist in the previous layers. Added a master list to track packages
seen in previous layers.
- Added update_master_list function to common.py to update the
master list of package names and to remove the extra packages from
the layer object
- Implemented master list in the analyze_docker_image function in
report.py
Resolvestern-tools#66
Signed-off-by: Nisha K <nishak@vmware.com>
When using the dependency list for the package manager, those dependencies may have come in from the previous layer. So some of the packages keep getting listed for each of the layers even though they actually came from a previous layer.
Eg:
expat is a dependency for git but it has already been satisfied in the previous layer so it wasn't installed with this command.
To get around this, keep track of all the known package names while looking through the layers using a master list.
The text was updated successfully, but these errors were encountered: