From c3d5b78276fce45e1df86d572ff7cd480837f100 Mon Sep 17 00:00:00 2001 From: Gert van den Berg Date: Wed, 1 Feb 2023 08:37:07 +0200 Subject: [PATCH] build: Update packages in release image This will get updates released after the base image was built. This adds a layer and increase the image size, but significantly reduce the number of CVEs in the resultant image. Signed-off-by: Gert van den Berg --- deploy/cephcsi/image/Dockerfile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/deploy/cephcsi/image/Dockerfile b/deploy/cephcsi/image/Dockerfile index 48043828d..6023c904c 100644 --- a/deploy/cephcsi/image/Dockerfile +++ b/deploy/cephcsi/image/Dockerfile @@ -2,7 +2,13 @@ ARG SRC_DIR="/go/src/github.com/ceph/ceph-csi/" ARG GO_ARCH ARG BASE_IMAGE -FROM ${BASE_IMAGE} as builder +FROM ${BASE_IMAGE} as updated_base + +RUN dnf -y update \ + && dnf clean all \ + && rm -rf /var/cache/yum + +FROM updated_base as builder LABEL stage="build" @@ -28,8 +34,7 @@ RUN ${GOROOT}/bin/go version && ${GOROOT}/bin/go env RUN dnf config-manager --disable \ tcmu-runner,tcmu-runner-source,tcmu-runner-noarch || true -RUN dnf -y update \ - && dnf -y install --nodocs \ +RUN dnf -y install --nodocs \ librados-devel librbd-devel \ /usr/bin/cc \ make \ @@ -56,7 +61,7 @@ COPY . ${SRC_DIR} RUN make cephcsi #-- Final container -FROM ${BASE_IMAGE} +FROM updated_base ARG SRC_DIR