Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities in amd64_anax_k8s image #4175

Closed
wants to merge 1 commit into from
Closed

Fix vulnerabilities in amd64_anax_k8s image #4175

wants to merge 1 commit into from

Conversation

K-Pomian
Copy link
Contributor

@K-Pomian K-Pomian commented Dec 4, 2024

Description

The PR includes fixed for vulnerabilities listed in the below issue.

Fixes #4174

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Could not test it, because I need an image with the changes to be built by GH Actions pipeline in order to be able to run Aquasec scan on it.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings
  • I have tagged the reviewers in a comment below incase my pull request is ready for a review
  • I have signed the commit message to agree to Developer Certificate of Origin (DCO) (to certify that you wrote or otherwise have the right to submit your contribution to the project.) by adding "--signoff" to my git commit command.

@K-Pomian K-Pomian self-assigned this Dec 4, 2024
@LiilyZhang LiilyZhang force-pushed the fix-vulnerabilities-amd64-anax-k8s branch from 6fcda60 to 4554f91 Compare December 4, 2024 14:21
@LiilyZhang
Copy link
Contributor

Changes looks good, please change the commit message to this format:
Issue open-horizon#4174 - Fix vulnerabilities in amd64_anax_k8s:2.31.0-1591 found by Aquasec

omordyk
omordyk reviewed Dec 5, 2024
View reviewed changes
anax-in-k8s/Dockerfile.ubi.amd64
@@ -11,6 +11,7 @@ LABEL description="The agent in a container that is used solely for the purpose
ARG REQUIRED_RPMS="openssl ca-certificates shadow-utils jq iptables vim-minimal psmisc procps-ng tar"
RUN microdnf update -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager \
&& microdnf install -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager ${REQUIRED_RPMS} \
&& microdnf upgrade -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager krb5-libs \
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess you should call upgrade before install.This ensures that your system’s dependencies are up-to-date, which can prevent issues with installing new packages.

Copy link
Contributor Author

@K-Pomian K-Pomian Dec 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it does not matter, upgrade will bump everything it finds that can be upgraded, the final outcome should be the same

@omordyk omordyk mentioned this pull request Dec 5, 2024
Open
12 tasks
@K-Pomian K-Pomian force-pushed the fix-vulnerabilities-amd64-anax-k8s branch from 4554f91 to 392c2b8 Compare December 9, 2024 07:21
@K-Pomian
Copy link
Contributor Author

K-Pomian commented Dec 9, 2024

Closing, reason in #4172

@K-Pomian K-Pomian closed this Dec 9, 2024
@K-Pomian K-Pomian deleted the fix-vulnerabilities-amd64-anax-k8s branch December 9, 2024 12:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omordyk omordyk omordyk left review comments

@bencourliss bencourliss Awaiting requested review from bencourliss

@LiilyZhang LiilyZhang Awaiting requested review from LiilyZhang

Assignees

@K-Pomian K-Pomian

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix vulnerabilities in amd64_anax_k8s:2.31.0-1591 found by Aquasec
3 participants
@K-Pomian @LiilyZhang @omordyk