Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 4 additions & 12 deletions docker/server/Dockerfile.ubuntu
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@ ARG DEBIAN_FRONTEND=noninteractive
# ARG for quick switch to a given ubuntu mirror
ARG apt_archive="http://archive.ubuntu.com"

# We shouldn't use `apt upgrade` to not change the upstream image. It's updated biweekly
# Exception: targeted --only-upgrade for selected packages to address CVEs without a general upgrade.
# Upgrade already installed Ubuntu packages to apply available security fixes
# without installing recommended packages.

# user/group precreated explicitly with fixed uid/gid on purpose.
# It is especially important for rootless containers: in that case entrypoint
# can't do chown and owners of mounted volumes should be configured externally.
# We do that in advance at the begining of Dockerfile before any packages will be
# We do that in advance at the beginning of Dockerfile before any packages will be
# installed to prevent picking those uid / gid by some unrelated software.
# The same uid / gid (101) is used both for alpine and ubuntu.
RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list \
Expand All @@ -26,15 +26,7 @@ RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list
locales \
tzdata \
wget \
&& apt-get install --yes --no-install-recommends --only-upgrade \
libgnutls30 \
libssl3 \
openssl \
libsystemd0 \
libudev1 \
libgcrypt20 \
sed \
liblzma5 \
&& apt-get upgrade --yes --no-install-recommends \
&& busybox --install -s \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/*
Expand Down
Loading