Skip to content

Commit

Permalink
Merge #35517
Browse files Browse the repository at this point in the history 
35517: build: Upgrade base image for deployment dockerfile r=mberhault a=bdarnell

Debian 8.x has unpatched security vulnerabilities in the glibc
package (even though it's supposed to be in its LTS period?), so
upgrade to the current 9.x.

https://security-tracker.debian.org/tracker/source-package/glibc

Release note (build change): Release Docker images are now built on
Debian 9.8.

Co-authored-by: Ben Darnell <[email protected]>
  • Loading branch information
@bdarnell
craig[bot] and bdarnell committed Mar 8, 2019
2 parents 38bb1e7 + 73be9e6 commit 17a9c2a
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions build/deploy/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
FROM debian:8.11
FROM debian:9.8-slim

# Install root CAs so we can make SSL connections to phone home and
# do backups to GCE/AWS/Azure.
# For deployment, we need
# libc6 - dynamically linked by cockroach binary
# ca-certificates - to authenticate TLS connections for telemetry and
# bulk-io with S3/GCS/Azure
# tzdata - for time zone functions
RUN apt-get update && \
apt-get -y upgrade && \
apt-get install -y ca-certificates && \
apt-get install -y libc6 ca-certificates tzdata && \
rm -rf /var/lib/apt/lists/*

RUN mkdir -p /cockroach
Expand Down

0 comments on commit 17a9c2a

Please sign in to comment.