Skip to content

Commit

Permalink
build: Upgrade base image for deployment dockerfile
Browse files Browse the repository at this point in the history 
Debian 8.x has unpatched security vulnerabilities in the glibc
package (even though it's supposed to be in its LTS period?), so
upgrade to the current 9.x.

https://security-tracker.debian.org/tracker/source-package/glibc

Release note (build change): Release Docker images are now built on
Debian 9.8.
  • Loading branch information
@bdarnell
bdarnell committed Mar 12, 2019
1 parent 51179af commit d845f3b
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions build/deploy/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
FROM debian:8.11
FROM debian:9.8-slim

# Install root CAs so we can make SSL connections to phone home and
# do backups to GCE/AWS/Azure.
# For deployment, we need
# libc6 - dynamically linked by cockroach binary
# ca-certificates - to authenticate TLS connections for telemetry and
# bulk-io with S3/GCS/Azure
# tzdata - for time zone functions
RUN apt-get update && \
apt-get -y upgrade && \
apt-get install -y ca-certificates && \
apt-get install -y libc6 ca-certificates tzdata && \
rm -rf /var/lib/apt/lists/*

RUN mkdir -p /cockroach
Expand Down

0 comments on commit d845f3b

Please sign in to comment.