Check that all images generate a manifest via dpkg-query
Bug #1953697 reported by
Sergio Durigan Junior
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Docker Images |
Fix Released
|
High
|
Athos Ribeiro |
Bug Description
It has come to my attention that some of our images (specifically those that are not deb-based) don't generate a security manifest through the dpkg-query method. This makes us miss security notifications for the deb packages installed on top of the base image.
We should revisit our images and double check that they're properly generating such manifests.
Related branches
~athos-ribeiro/ubuntu-docker-images/+git/prometheus-alertmanager:0.21-20.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/prometheus-alertmanager:0.21-20.04
at
revision 7ec413607e21ebdd08faa8987904a306ac2a02be
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 16 lines (+4/-1)1 file modifiedDockerfile (+4/-1)
~athos-ribeiro/ubuntu-docker-images/+git/prometheus-alertmanager:0.21-21.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/prometheus-alertmanager:0.21-21.04
at
revision bbd5266dd9f2189b37c5f94700d822df7edb1b1f
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 16 lines (+4/-1)1 file modifiedDockerfile (+4/-1)
~athos-ribeiro/ubuntu-docker-images/+git/prometheus-alertmanager:0.22-21.10-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/prometheus-alertmanager:0.22-21.10
at
revision 0fcc233b5db81a70435c181ff1ec29d85225ca5f
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 16 lines (+4/-1)1 file modifiedDockerfile (+4/-1)
~athos-ribeiro/ubuntu-docker-images/+git/prometheus:2.20-20.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/prometheus:2.20-20.04
at
revision 0b37aec4321ce3a827d8559f8894ab6ec06a218f
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 16 lines (+4/-1)1 file modifiedDockerfile (+4/-1)
~athos-ribeiro/ubuntu-docker-images/+git/prometheus:2.25-21.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/prometheus:2.25-21.04
at
revision 11ec2fc39cde182f565775448a8fc588e09fcbcc
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 16 lines (+4/-1)1 file modifiedDockerfile (+4/-1)
~athos-ribeiro/ubuntu-docker-images/+git/prometheus:2.28-21.10-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/prometheus:2.28-21.10
at
revision 2559a975120df7f578d9ff1343bd2933d14fb0a7
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 16 lines (+4/-1)1 file modifiedDockerfile (+4/-1)
~athos-ribeiro/ubuntu-docker-images/+git/grafana:7.2-20.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/grafana:7.2-20.04
at
revision aee516256a37f941b0758a14b1ed3b1d15684c8c
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 15 lines (+3/-1)1 file modifiedDockerfile (+3/-1)
~athos-ribeiro/ubuntu-docker-images/+git/grafana:7.4-21.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/grafana:7.4-21.04
at
revision 0fe2def3649662cd2b8c155a0cbef5161bd19a67
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 15 lines (+3/-1)1 file modifiedDockerfile (+3/-1)
~athos-ribeiro/ubuntu-docker-images/+git/grafana:8.1-21.10-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/grafana:8.1-21.10
at
revision 4bf4e68e34cde69f968d3c2726c750c26e5f5623
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 15 lines (+3/-1)1 file modifiedDockerfile (+3/-1)
~athos-ribeiro/ubuntu-docker-images/+git/cortex:1.4-20.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/cortex:1.4-20.04
at
revision fdb0c25f8a8825c2896305de348a51145e68b646
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 14 lines (+3/-1)1 file modifiedoci/Dockerfile.ubuntu (+3/-1)
~athos-ribeiro/ubuntu-docker-images/+git/cortex:1.7-21.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/cortex:1.7-21.04
at
revision 4280f52a7b775952ae91813e97c7f598837bde91
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 14 lines (+3/-1)1 file modifiedoci/Dockerfile.ubuntu (+3/-1)
~athos-ribeiro/ubuntu-docker-images/+git/cortex:1.10-21.10-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/cortex:1.10-21.10
at
revision 9a96aff7f365c68ed49ecb3e241607095bab4278
- Sergio Durigan Junior: Approve
- Canonical Server: Pending requested
-
Diff: 14 lines (+3/-1)1 file modifiedoci/Dockerfile.ubuntu (+3/-1)
~athos-ribeiro/ubuntu-docker-images/+git/cassandra:4.0-20.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/cassandra:4.0-20.04
at
revision da7db85926102820bb6fab8e42d8fc6a9e535179
- Bryce Harrington: Approve
- Sergio Durigan Junior: Pending requested
- Canonical Server: Pending requested
-
Diff: 14 lines (+3/-1)1 file modifiedDockerfile (+3/-1)
~athos-ribeiro/ubuntu-docker-images/+git/cassandra:4.0-21.04-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/cassandra:4.0-21.04
at
revision 51829a054807f4b39492802b9d8c1a4e73fa226c
- Bryce Harrington: Approve
- Sergio Durigan Junior: Pending requested
- Canonical Server: Pending requested
-
Diff: 14 lines (+3/-1)1 file modifiedDockerfile (+3/-1)
~athos-ribeiro/ubuntu-docker-images/+git/cassandra:4.0-21.10-deb-manifest
Merged
into
~ubuntu-docker-images/ubuntu-docker-images/+git/cassandra:4.0-21.10
at
revision 986cfbf0e5860bc6e04d04f7d78ce3af88bea504
- Bryce Harrington: Approve
- Sergio Durigan Junior: Pending requested
- Canonical Server: Pending requested
-
Diff: 14 lines (+3/-1)1 file modifiedDockerfile (+3/-1)
Changed in ubuntu-docker-images: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
The affected images are:
- cassandra alertmanager
- cortex
- grafana
- prometheus
- prometheus-
[1] implements detection of such cases in our test suite.
[1] https:/ /github. com/canonical/ server- test-scripts/ pull/142