security: update yum repo

kubeovn · Jun 11, 2020 · a4f4037 · a4f4037
1 parent 789c9d8
commit a4f4037
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/.github/workflows/build-x86-image.yaml b/.github/workflows/build-x86-image.yaml
@@ -6,7 +6,6 @@ on:
     - master
     paths-ignore:
     - 'docs/**'
-    - 'dist/**'
     - 'yamls/**'
   push:
     branches:

diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,3 @@
+# No CentOS Upstream fix
+CVE-2020-12662
+CVE-2020-12663
diff --git a/dist/images/Dockerfile b/dist/images/Dockerfile
@@ -19,17 +19,17 @@ RUN mkdir /rpms/ && \
 
 
 FROM centos:8
-
-RUN yum upgrade -y sqlite-libs libarchive systemd && \
-    yum remove -y bind-export-libs
-
-RUN yum install -y  \
+RUN sed -i 's/$releasever/8-stream/g' /etc/yum.repos.d/CentOS-AppStream.repo && \
+    sed -i 's/$releasever/8-stream/g' /etc/yum.repos.d/CentOS-Base.repo
+RUN yum remove -y bind-export-libs && yum update -y && \
+    yum install -y \
         firewalld-filesystem \
         libpcap \
         hostname ethtool \
         iproute nc \
         unbound-devel \
-        tcpdump ipset && yum clean all
+        tcpdump ipset && \
+    yum clean all
 ARG RPM_ARCH
 RUN rpm -ivh --nodeps https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/${RPM_ARCH}/os/Packages/i/iptables-1.8.0-5.fc30.${RPM_ARCH}.rpm