Closed vgamayunov closed 1 month ago
I would say maybe using a more readable name for the newly added script, like: cleanup_insecure_package.sh
I would say maybe using a more readable name for the newly added script, like: cleanup_insecure_package.sh
I'd actually prefer to see package removal added to install_prerequisites.sh
(and move it to /ubuntu/common rather than having version specific ones since they are the same).
This would mean that base image package cleanup could be early (and where we're already doing an update/upgrade) and allow for other things installed later that might be dependent on it to catch that it's missing (not that I think that will happen in this case)
I'd actually prefer to see package removal added to
install_prerequisites.sh
(and move it to /ubuntu/common rather than having version specific ones since they are the same).This would mean that base image package cleanup could be early (and where we're already doing an update/upgrade) and allow for other things installed later that might be dependent on it to catch that it's missing (not that I think that will happen in this case)
install_prerequisites.sh
is run before set_properties.sh
(installs jq), so it needs to be in the same dir because $UBUNTU_COMMON_DIR
is not yet set.
I suggest keeping install_prerequisites.sh
where it is and using separate script for cleanup but call it earlier.
agree with the comments - updated
remove graphviz package (+deps) requiring Ubuntu Pro for security updates