darkwhite29
commented
1 month ago I would say maybe using a more readable name for the newly added script, like: cleanup_insecure_package.sh
Closed vgamayunov closed 1 month ago
darkwhite29
commented
1 month ago I would say maybe using a more readable name for the newly added script, like: cleanup_insecure_package.sh
LiquidPT
commented
1 month ago I would say maybe using a more readable name for the newly added script, like: cleanup_insecure_package.sh
I'd actually prefer to see package removal added to install_prerequisites.sh (and move it to /ubuntu/common rather than having version specific ones since they are the same).
This would mean that base image package cleanup could be early (and where we're already doing an update/upgrade) and allow for other things installed later that might be dependent on it to catch that it's missing (not that I think that will happen in this case)
vgamayunov
commented
1 month ago I'd actually prefer to see package removal added to
install_prerequisites.sh(and move it to /ubuntu/common rather than having version specific ones since they are the same).This would mean that base image package cleanup could be early (and where we're already doing an update/upgrade) and allow for other things installed later that might be dependent on it to catch that it's missing (not that I think that will happen in this case)
install_prerequisites.sh is run before set_properties.sh (installs jq), so it needs to be in the same dir because $UBUNTU_COMMON_DIR is not yet set.
I suggest keeping install_prerequisites.sh where it is and using separate script for cleanup but call it earlier.
vgamayunov
commented
1 month ago agree with the comments - updated
remove graphviz package (+deps) requiring Ubuntu Pro for security updates