search

fluent / fluentd-kubernetes-daemonset

Fluentd daemonset for Kubernetes and it Docker image
Apache License 2.0
1.26k stars 978 forks source link

change libc-dev to libc6-dev within buildDeps #1371

Closed pluralistix closed 1 year ago

pluralistix commented 2 years ago

We are using fluent/fluentd-kubernetes-daemonset:v1.14-debian-cloudwatch-1 to build our own image and get reports on CVEs releated to kernel.

We believe, change it to be libc6-dev in e.g. https://github.com/fluent/fluentd-kubernetes-daemonset/blob/4cbe1d8015e3d16ead330daa73a64fe51abc39db/docker-image/v1.14/debian-cloudwatch/Dockerfile#L16 would "fix" that.

That's only, if the intended behaviour in https://github.com/fluent/fluentd-kubernetes-daemonset/blob/4cbe1d8015e3d16ead330daa73a64fe51abc39db/docker-image/v1.14/debian-cloudwatch/Dockerfile#L27-L29 was to remove all dev-packages again.

see

root@cb43e0e0a000:/# buildDeps="libc-dev"; \
apt-get update >/dev/null 2>&1; \
apt-get install -y --no-install-recommends $buildDeps >/dev/null 2>&1; \
echo "after installation";
apt list --installed 2>&1 | grep "\-dev" | sort; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $buildDeps >/dev/null 2>&1; \
echo "after removal"; \
apt list --installed 2>&1 | grep "\-dev"
after installation
libc-dev-bin/stable,now 2.31-13+deb11u3 amd64 [installed,automatic]
libc6-dev/stable,now 2.31-13+deb11u3 amd64 [installed]
libcrypt-dev/stable,now 1:4.4.18-4 amd64 [installed,automatic]
libnsl-dev/stable,now 1.3.0-2 amd64 [installed,automatic]
libtirpc-dev/stable,now 1.3.1-1 amd64 [installed,automatic]
linux-libc-dev/stable,now 5.10.127-1 amd64 [installed,automatic]
after removal
libc-dev-bin/stable,now 2.31-13+deb11u3 amd64 [installed,automatic]
libc6-dev/stable,now 2.31-13+deb11u3 amd64 [installed]
libcrypt-dev/stable,now 1:4.4.18-4 amd64 [installed,automatic]
libnsl-dev/stable,now 1.3.0-2 amd64 [installed,automatic]
libtirpc-dev/stable,now 1.3.1-1 amd64 [installed,automatic]
linux-libc-dev/stable,now 5.10.127-1 amd64 [installed,automatic]

and/but

root@da6ff54687b4:/# buildDeps="libc6-dev"; \
apt-get update >/dev/null 2>&1; \
apt-get install -y --no-install-recommends $buildDeps >/dev/null 2>&1; \
echo "after installation";
apt list --installed 2>&1 | grep "\-dev" | sort; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $buildDeps >/dev/null 2>&1; \
echo "after removal"; \
apt list --installed 2>&1 | grep "\-dev"
after installation
libc-dev-bin/stable,now 2.31-13+deb11u3 amd64 [installed,automatic]
libc6-dev/stable,now 2.31-13+deb11u3 amd64 [installed]
libcrypt-dev/stable,now 1:4.4.18-4 amd64 [installed,automatic]
libnsl-dev/stable,now 1.3.0-2 amd64 [installed,automatic]
libtirpc-dev/stable,now 1.3.1-1 amd64 [installed,automatic]
linux-libc-dev/stable,now 5.10.127-1 amd64 [installed,automatic]
after removal

Can you please check, if that's something to handle/tackle?

Thanks in advance

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

github-actions[bot] commented 1 year ago

This issue was automatically closed because of stale in 30 days