When RUN has the word yum and at some later point the same RUN also contains update all, update, or upgrade, the condition was being met. However this can break some workflows.
For example, the following matches the condition pointlessly because of line 4. No actual yum upgrade happens here but the current conditions make it appear that way.
Instead, we can match by spaces and/or tabs using [ \t]+. This way yum, followed by any number of spaces or tabs, followed by update all, update, or upgrade would allow the above Dockerfile to pass but the below Dockerfile would fail correctly or as expected.
lphiri
commented
6 years ago
When
RUNhas the wordyumand at some later point the sameRUNalso containsupdate all,update, orupgrade, the condition was being met. However this can break some workflows.For example, the following matches the condition pointlessly because of line 4. No actual
yum upgradehappens here but the current conditions make it appear that way.Instead, we can match by spaces and/or tabs using
[ \t]+. This wayyum, followed by any number of spaces or tabs, followed byupdate all,update, orupgradewould allow the above Dockerfile to pass but the below Dockerfile would fail correctly or as expected.The same change can probably be made to the other installer methods, such as
apt-getetc.