Skip to content

Commit 38ff297

Browse files
andyzhangxandyzhangx
committed
fix: install updated packages to fix CVE issues
1 parent ea9e9e6 commit 38ff297

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

Dockerfile

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
# See the License for the specific language governing permissions and
1313
# limitations under the License.
1414

15-
FROM k8s.gcr.io/build-image/debian-base:buster-v1.6.0
15+
FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.0.0
1616

1717
# Architecture for bin folder
1818
ARG ARCH
@@ -21,8 +21,8 @@ ARG ARCH
2121
COPY bin/${ARCH}/nfsplugin /nfsplugin
2222

2323
RUN apt update && apt-mark unhold libcap2
24-
# this is a workaround to install nfs-common & nfs-kernel-server and don't quit with error
25-
# https://github.com/kubernetes-sigs/blob-csi-driver/issues/214#issuecomment-781602430
26-
RUN apt install ca-certificates mount libssl1.1 nfs-common nfs-kernel-server -y || true
24+
RUN clean-install ca-certificates mount nfs-common
25+
# install updated packages to fix CVE issues
26+
RUN clean-install libssl1.1 libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0
2727

2828
ENTRYPOINT ["/nfsplugin"]

0 commit comments

Comments
 (0)