Check that all images generate a manifest via dpkg-query

Bug #1953697 reported by Sergio Durigan Junior
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Docker Images
Fix Released
Athos Ribeiro

Bug Description

It has come to my attention that some of our images (specifically those that are not deb-based) don't generate a security manifest through the dpkg-query method. This makes us miss security notifications for the deb packages installed on top of the base image.

We should revisit our images and double check that they're properly generating such manifests.

Related branches

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

The affected images are:

- cassandra
- cortex
- grafana
- prometheus
- prometheus-alertmanager

[1] implements detection of such cases in our test suite.


Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

The following MPs should sufice to close this bug. We should make sure is merged after that.

Changed in ubuntu-docker-images:
assignee: nobody → Athos Ribeiro (athos-ribeiro)
status: Confirmed → In Progress
Changed in ubuntu-docker-images:
status: In Progress → Fix Committed
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

All images were rebuilt and tagged. This should be fixed now.

Changed in ubuntu-docker-images:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.