UniqAI/nvidia-container-toolkit
1
0
Fork 0
mirror of https://github.com/NVIDIA/nvidia-container-toolkit synced 2025-04-04 20:52:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Allow packages to be specified to address CVEs

Browse Source 
This change allows the CVE_UPGRADES build arg to be set
to address CVEs in base images instead of requesting waivers.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
This commit is contained in:
Evan Lezar 2021-12-07 15:20:25 +01:00
parent 050c29b157
commit f0311bfe17
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
build/container/Dockerfile.centos
View File

@ -75,4 +75,11 @@ LABEL description="See summary"
COPY ./LICENSE /licenses/LICENSE COPY ./LICENSE /licenses/LICENSE
# Install / upgrade packages here that are required to resolve CVEs
ARG CVE_UPDATES
RUN if [ -n "${CVE_UPDATES}" ]; then \
yum update -y ${CVE_UPDATES} && \
rm -rf /var/cache/yum/*; \
fi
ENTRYPOINT ["/work/nvidia-toolkit"] ENTRYPOINT ["/work/nvidia-toolkit"]

1
build/container/Makefile
View File

@ -75,6 +75,7 @@ $(BUILD_TARGETS): build-%: $(ARTIFACTS_ROOT)
--build-arg PACKAGE_VERSION="$(PACKAGE_VERSION)" \ --build-arg PACKAGE_VERSION="$(PACKAGE_VERSION)" \
--build-arg PACKAGE_ARCH="$(PACKAGE_ARCH)" \ --build-arg PACKAGE_ARCH="$(PACKAGE_ARCH)" \
--build-arg VERSION="$(VERSION)" \ --build-arg VERSION="$(VERSION)" \
--build-arg CVE_UPDATES="$(CVE_UPDATES)" \
-f $(DOCKERFILE) \ -f $(DOCKERFILE) \
$(CURDIR) $(CURDIR)