Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: don't check for available updates during img_check.sh #137

Open
coryschwartz opened this issue Apr 30, 2021 · 1 comment
Open

proposal: don't check for available updates during img_check.sh #137

coryschwartz opened this issue Apr 30, 2021 · 1 comment

Comments

@coryschwartz
Copy link
Contributor

coryschwartz commented Apr 30, 2021
edited
Loading

I don't think img_check.sh should check for security updates, and here are a few reasons why:

  1. The base images do not pass this test, and they are available on the marketplace.
  2. Some package managers prompt for a decision during package upgrades that is unrelated to the vendor's software and the decision might be at odds with the end user's desires.
    • i.e. ubuntu will prompt for what to do about an SSH config file or some other system configuration. The ubuntu distribution thought it was best for end users to make this decision, and DO vendors should not make the decision on behalf of DO users.
  3. To have upgrades applied at image-creation time provides little to no security benefit to end users.
    • when a user builds a droplet, there might be security packages between the time of image creation and droplet creation. This remains true whether or not the vendor performed apt update. End users will still need to do package updates on their own if they want to stay patched.
  4. automated image creation is non-deterministic if there are package updates involved. Packer may work once, and then a week later fail the same operation because the package manager asked a different set of quesitons during package updates. This causes additional complication for vendors and I think little benefit for users.
  5. The timing between image creation and submission to the portal is too critical.
  • if an image is created on Friday and submitted on Friday, that might be fine. If it's submitted on Monday and there were package updates over the weekend, maybe it doesn't pass.
@jgannondo
Copy link
Contributor

Hi @coryschwartz - sorry it took a while to get back to you on this.

Now that img_check.sh runs on an image when it is submitted to Vendor Portal, the chance of there being a gap between the submission and the img_check running on our end should be minimal, so long as the Vendor submits the image very soon after it is built.

Given that, I'm inclined to close this issue but I wanted to make sure I understood all of the bits before doing that.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coryschwartz @jgannondo