'dnf clean all' missing
ID |
purge_dnf_package_cache |
Severity |
low |
Family |
Container Security |
Tags |
dockerfile, non-reachable, smaller-size |
Description
Cached package data should be cleaned after installation to reduce image size.
Reference: Clean Command, in the DNF Command Reference.
Examples
FROM fedora:27
# issue
RUN set -uex && \
dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && \
sed -i 's/$releasever/26/g' /etc/yum.repos.d/docker-ce.repo && \
dnf install -vy docker-ce zsh
HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1Mitigation / Fix
Add dnf clean all to Dockerfile:
FROM fedora:27
# fixed
RUN set -uex && \
dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo && \
sed -i 's/$releasever/26/g' /etc/yum.repos.d/docker-ce.repo && \
dnf install -vy docker-ce zsh && \
dnf clean all
HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1