Image Builder "update-linux" component is not upgrading all packages on Ubuntu
I'm trying to use Image Builder to create a custom Ubuntu image with parent Ubuntu 22.04 LTS 2023-12-07. I'm making use of the update-linux build component, which underneath invokes the UpdateOS action in order to update all packages is the OS:
Updates Linux by installing all available updates via the UpdateOS action module.
However, after creating the image I still get vulnerabilities after the scan:
When I investigate, some packages were not upgraded:
The following NEW packages will be installed:
linux-aws-6.2-headers-6.2.0-1018 linux-headers-6.2.0-1018-aws linux-image-6.2.0-1018-aws
linux-modules-6.2.0-1018-aws
The following packages will be upgraded:
linux-aws linux-headers-aws linux-image-aws
Why is UpdateOS not upgrading these packages, and why I can't find any documentation about this and logs are not saying what is happening?
Is this because these packages upgrade the Kernel? Again.. where is this documented?
- Más nuevo
- Más votos
- Más comentarios
I can't answer why it doesn't do it but I can share what I have done to workaround this issue. In my pipeline, I created a component that runs apt update && apt upgrade -y
name: Upgradeall
description: updates and upgrades the instance
schemaVersion: 1.0
phases:
- name: build
steps:
- name: UpdateAll
action: ExecuteBash
inputs:
commands:
- sudo apt-get update
- sudo apt-get upgrade -y
