HiveBrain v1.2.0
Get Started
← Back to all entries
snippetdockerMinor

How to pin OS package versions in Docker image

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
imagepackagehowdockerversionspin

Problem

Scenario

For obvious reasons I believe that every package installed in a Docker image should have their version nailed down.
That's why in our Dockerfile we always enforce the OS package manager to install a specific version of a package.
For example:

FROM node:6.10.0

RUN apt-get update \
      && apt-get -y install nginx=1.6.2-5+deb8u6 \
      && apt-get -y install supervisor=3.0r1-1+deb8u1


Problem

The upstream repository has changed and the nginx=1.6.2-5+deb8u6 package is now invalid.

I'm not sure what brings about this change but I think it has something to do with distros going out of their support-cycle or that old packages are removed/moved somewhere else.

Question

How do I nail the exact version of OS-leveled packages without running into this problem?

Note: I know these 2 options will work but I want to know if there's an easier way out:

  • Make a custom base image



  • Download the binaries and COPY them into the Docker image

Solution

I'm not sure that this qualifies as an "easier" way, but you could host the specific packages on a server (e.g., Artifactory, S3). You would then have the Dockerfile connect to this location and use the packages from there.

This would allow you to avoid creating a custom base image and you would not have to manually download the packages.

Context

StackExchange DevOps Q#10333, answer score: 2

Revisions (0)

No revisions yet.