Missing flag from dnf install

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: 7ebd323c-31b7-4e5b-b26f-de5e9e477af8

Cloud Provider: Dockerfile

Platform: Dockerfile

Severity: Low

Category: Supply-Chain

Learn More

Description

DNF package installations in Dockerfile RUN instructions can prompt for interactive input. If the installer is run without a non-interactive flag, the build can hang or fail, disrupting automated CI/CD pipelines and encouraging unsafe manual interventions.

Check RUN commands that invoke DNF (for example, dnf install, dnf groupinstall, dnf localinstall, dnf reinstall, and short forms such as dnf in/dnf rei) and require the -y or --assumeyes switch to be present. RUN lines invoking these commands without -y/--assumeyes will be flagged. Use a non-interactive invocation such as:

RUN dnf -y install vim wget

Compliant Code Examples

FROM fedora:27
RUN set -uex && \
    dnf config-manager --set-enabled docker-ce-test && \
    dnf install -y docker-ce && \
    dnf clean all

FROM fedora:27
RUN set -uex; \
    dnf config-manager --set-enabled docker-ce-test; \
    dnf install -y docker-ce; \
    dnf clean all

FROM fedora:27
RUN microdnf install -y \
    openssl-libs-1:1.1.1k-6.el8_5.x86_64 \
    zlib-1.2.11-18.el8_5.x86_64 \
 && microdnf clean all

Non-Compliant Code Examples

FROM fedora:27
RUN set -uex; \
    dnf config-manager --set-enabled docker-ce-test; \
    dnf install docker-ce; \
    dnf clean all

FROM fedora:28
RUN set -uex
RUN dnf config-manager --set-enabled docker-ce-test
RUN dnf in docker-ce
RUN dnf clean all

FROM fedora:27
RUN set -uex && \
    dnf config-manager --set-enabled docker-ce-test && \
    dnf install docker-ce && \
    dnf clean all

FROM fedora:28
RUN set -uex
RUN dnf config-manager --set-enabled docker-ce-test
RUN dnf in docker-ce
RUN dnf clean all