summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2023-09-29 15:16:04 +0100
committerGitHub <noreply@github.com>2023-09-29 15:16:04 +0100
commit986c77ac08c552f7e8c80be3e5a98339babb06b4 (patch)
treea8b30016fac603598939e3794c9849a1ad449e65
parent108255f13c602cc992f4ff0a509ef6ca4c084464 (diff)
parentc13949a63ee9ea4affade18fc944747c242909c3 (diff)
downloadvyos-build-1.3.4.tar.gz
vyos-build-1.3.4.zip
Merge pull request #431 from dmbaturin/T5624-delete-debian-version1.3.4
T5624: add a hook for deleting /etc/debian_version
-rwxr-xr-xdata/live-build-config/hooks/live/30-remove-debian-version.chroot13
1 files changed, 13 insertions, 0 deletions
diff --git a/data/live-build-config/hooks/live/30-remove-debian-version.chroot b/data/live-build-config/hooks/live/30-remove-debian-version.chroot
new file mode 100755
index 00000000..64d00e26
--- /dev/null
+++ b/data/live-build-config/hooks/live/30-remove-debian-version.chroot
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# The /etc/debian_version file contains the Debian release version number.
+#Since VyOS uses image-based upgrade, that file serves no useful purpose for us.
+#
+# However, security scanners love to jump to conclusions
+# and declare an "old Debian version" vulnerable
+# without checking if there may not be any packages from that version at all.
+# Removing that file is an easy way to get fewer false positives.
+
+echo "I: Deleting the Debian version file"
+
+rm -f /etc/debian_version