From c13949a63ee9ea4affade18fc944747c242909c3 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Fri, 29 Sep 2023 14:59:46 +0100
Subject: T5624: add a hook for deleting /etc/debian_version

---
 .../hooks/live/30-remove-debian-version.chroot              | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100755 data/live-build-config/hooks/live/30-remove-debian-version.chroot

diff --git a/data/live-build-config/hooks/live/30-remove-debian-version.chroot b/data/live-build-config/hooks/live/30-remove-debian-version.chroot
new file mode 100755
index 00000000..64d00e26
--- /dev/null
+++ b/data/live-build-config/hooks/live/30-remove-debian-version.chroot
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# The /etc/debian_version file contains the Debian release version number.
+#Since VyOS uses image-based upgrade, that file serves no useful purpose for us.
+#
+# However, security scanners love to jump to conclusions
+# and declare an "old Debian version" vulnerable
+# without checking if there may not be any packages from that version at all.
+# Removing that file is an easy way to get fewer false positives.
+
+echo "I: Deleting the Debian version file"
+
+rm -f /etc/debian_version
-- 
cgit v1.2.3