Page MenuHomeVyOS Platform
Create Task
Maniphest T5624

Remove /etc/debian_version from the image
Closed, ResolvedPublic
Actions

Description

The /etc/debian_version file contains the Debian release version number. Since VyOS uses image-based upgrade, that file serves no useful purpose for us.

However, security scanners love to jump to conclusions and declare an "old Debian version" vulnerable without checking if there may not be any packages from that version at all. Removing that file is an easy way to get fewer false positives.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Internal change (not visible to end users)

Event Timeline

dmbaturin created this task.Sep 29 2023, 1:18 PM
Apachez added a subscriber: Apachez.EditedSep 29 2023, 3:10 PM

Please revert that commit (remove that hook) and use the excludes-file instead.

https://github.com/vyos/vyos-build/blob/current/data/live-build-config/rootfs/excludes

For example by adding the following to the bottom of the above file:

# T5624: Remove the Debian version file to avoid false positives from security scanners.
etc/debian_version
pasik added a subscriber: pasik.Sep 29 2023, 4:37 PM
Apachez added a comment.Sep 30 2023, 2:41 AM

PR created (for current): https://github.com/vyos/vyos-build/pull/432

syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.4).Dec 17 2023, 11:34 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:18 AM
dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta.Feb 15 2024, 1:08 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.6).Feb 15 2024, 1:10 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.5) board.
syncer added a project: Restricted Project.
syncer edited projects, added VyOS 1.4 Sagitta; removed Restricted Project.
dmbaturin closed this task as Resolved.Mar 22 2024, 1:23 PM