Avoid RUN apt-get upgrade or dist-upgrade, since many of the “essential” packages from the base images will fail to upgrade inside an unprivileged container. If a base package is out of date, you should contact its maintainers. If you know there’s a particular package, foo, that needs to be updated, use apt-get install -y foo and it will update automatically.
Claes Wallin (韋嘉誠) likes this.
Christopher Allan Webber shared this.
*headscratch*
Yeah, that is weird advice. I wonder why a base package would fail to upgrade, I haven't seen that happen in the Docker containers I use.
@warp I think the rationale is that "the promise that docker images give you is that these containers will work without your intervention". But many general apt-get update && apt-get upgrade runs actually require manual intervention to finish safely.
Plus, if your containers diverge too far from the standard image, they def can't take advantage of the supposed benefit of having a shared base storage-wise, since they'll all break off.