Docker image Package Patch within Dockerfile
In order to understand what constitutes an image, you need to look at a Dockerfile in a different way:
- Every step (with the exception of
FROM
) creates a new image, with the results of the previous step as a base. FROM
doesn't use the previous step, but an explicitly specified one.
Now, looking at your Dockerfile, you seem to wonder why RUN yum -y update curl
doesn't work as expected. For easier understanding, let's trace it backwards:
RUN yum -y update curl
RUN /usr/local/bin/python -m pip install --upgrade pip \ && pip install -r requirements.txt
WORKDIR /app
COPY . /app/
COPY --from=build /usr/local/ /usr/local/
ENV LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib
FROM base
-- at this point, the previous step is changed to the last step ofbase
FROM centos:7 AS base
-- here, the previous step is changed tocentos:7
As you see, nowhere in the earlier steps is yum update -y curl
!
BTW: Typing this, I'm wondering what your precise question is, i.e. whether this works or doesn't or whether you wonder why it's necessary. Are you aware of the difference between yum update
and yum update curl
even?
docker build
and friends have a cache system, based on the text of the input. So if the text of the command yum -y update
doesn't change, it will continue using the same cached version of the output forever (or until the cache is deleted). Try running the build with --no-cache
and see if that helps.