Scenario
For obvious reasons I believe that every package installed in a Docker image should have their version nailed down.That's why in our Dockerfile we always enforce the OS package manager to install a specific version of a package.For example:
FROM node:6.10.0RUN apt-get update \&& apt-get -y install nginx=1.6.2-5+deb8u6 \&& apt-get -y install supervisor=3.0r1-1+deb8u1Problem
The upstream repository has changed and the nginx=1.6.2-5+deb8u6 package is now invalid.
I'm not sure what brings about this change but I think it has something to do with distros going out of their support-cycle or that old packages are removed/moved somewhere else.
Question
How do I nail the exact version of OS-leveled packages without running into this problem?
Note: I know these 2 options will work but I want to know if there's an easier way out:
- Make a custom base image
- Download the binaries and
COPYthem into the Docker image