Skip to main content

DL3033: Pin versions in yum install

Warning Best Practice

Why This Matters

Without pinned versions, yum install pulls the latest available package, which varies between builds. Unpinned packages break build reproducibility because two builds from the same Dockerfile may contain different package versions. Pin packages with - syntax (e.g., httpd-2.4.6) for consistent, reproducible builds.

How to Fix

Pin package versions with - syntax

Before (incorrect)

RUN yum install -y httpd

After (correct)

RUN yum install -y httpd-2.4.6-99.el7

Rule Details

Rule Code
DL3033
Severity
Warning
Category
Best Practice

Related Rules

DL3027 Warning

Do not use apt as it is meant to be an end-user tool
DL3013 Warning

Pin versions in pip install
DL3022 Warning

COPY --from should reference a named build stage
DL3030 Warning

Use the -y switch for yum install
DL3038 Warning

Use the -y switch for dnf install