also recommend detach to avoid accidental non-purging resulting in se…

…crets left behind
canonical · Aug 23, 2024 · 090f14a · 090f14a
1 parent 2f4278e
commit 090f14a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/docs/howtoguides/enable_in_dockerfile.rst b/docs/howtoguides/enable_in_dockerfile.rst
@@ -116,14 +116,15 @@ inline comments explaining each line:
       # services, we can clean up.
       ###########################################################################
       #
-      # This purges ubuntu-pro-client, including all Ubuntu Pro related
-      # secrets from the system.
+      # This detaches and purges ubuntu-pro-client, including all Ubuntu Pro
+      # related secrets from the system.
       ###########################################################################
       # IMPORTANT: As written here, this command assumes your container does not
       # need ca-certificates so it is purged as well.
       # If your container needs ca-certificates, then do not purge it from the
       # system here.
       ###########################################################################
+      && pro detach --assume-yes
       && apt-get purge --auto-remove -y ubuntu-pro-client ca-certificates \
       #
       # Finally, we clean up the apt lists which should not be needed anymore

diff --git a/docs/tutorials/create_a_fips_docker_image.rst b/docs/tutorials/create_a_fips_docker_image.rst
@@ -85,6 +85,7 @@ Edit the file and add the following contents:
         && pro attach --attach-config /run/secrets/pro-attach-config \
         && apt-get upgrade -y \
         && apt-get install -y openssl libssl1.1 libssl1.1-hmac libgcrypt20 libgcrypt20-hmac strongswan strongswan-hmac openssh-client openssh-server \
+        && pro detach --assume-yes
         && apt-get purge --auto-remove -y ubuntu-pro-client ca-certificates \
         && rm -rf /var/lib/apt/lists/*