Properly upgrade packages and clean up apt cache in Dockerfile

[PeterDaveHello]

Add apt upgrade before apt dist-upgrade, and replace apt clean with rm -rf /var/lib/apt/lists/*, result:

REPOSITORY     TAG       IMAGE ID       CREATED              SIZE
ssh-audit      after     03e247aee0cc   About a minute ago   131MB
ssh-audit      before    609962ceafb1   About a minute ago   150MB

[jtesta]

@PeterDaveHello : thanks for submitting! However, a similar PR was submitted 4 days ago, and was just merged (see #215). I notice that your suggestion includes doing an apt upgrade before the existing apt dist-upgrade. I re-read the documentation for apt, and it seems to me that dist-upgrade supersedes upgrade. Is that right, or am I missing something?

[PeterDaveHello]

@jtesta You are correct that apt dist-upgrade is more comprehensive than apt upgrade, as it also handles package dependencies and may remove or install new packages.

However, apt upgrade is safer in the sense that it only upgrades installed packages and doesn't alter the system's structure. Including both commands ensures that all packages get upgraded safely first, followed by a more thorough upgrade with dependency resolution.

BTW, apt command is actually for interactive command, apt-get is better for calling Debian package management system from scripts, if you hadolint to check the Dockerfile, you'll see the warning:

Do not use apt as it is meant to be a end-user tool, use apt-get or apt-cache instead

I can also adjust that if you like!

References:

• https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_the_event_flow_of_the_package_management
• https://github.com/hadolint/hadolint/wiki/DL3027

[jtesta]

@PeterDaveHello : Looks like this PR conflicts with the master branch at this point. I'd be happy to merge in the addition of apt-get upgrade into the updating step, if you're able to resolve this. Thanks!

[PeterDaveHello]

Resolved.

[jtesta]

Thanks for contributing!