From 0bd392543b6305b6b05c764e1dc8b7e88e03132c Mon Sep 17 00:00:00 2001 From: Komnick Date: Tue, 16 Feb 2021 11:16:24 -0500 Subject: [PATCH 01/36] initial commit --- .gitattributes | 2 + .gitignore | 7 ++ Dockerfile | 103 ++++++++++++++++++++ Jenkinsfile | 3 + LICENSE | 33 +++++++ README.md | 8 +- download.json | 22 +++++ hardening_manifest.yaml | 72 ++++++++++++++ report.txt | 105 +++++++++++++++++++++ scripts/fix-permissions | 28 ++++++ scripts/jupyter_notebook_config.py | 55 +++++++++++ scripts/start-notebook.sh | 19 ++++ scripts/start-singleuser.sh | 39 ++++++++ scripts/start.sh | 147 +++++++++++++++++++++++++++++ tini | Bin 0 -> 24064 bytes 15 files changed, 641 insertions(+), 2 deletions(-) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 Jenkinsfile create mode 100644 LICENSE create mode 100644 download.json create mode 100644 hardening_manifest.yaml create mode 100644 report.txt create mode 100644 scripts/fix-permissions create mode 100644 scripts/jupyter_notebook_config.py create mode 100644 scripts/start-notebook.sh create mode 100644 scripts/start-singleuser.sh create mode 100644 scripts/start.sh create mode 100644 tini diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dfe0770 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +# Auto detect text files and perform LF normalization +* text=auto diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2045e13 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +*.whl +*.rpm +*.tar.gz +*.ps1 +packages.txt +repo/** +anchore-reports/** diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..63c1f78 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,103 @@ +#ARG BASE_REGISTRY=registry1.dso.mil +#ARG BASE_IMAGE=ironbank/redhat/python/python36 +#ARG BASE_TAG=3.6 +#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +FROM python36-ai:latest + +LABEL maintainer="Jupyter Project and Rob McCarthy " + +ARG NB_USER="jovyan" +# NB_UID == 1001 b/c the default user in the ironbank python36 image is uid 1001 +ARG NB_UID="1000" +ARG NB_GID="0" + +# Fix DL4006 +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +USER root + +# nodejs typically installed here to check the status of jlab +# we've removed it due to cve's +# we have also removed bzip2 install as its provided by the python36 base image +# we have also removed the lang pack installations due to cve's +RUN yum update -y -q \ + && yum install -y -q \ + procps \ + ca-certificates \ + && yum clean all + +# Configure environment +ENV SHELL=/bin/bash \ + NB_USER=$NB_USER \ + NB_UID=$NB_UID \ + NB_GID=$NB_GID \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US.UTF-8 +ENV HOME=/home/$NB_USER + +# Copy a script that we will use to correct permissions after running certain commands +# fix-permissions: https://repo1.dsop.io/dsop/redhat/python/python36/-/blob/development/scripts/usr/bin/fix-permissions +COPY scripts/fix-permissions /usr/local/bin/fix-permissions +RUN chmod a+rx /usr/local/bin/fix-permissions + +# Enable prompt color in the skeleton .bashrc before creating the default NB_USER +# hadolint ignore=SC2016 +RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc + +# Create NB_USER with name jovyan user with UID=1000 and in the 'users' group +# and make sure these dirs are writable by the `users` group. +RUN useradd -m -s /bin/bash -N -u $NB_UID -g $NB_GID $NB_USER && \ + fix-permissions $HOME -P && \ + fix-permissions /opt/app-root -P + +# install tini +COPY tini /usr/bin/tini +RUN chmod +x /usr/bin/tini + +USER $NB_UID + +ARG PYTHON_VERSION=default + +# Setup work directory for backward-compatibility +RUN mkdir /home/$NB_USER/work + +WORKDIR /tmp + +# Install jupyterlab +COPY jupyterlab.tar.gz . +RUN tar -xvf jupyterlab.tar.gz && \ + python3.6 -m pip install --quiet jupyterlab/* && \ + rm -rf /tmp/jupyterlab/ && \ + fix-permissions /opt/app-root + + +EXPOSE 8888 + +# critical env variable to enable jupyter lab GUI (default is the old interface) +ENV JUPYTER_ENABLE_LAB=1 +# Configure container startup +ENTRYPOINT ["tini", "-g", "--"] +CMD ["start-notebook.sh"] + +# Copy local files as late as possible to avoid cache busting +COPY scripts/start.sh scripts/start-notebook.sh scripts/start-singleuser.sh /usr/local/bin/ +COPY scripts/jupyter_notebook_config.py /etc/jupyter/ + +# Fix permissions on /etc/jupyter and /usr/libexec/openssh/ssh-keysign +USER root +RUN fix-permissions /etc/jupyter && \ + fix-permissions /usr/libexec/openssh/ssh-keysign + +# destroy /usr/share/doc/perl* and tornado test.key as they contain 'secrets' flagged by IB +RUN rm -rf \ + /usr/share/doc/perl-IO-Socket-SSL \ + /usr/share/doc/perl-Net-SSLeay/examples \ + /opt/app-root/lib/python3.6/site-packages/tornado/test/test.key + +# Switch back to jovyan to avoid accidental container runs as root +USER $NB_UID + +HEALTHCHECK CMD pgrep "jupyter" > /dev/null || exit 1 + +WORKDIR $HOME diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..e539b1c --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,3 @@ +@Library('DCCSCR@master') _ +dccscrPipeline(version: "2.2.9") + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..dba80cf --- /dev/null +++ b/LICENSE @@ -0,0 +1,33 @@ +Copyright (c) 2015 Project Jupyter Contributors +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Semver File License +=================== + +The semver.py file is from https://github.com/podhmo/python-semver +which is licensed under the "MIT" license. See the semver.py file for details. diff --git a/README.md b/README.md index 5dc6fa6..ead46f8 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ -# +# -Project template for all Iron Bank container repositories. \ No newline at end of file +## Description + +A jupyterlab notebook container implementing the jupyterlab interface (with left-navigation tabs etc.), Python3.6 (python36 base image) and pip version 20.2.4. + +Additionally, this container includes specific python packages that support AI/ML and data science initiatives. diff --git a/download.json b/download.json new file mode 100644 index 0000000..782821f --- /dev/null +++ b/download.json @@ -0,0 +1,22 @@ +{ + "resources": [ + { + "url": "s3://coeus-jupyterlab-packages/tini", + "filename": "tini", + "validation": { "type": "sha256", "value": "93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c" }, + "auth": { "type": "s3", "id": "jupyter-credential", "region": "us-east-2"} + }, + { + "url": "s3://coeus-jupyterlab-packages/pip-20.2.4.tar.gz", + "filename": "pip-20.2.4.tar.gz", + "validation": { "type": "sha256", "value": "2245776a68ea743c35df2b375ad44568e744e0075c86f0fc8d791af315a99af2" }, + "auth": { "type": "s3", "id": "jupyter-credential", "region": "us-east-2"} + }, + { + "url": "s3://coeus-jupyterlab-packages/jupyterlab.tar.gz", + "filename": "jupyterlab.tar.gz", + "validation": { "type": "sha256", "value": "104412ac5e29afc652fbb66cc065576314934f4b3c25e1c55a74e73eda175ba4" }, + "auth": { "type": "s3", "id": "jupyter-credential", "region": "us-east-2"} + } + ] +} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..ca51fa6 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "carnegie-mellon/jlab-eda" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "1.4.2" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "carnegie-mellow/python36-ai" + BASE_TAG: "3.6" + +# Docker image labels +labels: + org.opencontainers.image.title: "jlab-eda" + org.opencontainers.image.description: "JupyterLab is the next-generation web-based user interface for Project Jupyter." + org.opencontainers.image.licenses: "MIT License (MIT)" + org.opencontainers.image.url: " " + org.opencontainers.image.vendor: "jupyterlab" + org.opencontainers.image.version: "1.4.2" + mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science" + mil.dso.ironbank.image.type: "opensource" + mil.dso.ironbank.product.name: "jupyterlab" + +# List of resources to make available to the offline build context +resources: +- filename: tini + url: s3://coeus-jupyterlab-packages/tini + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + auth: + type: s3 + id: jupyter-credential + region: us-east-2 +- filename: pip-20.2.4.tar.gz + url: s3://coeus-jupyterlab-packages/pip-20.2.4.tar.gz + validation: + type: sha256 + value: 2245776a68ea743c35df2b375ad44568e744e0075c86f0fc8d791af315a99af2 + auth: + type: s3 + id: jupyter-credential + region: us-east-2 +- filename: jupyterlab.tar.gz + url: s3://coeus-jupyterlab-packages/jupyterlab.tar.gz + validation: + type: sha256 + value: 104412ac5e29afc652fbb66cc065576314934f4b3c25e1c55a74e73eda175ba4 + auth: + type: s3 + id: jupyter-credential + region: us-east-2 + + +# List of project maintainers +maintainers: +- email: "balexander@vivsoft.io" + name: "Brad Alexander" + username: "balexand" + cht_member: true +- email: "daniel.s.komnick.mil@mail.mil" + name: "Dan Komnick" + username: "Komnick" + cht_member: false + diff --git a/report.txt b/report.txt new file mode 100644 index 0000000..1f90d77 --- /dev/null +++ b/report.txt @@ -0,0 +1,105 @@ +Image Digest: sha256:8f97095cbbf8f9d24e9fd7062233d7aad6e0dd2744e65c95aa449dd9095bf3b8 +Full Tag: localhost:5000/jlab-base-ai:latest +Image ID: fa711f819d95c5e55b92ef291fd0778f1b9814aaaeb887d7f0381c73d6130a63 +Status: fail +Last Eval: 2021-02-13T04:25:06Z +Policy ID: 2c53a13c-1765-11e8-82ef-23527761d060 +Final Action: stop +Final Action Reason: policy_evaluation + +Gate Trigger Detail + Status +dockerfile instruction Dockerfile directive 'HEALTHCHECK' not found, matching condition 'not_exists' check warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - binutils (CVE-2021-20197 - https://access.redhat.com/security/cve/CVE-2021-20197) warn +vulnerabilities package MEDIUM Vulnerability found in non-os package type (python) - bleach (fixed in: 3.3.0)(GHSA-vv2x-vrpj-qqpq - https://github.com/advisories/GHSA-vv2x-vrpj-qqpq) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - brotli (CVE-2020-8927 - https://access.redhat.com/security/cve/CVE-2020-8927) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - curl (CVE-2020-8285 - https://access.redhat.com/security/cve/CVE-2020-8285) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - curl (CVE-2020-8284 - https://access.redhat.com/security/cve/CVE-2020-8284) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - curl (CVE-2020-8286 - https://access.redhat.com/security/cve/CVE-2020-8286) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc-common (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc-devel (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc-headers (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc-minimal-langpack (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-8832 - https://access.redhat.com/security/cve/CVE-2020-8832) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-12464 - https://access.redhat.com/security/cve/CVE-2020-12464) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-10741 - https://access.redhat.com/security/cve/CVE-2020-10741) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-13844 - https://access.redhat.com/security/cve/CVE-2020-13844) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-12114 - https://access.redhat.com/security/cve/CVE-2020-12114) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-14416 - https://access.redhat.com/security/cve/CVE-2020-14416) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-14356 - https://access.redhat.com/security/cve/CVE-2020-14356) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-28915 - https://access.redhat.com/security/cve/CVE-2020-28915) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-15802 - https://access.redhat.com/security/cve/CVE-2020-15802) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25645 - https://access.redhat.com/security/cve/CVE-2020-25645) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25284 - https://access.redhat.com/security/cve/CVE-2020-25284) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25285 - https://access.redhat.com/security/cve/CVE-2020-25285) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25212 - https://access.redhat.com/security/cve/CVE-2020-25212) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-27152 - https://access.redhat.com/security/cve/CVE-2020-27152) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-8694 - https://access.redhat.com/security/cve/CVE-2020-8694) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-26541 - https://access.redhat.com/security/cve/CVE-2020-26541) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-3178 - https://access.redhat.com/security/cve/CVE-2021-3178) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25705 - https://access.redhat.com/security/cve/CVE-2020-25705) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-14351 - https://access.redhat.com/security/cve/CVE-2020-14351) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-15437 - https://access.redhat.com/security/cve/CVE-2020-15437) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25704 - https://access.redhat.com/security/cve/CVE-2020-25704) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-16120 - https://access.redhat.com/security/cve/CVE-2020-16120) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-4788 - https://access.redhat.com/security/cve/CVE-2020-4788) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-29660 - https://access.redhat.com/security/cve/CVE-2020-29660) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-27786 - https://access.redhat.com/security/cve/CVE-2020-27786) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25643 - https://access.redhat.com/security/cve/CVE-2020-25643) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-24394 - https://access.redhat.com/security/cve/CVE-2020-24394) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-14314 - https://access.redhat.com/security/cve/CVE-2020-14314) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-27777 - https://access.redhat.com/security/cve/CVE-2020-27777) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2019-20794 - https://access.redhat.com/security/cve/CVE-2019-20794) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-35508 - https://access.redhat.com/security/cve/CVE-2020-35508) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-27835 - https://access.redhat.com/security/cve/CVE-2020-27835) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-36158 - https://access.redhat.com/security/cve/CVE-2020-36158) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-0342 - https://access.redhat.com/security/cve/CVE-2021-0342) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-28974 - https://access.redhat.com/security/cve/CVE-2020-28974) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-0431 - https://access.redhat.com/security/cve/CVE-2020-0431) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-0404 - https://access.redhat.com/security/cve/CVE-2020-0404) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-0427 - https://access.redhat.com/security/cve/CVE-2020-0427) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-20194 - https://access.redhat.com/security/cve/CVE-2021-20194) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-3348 - https://access.redhat.com/security/cve/CVE-2021-3348) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - krb5-libs (CVE-2020-28196 - https://access.redhat.com/security/cve/CVE-2020-28196) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - libcurl (CVE-2020-8285 - https://access.redhat.com/security/cve/CVE-2020-8285) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - libcurl (CVE-2020-8284 - https://access.redhat.com/security/cve/CVE-2020-8284) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - libcurl (CVE-2020-8286 - https://access.redhat.com/security/cve/CVE-2020-8286) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - libxml2 (CVE-2020-24977 - https://access.redhat.com/security/cve/CVE-2020-24977) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit (CVE-2020-29363 - https://access.redhat.com/security/cve/CVE-2020-29363) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit (CVE-2020-29361 - https://access.redhat.com/security/cve/CVE-2020-29361) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit (CVE-2020-29362 - https://access.redhat.com/security/cve/CVE-2020-29362) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit-trust (CVE-2020-29363 - https://access.redhat.com/security/cve/CVE-2020-29363) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit-trust (CVE-2020-29361 - https://access.redhat.com/security/cve/CVE-2020-29361) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit-trust (CVE-2020-29362 - https://access.redhat.com/security/cve/CVE-2020-29362) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-interpreter (CVE-2020-12723 - https://access.redhat.com/security/cve/CVE-2020-12723) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-interpreter (CVE-2020-10878 - https://access.redhat.com/security/cve/CVE-2020-10878) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-interpreter (CVE-2020-10543 - https://access.redhat.com/security/cve/CVE-2020-10543) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-libs (CVE-2020-12723 - https://access.redhat.com/security/cve/CVE-2020-12723) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-libs (CVE-2020-10878 - https://access.redhat.com/security/cve/CVE-2020-10878) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-libs (CVE-2020-10543 - https://access.redhat.com/security/cve/CVE-2020-10543) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-macros (CVE-2020-12723 - https://access.redhat.com/security/cve/CVE-2020-12723) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-macros (CVE-2020-10878 - https://access.redhat.com/security/cve/CVE-2020-10878) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-macros (CVE-2020-10543 - https://access.redhat.com/security/cve/CVE-2020-10543) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - platform-python (CVE-2020-26116 - https://access.redhat.com/security/cve/CVE-2020-26116) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - platform-python (CVE-2020-27619 - https://access.redhat.com/security/cve/CVE-2020-27619) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - platform-python-devel (CVE-2020-26116 - https://access.redhat.com/security/cve/CVE-2020-26116) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - platform-python-devel (CVE-2020-27619 - https://access.redhat.com/security/cve/CVE-2020-27619) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - python3-libs (CVE-2020-26116 - https://access.redhat.com/security/cve/CVE-2020-26116) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - python3-libs (CVE-2020-27619 - https://access.redhat.com/security/cve/CVE-2020-27619) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - python3-libxml2 (CVE-2020-24977 - https://access.redhat.com/security/cve/CVE-2020-24977) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - sqlite-libs (CVE-2020-13434 - https://access.redhat.com/security/cve/CVE-2020-13434) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - sqlite-libs (CVE-2020-15358 - https://access.redhat.com/security/cve/CVE-2020-15358) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - systemd (CVE-2020-13776 - https://access.redhat.com/security/cve/CVE-2020-13776) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - systemd-libs (CVE-2020-13776 - https://access.redhat.com/security/cve/CVE-2020-13776) warn +vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - systemd-pam (CVE-2020-13776 - https://access.redhat.com/security/cve/CVE-2020-13776) warn +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc-common (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc-devel (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc-headers (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc-minimal-langpack (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-29661 - https://access.redhat.com/security/cve/CVE-2020-29661) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-28374 - https://access.redhat.com/security/cve/CVE-2020-28374) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-0466 - https://access.redhat.com/security/cve/CVE-2020-0466) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-3347 - https://access.redhat.com/security/cve/CVE-2021-3347) stop +vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-26708 - https://access.redhat.com/security/cve/CVE-2021-26708) stop \ No newline at end of file diff --git a/scripts/fix-permissions b/scripts/fix-permissions new file mode 100644 index 0000000..827eeb5 --- /dev/null +++ b/scripts/fix-permissions @@ -0,0 +1,28 @@ +#!/bin/sh + +# Allow this script to fail without failing a build +set +e + +SYMLINK_OPT=${2:--L} + +# Fix permissions on the given directory or file to allow group read/write of +# regular files and execute of directories. + +[ $(id -u) -ne 0 ] && CHECK_OWNER=" -uid $(id -u)" + +# If argument does not exist, script will still exit with 0, +# but at least we'll see something went wrong in the log +if ! [ -e "$1" ] ; then + echo "ERROR: File or directory $1 does not exist." >&2 + # We still want to end successfully + exit 0 +fi + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -gid 0 -exec chgrp 0 {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -perm -g+rw -exec chmod g+rw {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} -perm /u+x -a \! -perm /g+x -exec chmod g+x {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} -type d \! -perm /g+x -exec chmod g+x {} + + +# Always end successfully +exit 0 + diff --git a/scripts/jupyter_notebook_config.py b/scripts/jupyter_notebook_config.py new file mode 100644 index 0000000..19b5e8b --- /dev/null +++ b/scripts/jupyter_notebook_config.py @@ -0,0 +1,55 @@ +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +from jupyter_core.paths import jupyter_data_dir +import subprocess +import os +import errno +import stat + +c = get_config() # noqa: F821 +c.NotebookApp.ip = '0.0.0.0' +c.NotebookApp.port = 8888 +c.NotebookApp.open_browser = False + +# https://github.com/jupyter/notebook/issues/3130 +c.FileContentsManager.delete_to_trash = False + +# Generate a self-signed certificate +if 'GEN_CERT' in os.environ: + dir_name = jupyter_data_dir() + pem_file = os.path.join(dir_name, 'notebook.pem') + try: + os.makedirs(dir_name) + except OSError as exc: # Python >2.5 + if exc.errno == errno.EEXIST and os.path.isdir(dir_name): + pass + else: + raise + + # Generate an openssl.cnf file to set the distinguished name + cnf_file = os.path.join(os.getenv('CONDA_DIR', '/usr/lib'), 'ssl', 'openssl.cnf') + if not os.path.isfile(cnf_file): + with open(cnf_file, 'w') as fh: + fh.write('''\ +[req] +distinguished_name = req_distinguished_name +[req_distinguished_name] +''') + + # Generate a certificate if one doesn't exist on disk + subprocess.check_call(['openssl', 'req', '-new', + '-newkey', 'rsa:2048', + '-days', '365', + '-nodes', '-x509', + '-subj', '/C=XX/ST=XX/L=XX/O=generated/CN=generated', + '-keyout', pem_file, + '-out', pem_file]) + # Restrict access to the file + os.chmod(pem_file, stat.S_IRUSR | stat.S_IWUSR) + c.NotebookApp.certfile = pem_file + +# Change default umask for all subprocesses of the notebook server if set in +# the environment +if 'NB_UMASK' in os.environ: + os.umask(int(os.environ['NB_UMASK'], 8)) diff --git a/scripts/start-notebook.sh b/scripts/start-notebook.sh new file mode 100644 index 0000000..62f2134 --- /dev/null +++ b/scripts/start-notebook.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +set -e + +wrapper="" +if [[ "${RESTARTABLE}" == "yes" ]]; then + wrapper="run-one-constantly" +fi + +if [[ ! -z "${JUPYTERHUB_API_TOKEN}" ]]; then + # launched by JupyterHub, use single-user entrypoint + exec /usr/local/bin/start-singleuser.sh --NotebookApp.token='' --NotebookApp.password='' "$@" +elif [[ ! -z "${JUPYTER_ENABLE_LAB}" ]]; then + . /usr/local/bin/start.sh $wrapper jupyter lab --NotebookApp.token='' --NotebookApp.password='' "$@" +else + . /usr/local/bin/start.sh $wrapper jupyter notebook --NotebookApp.token='' --NotebookApp.password='' "$@" +fi diff --git a/scripts/start-singleuser.sh b/scripts/start-singleuser.sh new file mode 100644 index 0000000..0c8f7ad --- /dev/null +++ b/scripts/start-singleuser.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +set -e + +# set default ip to 0.0.0.0 +if [[ "$NOTEBOOK_ARGS $@" != *"--ip="* ]]; then + NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS" +fi + +# handle some deprecated environment variables +# from DockerSpawner < 0.8. +# These won't be passed from DockerSpawner 0.9, +# so avoid specifying --arg=empty-string +if [ ! -z "$NOTEBOOK_DIR" ]; then + NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_PORT" ]; then + NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_USER" ]; then + NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_COOKIE_NAME" ]; then + NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_BASE_URL" ]; then + NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_HUB_PREFIX" ]; then + NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_HUB_API_URL" ]; then + NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS" +fi +NOTEBOOK_BIN="jupyterhub-singleuser" + +. /usr/local/bin/start.sh $NOTEBOOK_BIN $NOTEBOOK_ARGS "$@" diff --git a/scripts/start.sh b/scripts/start.sh new file mode 100644 index 0000000..0dd02ee --- /dev/null +++ b/scripts/start.sh @@ -0,0 +1,147 @@ +#!/bin/bash +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +set -e + +# Exec the specified command or fall back on bash +if [ $# -eq 0 ]; then + cmd=( "bash" ) +else + cmd=( "$@" ) +fi + +run-hooks () { + # Source scripts or run executable files in a directory + if [[ ! -d "$1" ]] ; then + return + fi + echo "$0: running hooks in $1" + for f in "$1/"*; do + case "$f" in + *.sh) + echo "$0: running $f" + source "$f" + ;; + *) + if [[ -x "$f" ]] ; then + echo "$0: running $f" + "$f" + else + echo "$0: ignoring $f" + fi + ;; + esac + done + echo "$0: done running hooks in $1" +} + +run-hooks /usr/local/bin/start-notebook.d + +# Handle special flags if we're root +if [ $(id -u) == 0 ] ; then + + # Only attempt to change the jovyan username if it exists + if id jovyan &> /dev/null ; then + echo "Set username to: $NB_USER" + usermod -d /home/$NB_USER -l $NB_USER jovyan + fi + + # Handle case where provisioned storage does not have the correct permissions by default + # Ex: default NFS/EFS (no auto-uid/gid) + if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then + echo "Changing ownership of /home/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'" + chown $CHOWN_HOME_OPTS $NB_UID:$NB_GID /home/$NB_USER + fi + if [ ! -z "$CHOWN_EXTRA" ]; then + for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do + echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'" + chown $CHOWN_EXTRA_OPTS $NB_UID:$NB_GID $extra_dir + done + fi + + # handle home and working directory if the username changed + if [[ "$NB_USER" != "jovyan" ]]; then + # changing username, make sure homedir exists + # (it could be mounted, and we shouldn't create it if it already exists) + if [[ ! -e "/home/$NB_USER" ]]; then + echo "Relocating home dir to /home/$NB_USER" + mv /home/jovyan "/home/$NB_USER" || ln -s /home/jovyan "/home/$NB_USER" + fi + # if workdir is in /home/jovyan, cd to /home/$NB_USER + if [[ "$PWD/" == "/home/jovyan/"* ]]; then + newcwd="/home/$NB_USER/${PWD:13}" + echo "Setting CWD to $newcwd" + cd "$newcwd" + fi + fi + + # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match + if [ "$NB_UID" != $(id -u $NB_USER) ] || [ "$NB_GID" != $(id -g $NB_USER) ]; then + echo "Set user $NB_USER UID:GID to: $NB_UID:$NB_GID" + if [ "$NB_GID" != $(id -g $NB_USER) ]; then + groupadd -f -g $NB_GID -o ${NB_GROUP:-${NB_USER}} + fi + userdel $NB_USER + useradd --home /home/$NB_USER -u $NB_UID -g $NB_GID -G 100 -l $NB_USER + fi + + # Enable sudo if requested + if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then + echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH" + echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook + fi + + # Add $CONDA_DIR/bin to sudo secure_path + sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path + + # Exec the command as NB_USER with the PATH and the rest of + # the environment preserved + run-hooks /usr/local/bin/before-notebook.d + echo "Executing the command: ${cmd[@]}" + exec sudo -E -H -u $NB_USER PATH=$PATH XDG_CACHE_HOME=/home/$NB_USER/.cache PYTHONPATH=${PYTHONPATH:-} "${cmd[@]}" +else + if [[ "$NB_UID" == "$(id -u jovyan 2>/dev/null)" && "$NB_GID" == "$(id -g jovyan 2>/dev/null)" ]]; then + # User is not attempting to override user/group via environment + # variables, but they could still have overridden the uid/gid that + # container runs as. Check that the user has an entry in the passwd + # file and if not add an entry. + STATUS=0 && whoami &> /dev/null || STATUS=$? && true + if [[ "$STATUS" != "0" ]]; then + if [[ -w /etc/passwd ]]; then + echo "Adding passwd file entry for $(id -u)" + cat /etc/passwd | sed -e "s/^jovyan:/nayvoj:/" > /tmp/passwd + echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd + cat /tmp/passwd > /etc/passwd + rm /tmp/passwd + else + echo 'Container must be run with group "root" to update passwd file' + fi + fi + + # Warn if the user isn't going to be able to write files to $HOME. + if [[ ! -w /home/jovyan ]]; then + echo 'Container must be run with group "users" to update files' + fi + else + # Warn if looks like user want to override uid/gid but hasn't + # run the container as root. + if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then + echo 'Container must be run as root to set $NB_UID' + fi + if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then + echo 'Container must be run as root to set $NB_GID' + fi + fi + + # Warn if looks like user want to run in sudo mode but hasn't run + # the container as root. + if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then + echo 'Container must be run as root to grant sudo permissions' + fi + + # Execute the command + run-hooks /usr/local/bin/before-notebook.d + echo "Executing the command: ${cmd[@]}" + exec "${cmd[@]}" +fi diff --git a/tini b/tini new file mode 100644 index 0000000000000000000000000000000000000000..86cb766c6b8af2564ac9201df913fe079acae3d1 GIT binary patch literal 24064 zcmeHvdw3hwweQ%m^KcT`2?-cT%O=MG2W(*{c5ng)$+nykIJU9n@JNF#Te2;%B_oaO zgmR0i5*k&wbz3Nu)58fZrLS`jv=kZyB@O|SL)&u$Txdd|gh%O!@JI;_DHL>nYd_?P z5`U-nJKz1|eqRRUJ?p*p+H0@bGqW={yP6tvb8<9wPL0hCv2PPjs2d7Xg&QyC;s#fhx$u|vc9)2~s0#TFe;3ukGB+#%R4&@=WWN-3t z$WzfaTq;1-Y8vARk|SS>nmLHJi=U|W%QGZiIVk1GJ(4Sxa-~vEwR=c04%I4g>Kpw$ zvVWdj2OxqS)MyR-?_^87bhQ4-@X`6!RUAa?;3ulRPoOo`D!D5lM}GdJN0DS~llG>H z%OTl6)k;viU?9-FqUwSHU->{F7~N35p=L$-iYj{~WM9VnP5Oy1P5JDpX|oH4&4ml5w0{7UgV55IE!D)FPE8owI+D5SOcU4mcsL22{-Z3|O-KfCS9 za|<{B(>pJGVAEfy9=rbLyKh?d)W`E59s7&zmyccb;))-Z$M)TD)uP=u#CQMOnN=YxvPIqwlWr@F# z>nYT3KVRTE5r1ZZf1Y-_=D4DZqb{d{gk!$6J3imR;b*0ug@ER1XJ|j^=;C*IXGVZ*&y{CI!oYb9@25A#CI)r5U3>~PscfEi=aOt^$V<~T`u{@rJi+?@Coqq zAhA{UOZjuQ)Wg9|4a$?n%rrQHV?IXK@7kf-C<_)(lEWE|)kK}WgdAD8`= z?AnO5+j_Qx^A$+D3A8l6RnmVIpLvp>Nj-iprD@Mg{c3$g*BUw=#E<-WFw39+1V1}L ze7-LEw`TF1Qh%%L@0Fw+$9m;Yv4g|E03Sba9qysa?g}kpgd>5zpm#tE4HG$VP>(hg?lFK1^!W#ejE%(G z+3635gP~4Py+$AuBw?5UzIP}b2pYYeJ^fH__(D-b>m7<3J(|%2!J)qJkj7hBf{Z^n zOs;vueZ&l%WX0#_{`fcedxnR!-jQ&?@DtwK!%dBN1Kd$yjKHAZM=&|uGYHj27)nB6 zI6_hAj6k)~Ip_@pwQg_3AM_6Tc|XaG-mu@V_tB1h%RD~{K$mP&hAJ=Dh~T2M#$nAdEa?sXs|or zhnF;-h-QyJ7{M?Mc}Id;=Vim4Z88+~1Kvmke4@)3cYn|IQYaen_8~kJIu)E_0vCvc z2E2wJGJye~wz|n(SKqnJzT94wIbUY4MoQ<(|0d5AhUW6*xjLJ~QK=$qj^)2&AuEN> ztyDS}FwHA*PPI)O#_54sv|`-`CkPikgWz24DRK(O(UvaW(i*&wpNT(ee$zdRyfxtj zb$uW_ty$Hf>IdOzt*Q=H=LmnHLZU5h?cxyKzNnHw2xh@c7dc<41usiG$5&YJss<9F z#)7xrUpOpydF#aW=oY-H$wX+i;1RgYag_yMkip{q(}JfplREk>_&ExRcF2OCYr$`@ z;B6NCs0FXan8;f!c)ABs$G8PQUm?-nWx=0f!Ed$T>0U=2Ke6Cxt)PwvE%;Lv674n% z{xl1I!h%=VRwD1V;Lot|@3G*|wBYwz@akTh$OkO=FIf0Z3;v51{2>dTS@1_K__Hl| zJ@)QQJ&_;1lxh0r2_xS;jO^88PtDwEVZv#;x*II%B|iKu#M&mkgy4Q+N*ze!SaJ=) zl=`VX9Bw0+Qa&}o;mZi7R8Kv~;W~mT#Zy~3yoz9&R;h6gFC&;zJvGYV^9ZICPYrQ+ zF~OADsV)wmK`^Css+Gg@38qv|IXGNEFr{#+g2TB4Q|hJ|hd;RlFr{p&h{GQeOsSgE zIQ$O5R8mrhJ_lmS8w69zrVeoUWr8VHQ+qi4Ji(NrsR<50OYkWKKgi)H38s`xZRK#1 zU`oZ*IEQ~pFr{E>l*2zGm{Kn_#Ni(hOevS@;_%%BV*!Z%bNJf?Q|hH09R51Nlya#G z4u6$kO0^W@aJZIfz2kuSq2KcE77U&~)>N`UAM=zH?`kOFaY4I)M%nxXu|~$sNdTeW z@)U9Jteh}+BBVgi*hWkT-`2-|RpOwO8oRyZ0NO{-0a}lLtjCR#Qhm%QVTXUN$NwPF zo{|cHW1C7Qh->Vo5{DjdC}HL$i2LS==+6_?kJmA6^AY3P?c9f6cn)K&=5Ibrr}aeb zFsShz$@|WCXipFW{5cF3Ju&x7pd?Fx;`r@bsvVlSo0F=YAZ@2aG4F(yR6Pb4a_e|M z3O82)H2)oWp(l)zVhY6^a*UbRA$K=V6mF*M&=WV66q_?44kk`_n3o|Jh)xcG46IR7 zWE#i-!oCV@>?VZN_oA)J8IM8e;Ph>8w~O?F>n2LBBT$1c@rVE^*gC5^x75t z1kpS6Ti)jic6>e!3iS9PeTR9ep7V_U+~>x^jJDZITj5#IBkYgX{=&gi^4<$z9gL5n)y&I*MaJd9rL2s*1yMBT zfSjl?H{(3%xWIvw-vREIP;*pbUIUVzsNM;b7_QSH!e`C8oxS7c!B4pU`#{dpe>Um= zH;|!!3F$8q`VZcNIG7I!xq;*5QqXT2Lhe1BC;Nq5st1v3uRKzjHtz=-VcGIN_0SEV zG97=$Y~|SaP9tPillJ(|gcdt`df}!SIT}u;8{KBDuzCbFCCl3ggcBE;H=#+sO1Z`Z z@p~}JKs*K|n%M+8qVX{BA{w)yF}^nw@5=qL+8L{umOK28x#w>@Gy!4kS<7Uf&b7>K z0VP=hwPJQmpr7V`?qPLR#=y^@<>0@ld^Nu;loCCw2fu)%c`?X{_ro|({#tY+MWsQ> zlYf0H;a}mcjX;}aLfzAt*-&Tov70+G_vfG_X~ijg948+y6h4lFB!Vy<7_0qr4W>tY=WvVp??-urRtxJ3%N#1$=3BzA za!}lfIVIeP=Jp19J&tK9S6|^zw7w|LQ)FL?C|yjq$yy3#lgXdT1tu zjfUfG?0~S@1Tx0^X%WaTf(wb8{LqqXcMBWSGB&P;2#*6_0B|dl^{1m6de?v{*(!MWFbVQMN%BP?14CYI0TbtdbRH+~OVUC? zWL72Ao3C>2eU>ZW9tfGwNc6cG?xTc$K%y_rpjjo*cS*D}gYF{qEfP(S^@Yiw5c)ca zUYS9ggl?DU$_%=68PFF?^ok6+i_l9X`U@Gfo4RA;=s$|Fef_T#iG9i93{M~NymN#H z=+RLC$-AITh3IubaPqNw^qWN9Yau@=$ejDpdx$!7IiDLpB?59?j|;==)~9-5TI5q= zVX&HVEnEA;qYeaC@3J+bXT z4JF3=W(~As{=A~^cr!2Y9TV92!pBi##8kwU2=mM``Eb>k%s1F5PST==mK`&7tlIcp zpt*p8g+36v3{pxQQN#C1+sGf}a}h)9b*; z%u8cOYerbQgLh(e6+;lw^3_g8Gw#{+yVV_v=q!%Srtf ze$omG?%fN7d9n2SA++XeA9BC%0wK%qg~IP3D9IG1R-!hHbCv2xc!#Syff94&VQ3<+ zY4Am@x|17*;8$ioO8N4{Z=mMz{e_!Xf&g{XAglWMD3z?_E-)wqcff$q(<1c5Upv2c z?+SQ8=@#3SqxYoEE^>eKggZXnSf%$Yd=%uRFCZ^pL|$#)U-*q9eBnChB|Sa|S@vYk z$`@`vr1$LCcjfJc5?p&yAA-Z&_ZRNaw;`Stg+h2?-VHJ;_9N`#PaJPnX{d0g8BDD8Egs1QXMhhme_@S z>Qx@mC+V6t{<7izdu7s@l z)cZWEYq_48_ZlE2^1v{YGUz2jW#>~P1AI6e6LSv&6T_fQB< zg>kwK`XX+MP!(v-B4~MeX!Wr#mE_T7gC3bsBv%TsWqvWEC9h_li=Mg@YxxzKjGFgL;ctKpLJ?i6$qRE#5H{@~U>pEO z(!K1ssq+jJqSjvkie)+RYs%(-=A`NcAc>K@jtAnFT#^+ zh>}VMEs6UFPN{ZeOnjG=oTyLZ<~pH&!SVXP1ufp7ju)KSb}~Jl%#IOq!#(po@7^aX;?zXo*LETZ=0_il&gva;-9E0iG4oL zxIR|<*7ODIZ3GKukKS6H+bt2enXbDKa(QW+G*sui})ZJbnHnKAV>Xu;L@EYi46X#B{|`(Uk8-x3;M z1|?aP(YOcWXZ8w>+d&e}S4-zBCn#DpPo@dI-#=dON(kf5(Y#l1+z1Y;eXm2Y3eKrQ ze`iMjiz&!dm881o4?7ErT<*44u`KWD}|+JQ6JC~>%*5m=qr4rsbnq&=;t6O_gLa|nK1Sp;6vcexeSr}UmKh)wpbq)X&%S~`b)5cnJMnB2< zN+?$Q+&SddwdUP#^8hbD-mN`k2-=2D-2VjG@+_hTR?JmG{X-e`v!E(9jZb8U=DZRs zn0T6QH=D+m{BbeE!{xDZYVkzuh&%pb)6zfDeYL*hvuWnJe?nI`zh|(@{VEl$2j9jlMw%Iw0h^3kpkD@;2tAa6yjb2m4(uwzt#p>#=P zX@OQB8XUyl1%_>(enuNjLcz$Yf&z`P@_|*Xy+1Sp65l?+h|RwtVAu;ZS8zBG4h0AO zL4yr@!vWe#!Nol8W_M?MM_rrC+3IT3IJnl;R@c(*_FOH%%iT>)ovm#x^{)2z&ed%# z9j%D{Y8_2^`LG{*Ua%u&Nu)q)4jIe~?E?Xybc~^|tbB-vXDX_nQ-@ad50CT>_*Ws0 zo;GK_>zK}~-4A{r^F|ooz`!Q=eXP6E+17k)w6N(zZnVjS_1qr1m2wG|bq90;BF`4>ebGxOt1Q zBM>p=qvot@V(Jjw$$#pR&OaGmMR_G;}@X0p*F`?^`O( zPj0lz*aLqg+SAW`{$b3+spQ&eYfol?xzAbKHdbM;TxqXh<*W~r z+vl&U@cJqwUkB|1qAA7JwcvGMOLO~rhG?&DbFN|K7c`fDik&R zn85I*FYFy;(I9qUF{9s)?qGY>aDXN{3-xB^IBjnd@qp*NI6)Q4kkTxxk#gEnjbIOa z{gT1x4@6kMe_)6W`Xl7NwQzwivWlq!K+~Ul*aObV62MBs{u`nJ?5tuTpXQp>Qh zX(2lNcD zVypc@e;Avn*dP@H^sGA+K^2Y~*mP%ymqXag#-c-%D9cg7&>y7$@*}HQD{b#W53uVj zNI5P%pp>FrT@0=;?9-#k&G-&4pAx5jV8XX!GnuR;5i&xf!{^Dlk<3W+g+tLHtDK*? zu5x=i>suOJ6v;vF&?JJD_J%`)tb&v+tFB&3Z3PK4q|kpa?j+ytH@J@?QUOe(0spXn zfR+0Ez24}6fkgGuC@FjY_x+o!(0unK9~(bLXCuG%h#Eqh{$%0RTH89?T?mHmZfcmk z?lELwH0T{hxu+{5L!$Gn9Kwz{T*C(K%!#4d7>cqeFXq-Pqn9O`<$|C#-<{x6#V>W7 z{TP0)s`Hs^8uJ=PIM9s=sYE)0V)r3R2H$hZ0zpcI%$`iuzk1r;hy045{y;BJFuBc< zvPxWq;KFhGPRyy)YA)L733XWR@GBN6qpLfvN}1SF&(>h~r!3v#n#6G39K_h5g7U&9 zc2Dx!Mn&{^e!(Tmz7!DvT{$y#_joz-CK|jx7#a!EJY@@HXIG|s*TCj>TY0_{5lng1kVLY?$5>aC_-oOT4Tyeoh z%^EC2ZSr$Oc|@(hF(oLS=`w+R)yLfduwz&MWLtHFJ8{Cklrd;UC^8&87WNawj!=)3 zIXDGRQuxt~+iW^$Hx3;g5}qbNZM}r^B-x7PJX_N5mhc=2|3JcXCHyl9+a&x;2^UIuA0DgFF^~V%w4|iZm++Gk zK1IUMN_c^UACU6&SeuUB5H4A8{Bbb12t#LMY)F$Va+{&d=b zcJ$SBx(lu2wRHMHwCweC`T)UbkD`4LZ3Pmb=ndSiqdoK%_|UfE_I)?n2k`*l5ZVbm z87M|#jN*yeINAw365UNO-h4P<{}9?OGEr3ga&BzXayAs@oH=L4%<-HVMTDom9o?Hw zpNCc*C+63*5-1iucXub-;~tZipFy5Y{j=t zYp}6f^PINQSpH?UirjF4t<-5_PFpcJ>TEMzvs-{^v|t*^U>Sa|;I{>1!2fL(?A@9R zso1p3Y;4;099yy5R^+s)`9X1*1OICp(yH*Ix5YGuK0-|DX|}OkM}e&v80cx7 z-C!$j%%~)NUxM5Q$X!Wt=tXXuZ6@h3fS&-K{~IEgt>_!ME?e=~v^pEREw8~=dTV}z zts*u(_X^Qd#6a}4VRr5vK*4MVwR(1I7N$W?V6y)T^#{4NPS`KXU2B_3xX?jk9t)h{SV5Sp|vvYfZ1t-QegLTcO0A%ylsrp3Y@;L08m?Qk( z+VOn4+%}$*i=3hXLAb8NStC!x2XIzTo%2BMBgh@X(?1PpNZMAJYKZr;<1)b)|0O&QCyMCN& zu=`Dl(>EwiV|jJ9(%bTNTg9!@bz4nr#u}R=Y^!nds30#gQQ`ky`B%`>1wH7-$>U@M zPDbEl1WrcaWCTt|;A8|&M&M)wPDbEl1WrcaWCZ@djzGmi2lu~7wyHC9YfXo0=Lj(K zJsb6WQhh&1J^xeRS5wdX)N>#8Jg~UAi)*6$csdmQub-zw1mBhGpeFOpw~1K-R?lC@ zrwLd+Pu(ML&eih@^-M`U&m>)R;8tE7tzEoT_w@9A2Ri6E4jt;bu6o`%G1qYnUYD@) zdjqH9yFs#5_OYRq_orC$rzNc7iARZ?K0Zh2m*W4=8}%K#Y(tL}2|u2Z?Mt$KTee4J zJAIzuJ5{#l$aaNn8)dszw!N|)mhG*w{jO~9m+d36eMYt~$@Xp89+B~@&ynp4 z**3~{t!#T`J1pDmerLmKd=#GG%kvb3@A=`?#u~Q=@BPJ|r&0h*3kvE(LmTn3zu#b` zJxkfLippx{=?`HS32O<5ZtMxMiwzDsLL9XBhA$~7X!VB&1K6#Dx4(QxLfGHEkzp@H z5L;`?7=6KpwmJ2444z zO%2!!6zU1!CAE+FLOoI1j>W&|gLgUDkHt#qMa|-NDY1AdH-h)L0|fzkA&u=vN*TSt z#I^&xuE9rm0{l}wWq2jrGZ4iGX|S(Ak_Q5V0cnB6c|;-w@Eos-%DA6p*vjAw^ln7! z=iM5Lb`Jz1{bkq@L8|E;G~PuKk_WhqUV2@?-zyCa6riWrH$hRcddGPvK8OwM%MkGm z3nPg7F}#R$L2nehAtL?a<(CiJXF}ZKb@JHwTMZ58$I%ovE18gW1 z=Jv9?X)h@7=q}dY(&)hsG#7KX(@vYU?gm!_TkLEHyts^A>GtR?9UcabHfOWvYSz-o zoXuCW%iYZlW!Q(&+J;?qtfj5My{5Iv?E(&4qMAAy+|8?59psu@klSt~HI#Z<7#WnR z+%Cv9vNf)@dL5dbb?zo?*()n(bbFdfXJbnnbFx-vo5x+>(d2AntsQNxE$uFtZ-Cln z>@jSE71tV9v&Rmrz%kca0IXeiHZ_r{0%r%jZzKO$eM{@rZP@nbVR}nbgA2$y7d&&; zHMxW-bgI6|>0VRD8k}pKtI4}I)&ebU1;i%2V^``fLXkZu{;#JkO4JS7N``%Zo-*{Z z&65$m(%tSVW6m~rI|Zb%tz}JF0fiG1&<-V#Yjz1O6lxxz%!q)60@i^}D_>ZH%h?27 z7@p>1hR>dKBZ^V`wma>Lsvp}t_$-W|o(jPig_vlE0}d;OZ-w=o#mI4D{p zEGTlr)G)?1p zDx~*D)+1ZK3Pk*K-;lC@SFVGz-z58OwkEo!Lm zN?xsN8i6BLC9l?J6LJBh)?;AdM|S+0fu*&Ol2_}Wak;?UB<0lmcg3e#ddEgq(NQm}Se;rw1q| zGR&Fv^oAlJaj12&fP}B=oZ5}}S>?CNb=g)ae;_O15}o<38O7HsKRVw54Bk`D=S{|6 z0Zsa^;4z$7<<<8v$EAF(x)G29%D$5SPL{m7f4Kd8!J*dCia$I5zbEC@_^Iz)Zk6)K ze2fjeOevD>y=ck*jQlDGr>O5Q-^ZcJKiT#l0Ldz^U*zD-`b9$K@0lA70ju#B5WY)< z6WYt6*wp=!`W|yOe>VIyWD70w>VB%2CKirt{%rU;@R0w?K7HPX4)zbqzXV>&T_vyX zC)D?{_mFZND!-L|l?Piuv)WhR(L370#isOM>3J Date: Tue, 16 Feb 2021 11:19:59 -0500 Subject: [PATCH 02/36] removed download.json --- download.json | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 download.json diff --git a/download.json b/download.json deleted file mode 100644 index 782821f..0000000 --- a/download.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "resources": [ - { - "url": "s3://coeus-jupyterlab-packages/tini", - "filename": "tini", - "validation": { "type": "sha256", "value": "93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c" }, - "auth": { "type": "s3", "id": "jupyter-credential", "region": "us-east-2"} - }, - { - "url": "s3://coeus-jupyterlab-packages/pip-20.2.4.tar.gz", - "filename": "pip-20.2.4.tar.gz", - "validation": { "type": "sha256", "value": "2245776a68ea743c35df2b375ad44568e744e0075c86f0fc8d791af315a99af2" }, - "auth": { "type": "s3", "id": "jupyter-credential", "region": "us-east-2"} - }, - { - "url": "s3://coeus-jupyterlab-packages/jupyterlab.tar.gz", - "filename": "jupyterlab.tar.gz", - "validation": { "type": "sha256", "value": "104412ac5e29afc652fbb66cc065576314934f4b3c25e1c55a74e73eda175ba4" }, - "auth": { "type": "s3", "id": "jupyter-credential", "region": "us-east-2"} - } - ] -} -- GitLab From 048ee4fdaacdcace7da7d5aaef645765f8b902dc Mon Sep 17 00:00:00 2001 From: Komnick Date: Tue, 16 Feb 2021 11:24:49 -0500 Subject: [PATCH 03/36] remove LABEL from Dockerfile --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 63c1f78..671a2a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,10 @@ #ARG BASE_REGISTRY=registry1.dso.mil -#ARG BASE_IMAGE=ironbank/redhat/python/python36 +#ARG BASE_IMAGE=ironbank/carnegie-mellon/python36-ai #ARG BASE_TAG=3.6 #FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} FROM python36-ai:latest -LABEL maintainer="Jupyter Project and Rob McCarthy " - ARG NB_USER="jovyan" # NB_UID == 1001 b/c the default user in the ironbank python36 image is uid 1001 ARG NB_UID="1000" -- GitLab From 006521b8a080225d76963f75a9718429828e7588 Mon Sep 17 00:00:00 2001 From: Komnick Date: Tue, 16 Feb 2021 11:32:02 -0500 Subject: [PATCH 04/36] removed space in hardening_manifest --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ca51fa6..229bf37 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -24,7 +24,7 @@ labels: org.opencontainers.image.url: " " org.opencontainers.image.vendor: "jupyterlab" org.opencontainers.image.version: "1.4.2" - mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science" + mil.dso.ironbank.image.keywords: "jupyter, notebook, terminal, texteditor, datascience, ui, data, science" mil.dso.ironbank.image.type: "opensource" mil.dso.ironbank.product.name: "jupyterlab" -- GitLab From 0ce8bca5ee6ddaead0e1cfa58c10ad6daf5e0de9 Mon Sep 17 00:00:00 2001 From: Komnick Date: Tue, 16 Feb 2021 16:13:53 -0500 Subject: [PATCH 05/36] fixed typo in hardening_manifest --- Dockerfile | 1 - hardening_manifest.yaml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 671a2a6..c230973 100644 --- a/Dockerfile +++ b/Dockerfile @@ -69,7 +69,6 @@ RUN tar -xvf jupyterlab.tar.gz && \ rm -rf /tmp/jupyterlab/ && \ fix-permissions /opt/app-root - EXPOSE 8888 # critical env variable to enable jupyter lab GUI (default is the old interface) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 229bf37..550b8d0 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -13,7 +13,7 @@ tags: # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "carnegie-mellow/python36-ai" + BASE_IMAGE: "carnegie-mellon/python36-ai" BASE_TAG: "3.6" # Docker image labels -- GitLab From ae47ff9aa416e426353fafe49751c6f69c88e067 Mon Sep 17 00:00:00 2001 From: Diego Alejandro Medin Date: Thu, 18 Feb 2021 12:35:52 -0500 Subject: [PATCH 06/36] Chmod+x start-notebook.sh --- Dockerfile | 16 ++-- fix-permissions | 28 +++++++ hardening_manifest.yaml | 13 ++-- jupyter_notebook_config.py | 55 ++++++++++++++ scripts/start-notebook.sh | 0 start-notebook.sh | 19 +++++ start-singleuser.sh | 39 ++++++++++ start.sh | 147 +++++++++++++++++++++++++++++++++++++ 8 files changed, 304 insertions(+), 13 deletions(-) create mode 100644 fix-permissions create mode 100644 jupyter_notebook_config.py mode change 100644 => 100755 scripts/start-notebook.sh create mode 100644 start-notebook.sh create mode 100644 start-singleuser.sh create mode 100644 start.sh diff --git a/Dockerfile b/Dockerfile index c230973..a3c327a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,11 @@ -#ARG BASE_REGISTRY=registry1.dso.mil -#ARG BASE_IMAGE=ironbank/carnegie-mellon/python36-ai -#ARG BASE_TAG=3.6 -#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=ironbank/redhat/python/python36 +ARG BASE_TAG=3.6 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -FROM python36-ai:latest +#FROM python36-ai:latest + +LABEL maintainer="Jupyter Project and Rob McCarthy " ARG NB_USER="jovyan" # NB_UID == 1001 b/c the default user in the ironbank python36 image is uid 1001 @@ -69,6 +71,7 @@ RUN tar -xvf jupyterlab.tar.gz && \ rm -rf /tmp/jupyterlab/ && \ fix-permissions /opt/app-root + EXPOSE 8888 # critical env variable to enable jupyter lab GUI (default is the old interface) @@ -83,6 +86,9 @@ COPY scripts/jupyter_notebook_config.py /etc/jupyter/ # Fix permissions on /etc/jupyter and /usr/libexec/openssh/ssh-keysign USER root + +RUN chmod +x /usr/local/bin/start-notebook.sh + RUN fix-permissions /etc/jupyter && \ fix-permissions /usr/libexec/openssh/ssh-keysign diff --git a/fix-permissions b/fix-permissions new file mode 100644 index 0000000..827eeb5 --- /dev/null +++ b/fix-permissions @@ -0,0 +1,28 @@ +#!/bin/sh + +# Allow this script to fail without failing a build +set +e + +SYMLINK_OPT=${2:--L} + +# Fix permissions on the given directory or file to allow group read/write of +# regular files and execute of directories. + +[ $(id -u) -ne 0 ] && CHECK_OWNER=" -uid $(id -u)" + +# If argument does not exist, script will still exit with 0, +# but at least we'll see something went wrong in the log +if ! [ -e "$1" ] ; then + echo "ERROR: File or directory $1 does not exist." >&2 + # We still want to end successfully + exit 0 +fi + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -gid 0 -exec chgrp 0 {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -perm -g+rw -exec chmod g+rw {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} -perm /u+x -a \! -perm /g+x -exec chmod g+x {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} -type d \! -perm /g+x -exec chmod g+x {} + + +# Always end successfully +exit 0 + diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 550b8d0..0404f1c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "carnegie-mellon/jlab-eda" +name: "opensource/jupyter/jupyterlab" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown @@ -13,18 +13,18 @@ tags: # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "carnegie-mellon/python36-ai" + BASE_IMAGE: "redhat/python/python36" BASE_TAG: "3.6" # Docker image labels labels: - org.opencontainers.image.title: "jlab-eda" + org.opencontainers.image.title: "jupyterlab" org.opencontainers.image.description: "JupyterLab is the next-generation web-based user interface for Project Jupyter." org.opencontainers.image.licenses: "MIT License (MIT)" org.opencontainers.image.url: " " org.opencontainers.image.vendor: "jupyterlab" org.opencontainers.image.version: "1.4.2" - mil.dso.ironbank.image.keywords: "jupyter, notebook, terminal, texteditor, datascience, ui, data, science" + mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science" mil.dso.ironbank.image.type: "opensource" mil.dso.ironbank.product.name: "jupyterlab" @@ -65,8 +65,5 @@ maintainers: name: "Brad Alexander" username: "balexand" cht_member: true -- email: "daniel.s.komnick.mil@mail.mil" - name: "Dan Komnick" - username: "Komnick" - cht_member: false + diff --git a/jupyter_notebook_config.py b/jupyter_notebook_config.py new file mode 100644 index 0000000..19b5e8b --- /dev/null +++ b/jupyter_notebook_config.py @@ -0,0 +1,55 @@ +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +from jupyter_core.paths import jupyter_data_dir +import subprocess +import os +import errno +import stat + +c = get_config() # noqa: F821 +c.NotebookApp.ip = '0.0.0.0' +c.NotebookApp.port = 8888 +c.NotebookApp.open_browser = False + +# https://github.com/jupyter/notebook/issues/3130 +c.FileContentsManager.delete_to_trash = False + +# Generate a self-signed certificate +if 'GEN_CERT' in os.environ: + dir_name = jupyter_data_dir() + pem_file = os.path.join(dir_name, 'notebook.pem') + try: + os.makedirs(dir_name) + except OSError as exc: # Python >2.5 + if exc.errno == errno.EEXIST and os.path.isdir(dir_name): + pass + else: + raise + + # Generate an openssl.cnf file to set the distinguished name + cnf_file = os.path.join(os.getenv('CONDA_DIR', '/usr/lib'), 'ssl', 'openssl.cnf') + if not os.path.isfile(cnf_file): + with open(cnf_file, 'w') as fh: + fh.write('''\ +[req] +distinguished_name = req_distinguished_name +[req_distinguished_name] +''') + + # Generate a certificate if one doesn't exist on disk + subprocess.check_call(['openssl', 'req', '-new', + '-newkey', 'rsa:2048', + '-days', '365', + '-nodes', '-x509', + '-subj', '/C=XX/ST=XX/L=XX/O=generated/CN=generated', + '-keyout', pem_file, + '-out', pem_file]) + # Restrict access to the file + os.chmod(pem_file, stat.S_IRUSR | stat.S_IWUSR) + c.NotebookApp.certfile = pem_file + +# Change default umask for all subprocesses of the notebook server if set in +# the environment +if 'NB_UMASK' in os.environ: + os.umask(int(os.environ['NB_UMASK'], 8)) diff --git a/scripts/start-notebook.sh b/scripts/start-notebook.sh old mode 100644 new mode 100755 diff --git a/start-notebook.sh b/start-notebook.sh new file mode 100644 index 0000000..62f2134 --- /dev/null +++ b/start-notebook.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +set -e + +wrapper="" +if [[ "${RESTARTABLE}" == "yes" ]]; then + wrapper="run-one-constantly" +fi + +if [[ ! -z "${JUPYTERHUB_API_TOKEN}" ]]; then + # launched by JupyterHub, use single-user entrypoint + exec /usr/local/bin/start-singleuser.sh --NotebookApp.token='' --NotebookApp.password='' "$@" +elif [[ ! -z "${JUPYTER_ENABLE_LAB}" ]]; then + . /usr/local/bin/start.sh $wrapper jupyter lab --NotebookApp.token='' --NotebookApp.password='' "$@" +else + . /usr/local/bin/start.sh $wrapper jupyter notebook --NotebookApp.token='' --NotebookApp.password='' "$@" +fi diff --git a/start-singleuser.sh b/start-singleuser.sh new file mode 100644 index 0000000..0c8f7ad --- /dev/null +++ b/start-singleuser.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +set -e + +# set default ip to 0.0.0.0 +if [[ "$NOTEBOOK_ARGS $@" != *"--ip="* ]]; then + NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS" +fi + +# handle some deprecated environment variables +# from DockerSpawner < 0.8. +# These won't be passed from DockerSpawner 0.9, +# so avoid specifying --arg=empty-string +if [ ! -z "$NOTEBOOK_DIR" ]; then + NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_PORT" ]; then + NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_USER" ]; then + NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_COOKIE_NAME" ]; then + NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_BASE_URL" ]; then + NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_HUB_PREFIX" ]; then + NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS" +fi +if [ ! -z "$JPY_HUB_API_URL" ]; then + NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS" +fi +NOTEBOOK_BIN="jupyterhub-singleuser" + +. /usr/local/bin/start.sh $NOTEBOOK_BIN $NOTEBOOK_ARGS "$@" diff --git a/start.sh b/start.sh new file mode 100644 index 0000000..0dd02ee --- /dev/null +++ b/start.sh @@ -0,0 +1,147 @@ +#!/bin/bash +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +set -e + +# Exec the specified command or fall back on bash +if [ $# -eq 0 ]; then + cmd=( "bash" ) +else + cmd=( "$@" ) +fi + +run-hooks () { + # Source scripts or run executable files in a directory + if [[ ! -d "$1" ]] ; then + return + fi + echo "$0: running hooks in $1" + for f in "$1/"*; do + case "$f" in + *.sh) + echo "$0: running $f" + source "$f" + ;; + *) + if [[ -x "$f" ]] ; then + echo "$0: running $f" + "$f" + else + echo "$0: ignoring $f" + fi + ;; + esac + done + echo "$0: done running hooks in $1" +} + +run-hooks /usr/local/bin/start-notebook.d + +# Handle special flags if we're root +if [ $(id -u) == 0 ] ; then + + # Only attempt to change the jovyan username if it exists + if id jovyan &> /dev/null ; then + echo "Set username to: $NB_USER" + usermod -d /home/$NB_USER -l $NB_USER jovyan + fi + + # Handle case where provisioned storage does not have the correct permissions by default + # Ex: default NFS/EFS (no auto-uid/gid) + if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then + echo "Changing ownership of /home/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'" + chown $CHOWN_HOME_OPTS $NB_UID:$NB_GID /home/$NB_USER + fi + if [ ! -z "$CHOWN_EXTRA" ]; then + for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do + echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'" + chown $CHOWN_EXTRA_OPTS $NB_UID:$NB_GID $extra_dir + done + fi + + # handle home and working directory if the username changed + if [[ "$NB_USER" != "jovyan" ]]; then + # changing username, make sure homedir exists + # (it could be mounted, and we shouldn't create it if it already exists) + if [[ ! -e "/home/$NB_USER" ]]; then + echo "Relocating home dir to /home/$NB_USER" + mv /home/jovyan "/home/$NB_USER" || ln -s /home/jovyan "/home/$NB_USER" + fi + # if workdir is in /home/jovyan, cd to /home/$NB_USER + if [[ "$PWD/" == "/home/jovyan/"* ]]; then + newcwd="/home/$NB_USER/${PWD:13}" + echo "Setting CWD to $newcwd" + cd "$newcwd" + fi + fi + + # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match + if [ "$NB_UID" != $(id -u $NB_USER) ] || [ "$NB_GID" != $(id -g $NB_USER) ]; then + echo "Set user $NB_USER UID:GID to: $NB_UID:$NB_GID" + if [ "$NB_GID" != $(id -g $NB_USER) ]; then + groupadd -f -g $NB_GID -o ${NB_GROUP:-${NB_USER}} + fi + userdel $NB_USER + useradd --home /home/$NB_USER -u $NB_UID -g $NB_GID -G 100 -l $NB_USER + fi + + # Enable sudo if requested + if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then + echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH" + echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook + fi + + # Add $CONDA_DIR/bin to sudo secure_path + sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path + + # Exec the command as NB_USER with the PATH and the rest of + # the environment preserved + run-hooks /usr/local/bin/before-notebook.d + echo "Executing the command: ${cmd[@]}" + exec sudo -E -H -u $NB_USER PATH=$PATH XDG_CACHE_HOME=/home/$NB_USER/.cache PYTHONPATH=${PYTHONPATH:-} "${cmd[@]}" +else + if [[ "$NB_UID" == "$(id -u jovyan 2>/dev/null)" && "$NB_GID" == "$(id -g jovyan 2>/dev/null)" ]]; then + # User is not attempting to override user/group via environment + # variables, but they could still have overridden the uid/gid that + # container runs as. Check that the user has an entry in the passwd + # file and if not add an entry. + STATUS=0 && whoami &> /dev/null || STATUS=$? && true + if [[ "$STATUS" != "0" ]]; then + if [[ -w /etc/passwd ]]; then + echo "Adding passwd file entry for $(id -u)" + cat /etc/passwd | sed -e "s/^jovyan:/nayvoj:/" > /tmp/passwd + echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd + cat /tmp/passwd > /etc/passwd + rm /tmp/passwd + else + echo 'Container must be run with group "root" to update passwd file' + fi + fi + + # Warn if the user isn't going to be able to write files to $HOME. + if [[ ! -w /home/jovyan ]]; then + echo 'Container must be run with group "users" to update files' + fi + else + # Warn if looks like user want to override uid/gid but hasn't + # run the container as root. + if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then + echo 'Container must be run as root to set $NB_UID' + fi + if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then + echo 'Container must be run as root to set $NB_GID' + fi + fi + + # Warn if looks like user want to run in sudo mode but hasn't run + # the container as root. + if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then + echo 'Container must be run as root to grant sudo permissions' + fi + + # Execute the command + run-hooks /usr/local/bin/before-notebook.d + echo "Executing the command: ${cmd[@]}" + exec "${cmd[@]}" +fi -- GitLab From 659cf8f94783465579cd3bab1927f2779b40689d Mon Sep 17 00:00:00 2001 From: Diego Alejandro Medin Date: Thu, 18 Feb 2021 13:55:12 -0500 Subject: [PATCH 07/36] Updated Hardening manifest --- hardening_manifest.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 0404f1c..6259ea4 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "opensource/jupyter/jupyterlab" +name: "carnegie-mellon/jlab-eda" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown @@ -18,7 +18,7 @@ args: # Docker image labels labels: - org.opencontainers.image.title: "jupyterlab" + org.opencontainers.image.title: "JupyterLab - Exploratory Data Analytics" org.opencontainers.image.description: "JupyterLab is the next-generation web-based user interface for Project Jupyter." org.opencontainers.image.licenses: "MIT License (MIT)" org.opencontainers.image.url: " " @@ -26,7 +26,7 @@ labels: org.opencontainers.image.version: "1.4.2" mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science" mil.dso.ironbank.image.type: "opensource" - mil.dso.ironbank.product.name: "jupyterlab" + mil.dso.ironbank.product.name: "jlab-eda" # List of resources to make available to the offline build context resources: @@ -65,5 +65,10 @@ maintainers: name: "Brad Alexander" username: "balexand" cht_member: true +- email: "diego.a.medina9.mil@mail.mil" + name: "Diego Medina" + username: "Diego_Medina" + cht_member: true + -- GitLab From fa3dd1d4a428655bd81178d296806f6ba73f962f Mon Sep 17 00:00:00 2001 From: Diego Alejandro Medin Date: Thu, 18 Feb 2021 17:13:09 -0500 Subject: [PATCH 08/36] Updated Dockerfile/Hardening --- Dockerfile | 15 +++++++-------- hardening_manifest.yaml | 28 ++++++---------------------- 2 files changed, 13 insertions(+), 30 deletions(-) diff --git a/Dockerfile b/Dockerfile index a3c327a..e7c4d85 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,9 @@ -ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=ironbank/redhat/python/python36 -ARG BASE_TAG=3.6 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +#ARG BASE_REGISTRY=registry1.dso.mil +#ARG BASE_IMAGE=ironbank/redhat/python/python36 +#ARG BASE_TAG=3.6 +#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -#FROM python36-ai:latest - -LABEL maintainer="Jupyter Project and Rob McCarthy " +FROM python36-ai:latest ARG NB_USER="jovyan" # NB_UID == 1001 b/c the default user in the ironbank python36 image is uid 1001 @@ -52,7 +50,8 @@ RUN useradd -m -s /bin/bash -N -u $NB_UID -g $NB_GID $NB_USER && \ fix-permissions /opt/app-root -P # install tini -COPY tini /usr/bin/tini +#COPY tini /usr/bin/tini +RUN curl -L https://github.com/krallin/tini/releases/download/v0.19.0/tini -o /usr/bin/tini RUN chmod +x /usr/bin/tini USER $NB_UID diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 6259ea4..877a5eb 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -31,40 +31,24 @@ labels: # List of resources to make available to the offline build context resources: - filename: tini - url: s3://coeus-jupyterlab-packages/tini + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini validation: type: sha256 value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c - auth: - type: s3 - id: jupyter-credential - region: us-east-2 - filename: pip-20.2.4.tar.gz - url: s3://coeus-jupyterlab-packages/pip-20.2.4.tar.gz + url: https://files.pythonhosted.org/packages/0b/f5/be8e741434a4bf4ce5dbc235aa28ed0666178ea8986ddc10d035023744e6/pip-20.2.4.tar.gz validation: type: sha256 - value: 2245776a68ea743c35df2b375ad44568e744e0075c86f0fc8d791af315a99af2 - auth: - type: s3 - id: jupyter-credential - region: us-east-2 -- filename: jupyterlab.tar.gz - url: s3://coeus-jupyterlab-packages/jupyterlab.tar.gz + value: 85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1 +- filename: jupyterlab-2.2.9.tar.gz + url: https://files.pythonhosted.org/packages/83/e8/af2cfb8bbc5fd90f6572e7bca0e73f9d909132b99665e1cc88380dd8bb36/jupyterlab-2.2.9.tar.gz validation: type: sha256 - value: 104412ac5e29afc652fbb66cc065576314934f4b3c25e1c55a74e73eda175ba4 - auth: - type: s3 - id: jupyter-credential - region: us-east-2 + value: 3be8f8edea173753dd838c1b6d3bbcb6f5c801121f824a477025c1b6a1d33dc6 # List of project maintainers maintainers: -- email: "balexander@vivsoft.io" - name: "Brad Alexander" - username: "balexand" - cht_member: true - email: "diego.a.medina9.mil@mail.mil" name: "Diego Medina" username: "Diego_Medina" -- GitLab From d8f7e2b48f460eb46213e61f8301e0d49e9de03e Mon Sep 17 00:00:00 2001 From: Diego Alejandro Medin Date: Thu, 18 Feb 2021 17:17:09 -0500 Subject: [PATCH 09/36] Updated Dockerfile/Hardening --- Dockerfile | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index e7c4d85..73ca68f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ -#ARG BASE_REGISTRY=registry1.dso.mil -#ARG BASE_IMAGE=ironbank/redhat/python/python36 -#ARG BASE_TAG=3.6 -#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=ironbank/redhat/python/python36 +ARG BASE_TAG=3.6 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -FROM python36-ai:latest +#FROM python36-ai:latest ARG NB_USER="jovyan" # NB_UID == 1001 b/c the default user in the ironbank python36 image is uid 1001 @@ -50,8 +50,7 @@ RUN useradd -m -s /bin/bash -N -u $NB_UID -g $NB_GID $NB_USER && \ fix-permissions /opt/app-root -P # install tini -#COPY tini /usr/bin/tini -RUN curl -L https://github.com/krallin/tini/releases/download/v0.19.0/tini -o /usr/bin/tini +COPY tini /usr/bin/tini RUN chmod +x /usr/bin/tini USER $NB_UID @@ -64,8 +63,8 @@ RUN mkdir /home/$NB_USER/work WORKDIR /tmp # Install jupyterlab -COPY jupyterlab.tar.gz . -RUN tar -xvf jupyterlab.tar.gz && \ +COPY jupyterlab-2.2.9.tar.gz . +RUN tar -xvf jupyterlab-2.2.9.tar.gz && \ python3.6 -m pip install --quiet jupyterlab/* && \ rm -rf /tmp/jupyterlab/ && \ fix-permissions /opt/app-root -- GitLab From b27116e7ab1a6a7db9c799552823a333b8f993c5 Mon Sep 17 00:00:00 2001 From: Diego Alejandro Medin Date: Mon, 22 Feb 2021 15:10:19 -0500 Subject: [PATCH 10/36] Fixed Jlab typo in Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 73ca68f..f70f2cd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -65,7 +65,7 @@ WORKDIR /tmp # Install jupyterlab COPY jupyterlab-2.2.9.tar.gz . RUN tar -xvf jupyterlab-2.2.9.tar.gz && \ - python3.6 -m pip install --quiet jupyterlab/* && \ + python3.6 -m pip install --quiet jupyterlab && \ rm -rf /tmp/jupyterlab/ && \ fix-permissions /opt/app-root -- GitLab From 13f952bc9f395875102b1009340441b5801bc1fb Mon Sep 17 00:00:00 2001 From: Diego Alejandro Medin Date: Mon, 22 Feb 2021 15:36:42 -0500 Subject: [PATCH 11/36] Removed duplicate files --- .gitignore | 1 + fix-permissions | 28 ------- jupyter_notebook_config.py | 55 -------------- start-notebook.sh | 19 ----- start-singleuser.sh | 39 ---------- start.sh | 147 ------------------------------------- 6 files changed, 1 insertion(+), 288 deletions(-) delete mode 100644 fix-permissions delete mode 100644 jupyter_notebook_config.py delete mode 100644 start-notebook.sh delete mode 100644 start-singleuser.sh delete mode 100644 start.sh diff --git a/.gitignore b/.gitignore index 2045e13..24277ec 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ packages.txt repo/** anchore-reports/** +report.txt diff --git a/fix-permissions b/fix-permissions deleted file mode 100644 index 827eeb5..0000000 --- a/fix-permissions +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -# Allow this script to fail without failing a build -set +e - -SYMLINK_OPT=${2:--L} - -# Fix permissions on the given directory or file to allow group read/write of -# regular files and execute of directories. - -[ $(id -u) -ne 0 ] && CHECK_OWNER=" -uid $(id -u)" - -# If argument does not exist, script will still exit with 0, -# but at least we'll see something went wrong in the log -if ! [ -e "$1" ] ; then - echo "ERROR: File or directory $1 does not exist." >&2 - # We still want to end successfully - exit 0 -fi - -find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -gid 0 -exec chgrp 0 {} + -find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -perm -g+rw -exec chmod g+rw {} + -find $SYMLINK_OPT "$1" ${CHECK_OWNER} -perm /u+x -a \! -perm /g+x -exec chmod g+x {} + -find $SYMLINK_OPT "$1" ${CHECK_OWNER} -type d \! -perm /g+x -exec chmod g+x {} + - -# Always end successfully -exit 0 - diff --git a/jupyter_notebook_config.py b/jupyter_notebook_config.py deleted file mode 100644 index 19b5e8b..0000000 --- a/jupyter_notebook_config.py +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -from jupyter_core.paths import jupyter_data_dir -import subprocess -import os -import errno -import stat - -c = get_config() # noqa: F821 -c.NotebookApp.ip = '0.0.0.0' -c.NotebookApp.port = 8888 -c.NotebookApp.open_browser = False - -# https://github.com/jupyter/notebook/issues/3130 -c.FileContentsManager.delete_to_trash = False - -# Generate a self-signed certificate -if 'GEN_CERT' in os.environ: - dir_name = jupyter_data_dir() - pem_file = os.path.join(dir_name, 'notebook.pem') - try: - os.makedirs(dir_name) - except OSError as exc: # Python >2.5 - if exc.errno == errno.EEXIST and os.path.isdir(dir_name): - pass - else: - raise - - # Generate an openssl.cnf file to set the distinguished name - cnf_file = os.path.join(os.getenv('CONDA_DIR', '/usr/lib'), 'ssl', 'openssl.cnf') - if not os.path.isfile(cnf_file): - with open(cnf_file, 'w') as fh: - fh.write('''\ -[req] -distinguished_name = req_distinguished_name -[req_distinguished_name] -''') - - # Generate a certificate if one doesn't exist on disk - subprocess.check_call(['openssl', 'req', '-new', - '-newkey', 'rsa:2048', - '-days', '365', - '-nodes', '-x509', - '-subj', '/C=XX/ST=XX/L=XX/O=generated/CN=generated', - '-keyout', pem_file, - '-out', pem_file]) - # Restrict access to the file - os.chmod(pem_file, stat.S_IRUSR | stat.S_IWUSR) - c.NotebookApp.certfile = pem_file - -# Change default umask for all subprocesses of the notebook server if set in -# the environment -if 'NB_UMASK' in os.environ: - os.umask(int(os.environ['NB_UMASK'], 8)) diff --git a/start-notebook.sh b/start-notebook.sh deleted file mode 100644 index 62f2134..0000000 --- a/start-notebook.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -wrapper="" -if [[ "${RESTARTABLE}" == "yes" ]]; then - wrapper="run-one-constantly" -fi - -if [[ ! -z "${JUPYTERHUB_API_TOKEN}" ]]; then - # launched by JupyterHub, use single-user entrypoint - exec /usr/local/bin/start-singleuser.sh --NotebookApp.token='' --NotebookApp.password='' "$@" -elif [[ ! -z "${JUPYTER_ENABLE_LAB}" ]]; then - . /usr/local/bin/start.sh $wrapper jupyter lab --NotebookApp.token='' --NotebookApp.password='' "$@" -else - . /usr/local/bin/start.sh $wrapper jupyter notebook --NotebookApp.token='' --NotebookApp.password='' "$@" -fi diff --git a/start-singleuser.sh b/start-singleuser.sh deleted file mode 100644 index 0c8f7ad..0000000 --- a/start-singleuser.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -# set default ip to 0.0.0.0 -if [[ "$NOTEBOOK_ARGS $@" != *"--ip="* ]]; then - NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS" -fi - -# handle some deprecated environment variables -# from DockerSpawner < 0.8. -# These won't be passed from DockerSpawner 0.9, -# so avoid specifying --arg=empty-string -if [ ! -z "$NOTEBOOK_DIR" ]; then - NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_PORT" ]; then - NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_USER" ]; then - NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_COOKIE_NAME" ]; then - NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_BASE_URL" ]; then - NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_HUB_PREFIX" ]; then - NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_HUB_API_URL" ]; then - NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS" -fi -NOTEBOOK_BIN="jupyterhub-singleuser" - -. /usr/local/bin/start.sh $NOTEBOOK_BIN $NOTEBOOK_ARGS "$@" diff --git a/start.sh b/start.sh deleted file mode 100644 index 0dd02ee..0000000 --- a/start.sh +++ /dev/null @@ -1,147 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -# Exec the specified command or fall back on bash -if [ $# -eq 0 ]; then - cmd=( "bash" ) -else - cmd=( "$@" ) -fi - -run-hooks () { - # Source scripts or run executable files in a directory - if [[ ! -d "$1" ]] ; then - return - fi - echo "$0: running hooks in $1" - for f in "$1/"*; do - case "$f" in - *.sh) - echo "$0: running $f" - source "$f" - ;; - *) - if [[ -x "$f" ]] ; then - echo "$0: running $f" - "$f" - else - echo "$0: ignoring $f" - fi - ;; - esac - done - echo "$0: done running hooks in $1" -} - -run-hooks /usr/local/bin/start-notebook.d - -# Handle special flags if we're root -if [ $(id -u) == 0 ] ; then - - # Only attempt to change the jovyan username if it exists - if id jovyan &> /dev/null ; then - echo "Set username to: $NB_USER" - usermod -d /home/$NB_USER -l $NB_USER jovyan - fi - - # Handle case where provisioned storage does not have the correct permissions by default - # Ex: default NFS/EFS (no auto-uid/gid) - if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then - echo "Changing ownership of /home/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'" - chown $CHOWN_HOME_OPTS $NB_UID:$NB_GID /home/$NB_USER - fi - if [ ! -z "$CHOWN_EXTRA" ]; then - for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do - echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'" - chown $CHOWN_EXTRA_OPTS $NB_UID:$NB_GID $extra_dir - done - fi - - # handle home and working directory if the username changed - if [[ "$NB_USER" != "jovyan" ]]; then - # changing username, make sure homedir exists - # (it could be mounted, and we shouldn't create it if it already exists) - if [[ ! -e "/home/$NB_USER" ]]; then - echo "Relocating home dir to /home/$NB_USER" - mv /home/jovyan "/home/$NB_USER" || ln -s /home/jovyan "/home/$NB_USER" - fi - # if workdir is in /home/jovyan, cd to /home/$NB_USER - if [[ "$PWD/" == "/home/jovyan/"* ]]; then - newcwd="/home/$NB_USER/${PWD:13}" - echo "Setting CWD to $newcwd" - cd "$newcwd" - fi - fi - - # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match - if [ "$NB_UID" != $(id -u $NB_USER) ] || [ "$NB_GID" != $(id -g $NB_USER) ]; then - echo "Set user $NB_USER UID:GID to: $NB_UID:$NB_GID" - if [ "$NB_GID" != $(id -g $NB_USER) ]; then - groupadd -f -g $NB_GID -o ${NB_GROUP:-${NB_USER}} - fi - userdel $NB_USER - useradd --home /home/$NB_USER -u $NB_UID -g $NB_GID -G 100 -l $NB_USER - fi - - # Enable sudo if requested - if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then - echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH" - echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook - fi - - # Add $CONDA_DIR/bin to sudo secure_path - sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path - - # Exec the command as NB_USER with the PATH and the rest of - # the environment preserved - run-hooks /usr/local/bin/before-notebook.d - echo "Executing the command: ${cmd[@]}" - exec sudo -E -H -u $NB_USER PATH=$PATH XDG_CACHE_HOME=/home/$NB_USER/.cache PYTHONPATH=${PYTHONPATH:-} "${cmd[@]}" -else - if [[ "$NB_UID" == "$(id -u jovyan 2>/dev/null)" && "$NB_GID" == "$(id -g jovyan 2>/dev/null)" ]]; then - # User is not attempting to override user/group via environment - # variables, but they could still have overridden the uid/gid that - # container runs as. Check that the user has an entry in the passwd - # file and if not add an entry. - STATUS=0 && whoami &> /dev/null || STATUS=$? && true - if [[ "$STATUS" != "0" ]]; then - if [[ -w /etc/passwd ]]; then - echo "Adding passwd file entry for $(id -u)" - cat /etc/passwd | sed -e "s/^jovyan:/nayvoj:/" > /tmp/passwd - echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd - cat /tmp/passwd > /etc/passwd - rm /tmp/passwd - else - echo 'Container must be run with group "root" to update passwd file' - fi - fi - - # Warn if the user isn't going to be able to write files to $HOME. - if [[ ! -w /home/jovyan ]]; then - echo 'Container must be run with group "users" to update files' - fi - else - # Warn if looks like user want to override uid/gid but hasn't - # run the container as root. - if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then - echo 'Container must be run as root to set $NB_UID' - fi - if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then - echo 'Container must be run as root to set $NB_GID' - fi - fi - - # Warn if looks like user want to run in sudo mode but hasn't run - # the container as root. - if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then - echo 'Container must be run as root to grant sudo permissions' - fi - - # Execute the command - run-hooks /usr/local/bin/before-notebook.d - echo "Executing the command: ${cmd[@]}" - exec "${cmd[@]}" -fi -- GitLab From 567bb3b68ed2a4ad396a64b1f3b57846878e9d71 Mon Sep 17 00:00:00 2001 From: Diego Alejandro Medin Date: Tue, 23 Feb 2021 16:08:00 -0500 Subject: [PATCH 12/36] Updated Dockerfile/Hardening Manifest --- Dockerfile | 26 +-- hardening_manifest.yaml | 365 +++++++++++++++++++++++++++++++++++++++- tini | Bin 24064 -> 0 bytes 3 files changed, 369 insertions(+), 22 deletions(-) delete mode 100644 tini diff --git a/Dockerfile b/Dockerfile index f70f2cd..8ce3fd7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,11 +19,11 @@ USER root # we've removed it due to cve's # we have also removed bzip2 install as its provided by the python36 base image # we have also removed the lang pack installations due to cve's -RUN yum update -y -q \ - && yum install -y -q \ - procps \ - ca-certificates \ - && yum clean all +RUN yum update -y -q && \ + yum install -y -q \ + procps \ + ca-certificates && \ + yum clean all # Configure environment ENV SHELL=/bin/bash \ @@ -50,8 +50,8 @@ RUN useradd -m -s /bin/bash -N -u $NB_UID -g $NB_GID $NB_USER && \ fix-permissions /opt/app-root -P # install tini -COPY tini /usr/bin/tini -RUN chmod +x /usr/bin/tini +#COPY tini /usr/bin/tini +#RUN chmod +x /usr/bin/tini USER $NB_UID @@ -63,10 +63,10 @@ RUN mkdir /home/$NB_USER/work WORKDIR /tmp # Install jupyterlab -COPY jupyterlab-2.2.9.tar.gz . -RUN tar -xvf jupyterlab-2.2.9.tar.gz && \ - python3.6 -m pip install --quiet jupyterlab && \ - rm -rf /tmp/jupyterlab/ && \ +RUN mkdir ./repo +COPY ./repo/* ./repo +RUN python3.6 -m pip install --no-index --find-links ./repo jupyterlab && \ + rm -rf /tmp/repo && \ fix-permissions /opt/app-root @@ -75,7 +75,7 @@ EXPOSE 8888 # critical env variable to enable jupyter lab GUI (default is the old interface) ENV JUPYTER_ENABLE_LAB=1 # Configure container startup -ENTRYPOINT ["tini", "-g", "--"] +#ENTRYPOINT ["tini", "-g", "--"] CMD ["start-notebook.sh"] # Copy local files as late as possible to avoid cache busting @@ -101,4 +101,4 @@ USER $NB_UID HEALTHCHECK CMD pgrep "jupyter" > /dev/null || exit 1 -WORKDIR $HOME +WORKDIR $HOME \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 877a5eb..96bd11d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -28,23 +28,370 @@ labels: mil.dso.ironbank.image.type: "opensource" mil.dso.ironbank.product.name: "jlab-eda" -# List of resources to make available to the offline build context + +#- filename: tini +# url: https://github.com/krallin/tini/releases/download/v0.19.0/tini +# validation: +# type: sha256 +# value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + + # List of resources to make available to the offline build context resources: -- filename: tini - url: https://github.com/krallin/tini/releases/download/v0.19.0/tini - validation: - type: sha256 - value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c - filename: pip-20.2.4.tar.gz url: https://files.pythonhosted.org/packages/0b/f5/be8e741434a4bf4ce5dbc235aa28ed0666178ea8986ddc10d035023744e6/pip-20.2.4.tar.gz validation: type: sha256 value: 85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1 -- filename: jupyterlab-2.2.9.tar.gz - url: https://files.pythonhosted.org/packages/83/e8/af2cfb8bbc5fd90f6572e7bca0e73f9d909132b99665e1cc88380dd8bb36/jupyterlab-2.2.9.tar.gz +- filename: jupyterlab-3.0.9-py3-none-any.whl + url: https://files.pythonhosted.org/packages/6c/10/a4f23f2eb00a2135d95e4fc6ff790a337652201ea76e12b26e8acc61c8a2/jupyterlab-3.0.9-py3-none-any.whl + validation: + type: sha256 + value: 03dc942696eeb6ecebe3482dec1973a8287f1a3973aca04fb64f13497029280b +- filename: nbclassic-0.2.6-py3-none-any.whl + url: https://files.pythonhosted.org/packages/e6/f0/113b9a6975e53285c56091a250be4828dd20d80172620a4ff74ed26c9fe7/nbclassic-0.2.6-py3-none-any.whl + validation: + type: sha256 + value: 0248333262d6f90c2fbe05aacb4f008f1d71b5250a9f737488e0a03cfa1c6ed5 +- filename: Jinja2-2.11.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl + validation: + type: sha256 + value: 03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419 +- filename: jupyter_packaging-0.7.12-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/44/90/1ee67d0ca65bd507872accab7dfaad085ea9f9d74c7379b523dfd0498c0f/jupyter_packaging-0.7.12-py2.py3-none-any.whl + validation: + type: sha256 + value: e36efa5edd52b302f0b784ff2a4d1f2cd50f7058af331151315e98b73f947b8d +- filename: tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/85/26/e710295dcb4aac62b08f22d07efc899574476db37532159a7f71713cdaf2/tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl + validation: + type: sha256 + value: 65d98939f1a2e74b58839f8c4dab3b6b3c1ce84972ae712be02845e65391ac7c +- filename: jupyter_core-4.7.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/53/40/5af36bffa0af3ac71d3a6fc6709de10e4f6ff7c01745b8bc4715372189c9/jupyter_core-4.7.1-py3-none-any.whl + validation: + type: sha256 + value: 8c6c0cac5c1b563622ad49321d5ec47017bd18b94facb381c6973a0486395f8e +- filename: jupyterlab_server-2.3.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/dd/a7/fd7f7e38647b3c1d8ae37bf8b21157662d84ebd0ebf5b64a607c7c77f676/jupyterlab_server-2.3.0-py3-none-any.whl + validation: + type: sha256 + value: 653cb811739e59f2f6998f659b4635a90c110a128e0245ce27dc3fe02c46543a +- filename: jupyter_server-1.4.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/ec/b7/f8964ca33e61c6fa8f4e494e4940fb6de021f5caa52c2dce32316fac8611/jupyter_server-1.4.1-py3-none-any.whl + validation: + type: sha256 + value: af518ce295bfaa0d5c05031f963bdcfcd2ab156cb2223c0a70665219aed338da +- filename: ipython-7.16.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/23/6a/210816c943c9aeeb29e4e18a298f14bf0e118fe222a23e13bfcc2d41b0a4/ipython-7.16.1-py3-none-any.whl + validation: + type: sha256 + value: 2dbcc8c27ca7d3cfe4fcdff7f45b27f9a8d3edfa70ff8024a71c7a8eb5f09d64 +- filename: packaging-20.9-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl + validation: + type: sha256 + value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a +- filename: MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/9d/d3/75cddfad6ca1d1bb3a017cece499a65e54ceb4583800f1256b8ad07bb57f/MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl + validation: + type: sha256 + value: 84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0 +- filename: pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/7c/8f/e83fc0060a7626d3555b971a70a37a0d57f727ec7ec860e9aadf96fdd724/pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl + validation: + type: sha256 + value: 26380487eae4034d6c2a3fb8d0f2dff6dd0d9dd711894e8d25aa2d1938950a33 +- filename: traitlets-4.3.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ca/ab/872a23e29cec3cf2594af7e857f18b687ad21039c1f9b922fac5b9b142d5/traitlets-4.3.3-py2.py3-none-any.whl + validation: + type: sha256 + value: 70b4c6a1d9019d7b4f6846832288f86998aa3b9207c6821f3578a6a6a467fe44 +- filename: nbformat-5.1.2-py3-none-any.whl + url: https://files.pythonhosted.org/packages/13/1d/59cbc5a6b627ba3b4c0ec5ccc82a9002e58b324e2620a4929b81f1f8d309/nbformat-5.1.2-py3-none-any.whl + validation: + type: sha256 + value: 3949fdc8f5fa0b1afca16fb307546e78494fa7a7bceff880df8168eafda0e7ac +- filename: anyio-2.1.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/b4/e5/a5aaca991a72839ea76162e81b48377db444d9ab3d32ccdaa267417ce0e9/anyio-2.1.0-py3-none-any.whl + validation: + type: sha256 + value: c286818ccd5dcbd5d385b223f16a055393474527b1d5650da489828a9887d559 +- filename: jupyter_client-6.1.11-py3-none-any.whl + url: https://files.pythonhosted.org/packages/83/d6/30aed7ef13ff3f359e99626c1b0a32ebbc3bf9b9d5616ec46e9e245d5fa9/jupyter_client-6.1.11-py3-none-any.whl + validation: + type: sha256 + value: 5eaaa41df449167ebba5e1cf6ca9b31f7fd4f71625069836e2e4fee07fe3cb13 +- filename: nbconvert-6.0.7-py3-none-any.whl + url: https://files.pythonhosted.org/packages/13/2f/acbe7006548f3914456ee47f97a2033b1b2f3daf921b12ac94105d87c163/nbconvert-6.0.7-py3-none-any.whl + validation: + type: sha256 + value: 39e9f977920b203baea0be67eea59f7b37a761caa542abe80f5897ce3cf6311d +- filename: prometheus_client-0.9.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f4/7e/ef341c67ed43ad2e39633a35c28b77bc555f9572f4df4fee11c2b467db00/prometheus_client-0.9.0-py2.py3-none-any.whl + validation: + type: sha256 + value: b08c34c328e1bf5961f0b4352668e6c8f145b4a087e09b7296ef62cbe4693d35 +- filename: ipython_genutils-0.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/fa/bc/9bd3b5c2b4774d5f33b2d544f1460be9df7df2fe42f352135381c347c69a/ipython_genutils-0.2.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8 +- filename: Send2Trash-1.5.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/49/46/c3dc27481d1cc57b9385aff41c474ceb7714f7935b1247194adae45db714/Send2Trash-1.5.0-py3-none-any.whl + validation: + type: sha256 + value: f1691922577b6fa12821234aeb57599d887c4900b9ca537948d2dac34aea888b +- filename: terminado-0.9.2-py3-none-any.whl + url: https://files.pythonhosted.org/packages/de/74/604d9dcbb5b73b54d07c78764b22568b8c7923d93e257dc9766142f67b81/terminado-0.9.2-py3-none-any.whl + validation: + type: sha256 + value: 23a053e06b22711269563c8bb96b36a036a86be8b5353e85e804f89b84aaa23f +- filename: typing_extensions-3.7.4.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/60/7a/e881b5abb54db0e6e671ab088d079c57ce54e8a01a3ca443f561ccadb37e/typing_extensions-3.7.4.3-py3-none-any.whl + validation: + type: sha256 + value: 7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 +- filename: sniffio-1.2.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/52/b0/7b2e028b63d092804b6794595871f936aafa5e9322dcaaad50ebf67445b3/sniffio-1.2.0-py3-none-any.whl + validation: + type: sha256 + value: 471b71698eac1c2112a40ce2752bb2f4a4814c22a54a3eed3676bc0f5ca9f663 +- filename: async_generator-1.10-py3-none-any.whl + url: https://files.pythonhosted.org/packages/71/52/39d20e03abd0ac9159c162ec24b93fbcaa111e8400308f2465432495ca2b/async_generator-1.10-py3-none-any.whl + validation: + type: sha256 + value: 01c7bf666359b4967d2cda0000cc2e4af16a0ae098cbffcb8472fb9e8ad6585b +- filename: idna-3.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/29/88/c52aae187d3b128a0f13f36a6c987fc0d408d03a678ad9996516925d8495/idna-3.1-py3-none-any.whl + validation: + type: sha256 + value: 5205d03e7bcbb919cc9c19885f9920d622ca52448306f2377daede5cf3faac16 +- filename: dataclasses-0.8-py3-none-any.whl + url: https://files.pythonhosted.org/packages/fe/ca/75fac5856ab5cfa51bbbcefa250182e50441074fdc3f803f6e76451fab43/dataclasses-0.8-py3-none-any.whl + validation: + type: sha256 + value: 0201d89fa866f68c8ebd9d08ee6ff50c0b255f8ec63a71c16fda7af82bb887bf +- filename: python_dateutil-2.8.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl + validation: + type: sha256 + value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a +- filename: requests-2.25.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl + validation: + type: sha256 + value: c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e +- filename: Babel-2.9.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/dd/a5/81076e10b5ef74493cf08a8e419e61b64324c9c55db4aa7f89c0240c4873/Babel-2.9.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5 +- filename: json5-0.9.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/2b/81/22bf51a5bc60dde18bb6164fd597f18ee683de8670e141364d9c432dd3cf/json5-0.9.5-py2.py3-none-any.whl + validation: + type: sha256 + value: af1a1b9a2850c7f62c23fde18be4749b3599fd302f494eebf957e2ada6b9e42c +- filename: jsonschema-3.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163 +- filename: six-1.15.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced +- filename: attrs-20.3.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c3/aa/cb45262569fcc047bf070b5de61813724d6726db83259222cd7b4c79821a/attrs-20.3.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 +- filename: pyrsistent-0.17.3.tar.gz + url: https://files.pythonhosted.org/packages/4d/70/fd441df751ba8b620e03fd2d2d9ca902103119616f0f6cc42e6405035062/pyrsistent-0.17.3.tar.gz + validation: + type: sha256 + value: 2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e +- filename: setuptools-53.0.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/15/0e/255e3d57965f318973e417d5b7034223f1223de500d91b945ddfaef42a37/setuptools-53.0.0-py3-none-any.whl + validation: + type: sha256 + value: 0e86620d658c5ca87a71a283bd308fcaeb4c33e17792ef6f081aec17c171347f +- filename: importlib_metadata-3.5.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/64/6f/f948e4b17ffd7edc2b107049d58b6d8b464002a73fcda4daad6564637427/importlib_metadata-3.5.0-py3-none-any.whl + validation: + type: sha256 + value: 31c5c29f17d064cc71bf6a005a8b25b3332787ab2e7362d5d258800ac825f471 +- filename: notebook-6.2.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/74/19/50cd38acf22e33370d01fef764355f1e3517f6e12b4fceb8d434ece4f8fd/notebook-6.2.0-py3-none-any.whl + validation: + type: sha256 + value: 25ad93c982b623441b491e693ef400598d1a46cdf11b8c9c0b3be6c61ebbb6cd +- filename: ipykernel-5.5.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/56/95/3a670c8b2c2370bd8631c313f42e60983b3113ffec4035940592252bd6d5/ipykernel-5.5.0-py3-none-any.whl + validation: + type: sha256 + value: efd07253b54d84d26e0878d268c8c3a41582a18750da633c2febfd2ece0d467d +- filename: argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/e0/d7/5da06217807106ed6d7b4f5ccb8ec5e3f9ec969217faad4b5d1af0b55101/argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl + validation: + type: sha256 + value: b160416adc0f012fb1f12588a5e6954889510f82f698e23ed4f4fa57f12a0647 +- filename: contextvars-2.4.tar.gz + url: https://files.pythonhosted.org/packages/83/96/55b82d9f13763be9d672622e1b8106c85acb83edd7cc2fa5bc67cd9877e9/contextvars-2.4.tar.gz + validation: + type: sha256 + value: f38c908aaa59c14335eeea12abea5f443646216c4e29380d7bf34d2018e2c39e +- filename: immutables-0.15-cp36-cp36m-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/4a/52/e64a14a99c509cbdfe0405e9f076aef0331cb9548a3efa1d5bacd524978a/immutables-0.15-cp36-cp36m-manylinux1_x86_64.whl + validation: + type: sha256 + value: b8ad986f9b532c026f19585289384b0769188fcb68b37c7f0bd0df9092a6ca54 +- filename: ptyprocess-0.7.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/22/a6/858897256d0deac81a172289110f31629fc4cee19b6f01283303e18c8db3/ptyprocess-0.7.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35 +- filename: decorator-4.4.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ed/1b/72a1821152d07cf1d8b6fce298aeb06a7eb90f4d6d41acec9861e7cc6df0/decorator-4.4.2-py2.py3-none-any.whl + validation: + type: sha256 + value: 41fa54c2a0cc4ba648be4fd43cff00aedf5b9465c9bf18d64325bc225f08f760 +- filename: cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/2b/cf/9a3b04e57191a970836aeaa8b2075574f02fbdb65d6368457a2f13213e7f/cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl + validation: + type: sha256 + value: 69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5 +- filename: pycparser-2.20-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl + validation: + type: sha256 + value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 +- filename: pytz-2021.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/70/94/784178ca5dd892a98f113cdd923372024dc04b8d40abe77ca76b5fb90ca6/pytz-2021.1-py2.py3-none-any.whl + validation: + type: sha256 + value: eb10ce3e7736052ed3623d49975ce333bcd712c7bb19a58b9e2089d4057d0798 +- filename: zipp-3.4.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/41/ad/6a4f1a124b325618a7fb758b885b68ff7b058eec47d9220a12ab38d90b1f/zipp-3.4.0-py3-none-any.whl + validation: + type: sha256 + value: 102c24ef8f171fd729d46599845e95c7ab894a4cf45f5de11a44cc7444fb1108 +- filename: jedi-0.18.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f9/36/7aa67ae2663025b49e8426ead0bad983fee1b73f472536e9790655da0277/jedi-0.18.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 18456d83f65f400ab0c2d3319e48520420ef43b23a086fdc05dff34132f0fb93 +- filename: pexpect-4.8.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/39/7b/88dbb785881c28a102619d46423cb853b46dbccc70d3ac362d99773a78ce/pexpect-4.8.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937 +- filename: prompt_toolkit-3.0.16-py3-none-any.whl + url: https://files.pythonhosted.org/packages/a6/0b/c6de29441b29f8b54d5bbe29a8b223de6e400714ff50e85541bd4c783421/prompt_toolkit-3.0.16-py3-none-any.whl + validation: + type: sha256 + value: 62c811e46bd09130fb11ab759012a4ae385ce4fb2073442d1898867a824183bd +- filename: backcall-0.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl + validation: + type: sha256 + value: fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255 +- filename: pickleshare-0.7.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/9a/41/220f49aaea88bc6fa6cba8d05ecf24676326156c23b991e80b3f2fc24c77/pickleshare-0.7.5-py2.py3-none-any.whl + validation: + type: sha256 + value: 9649af414d74d4df115d5d718f82acb59c9d418196b7b4290ed47a12ce62df56 +- filename: Pygments-2.8.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/d4/ef/881b14d3ad4d6a86384d63bfbb87205161e4fc46420526380ec209a12e17/Pygments-2.8.0-py3-none-any.whl + validation: + type: sha256 + value: b21b072d0ccdf29297a82a2363359d99623597b8a265b8081760e4d0f7153c88 +- filename: parso-0.8.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ad/f0/ef6bdb1eba2dbfda60c985cd8d7b47b6ed8c6a1f5d212f39ff50b64f172c/parso-0.8.1-py2.py3-none-any.whl + validation: + type: sha256 + value: 15b00182f472319383252c18d5913b69269590616c947747bc50bf4ac768f410 +- filename: wcwidth-0.2.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/59/7c/e39aca596badaf1b78e8f547c807b04dae603a433d3e7a7e04d67f2ef3e5/wcwidth-0.2.5-py2.py3-none-any.whl + validation: + type: sha256 + value: beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 +- filename: defusedxml-0.6.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/06/74/9b387472866358ebc08732de3da6dc48e44b0aacd2ddaa5cb85ab7e986a2/defusedxml-0.6.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 6687150770438374ab581bb7a1b327a847dd9c5749e396102de3fad4e8a3ef93 +- filename: mistune-0.8.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/09/ec/4b43dae793655b7d8a25f76119624350b4d65eb663459eb9603d7f1f0345/mistune-0.8.4-py2.py3-none-any.whl + validation: + type: sha256 + value: 88a1051873018da288eee8538d476dffe1262495144b33ecb586c4ab266bb8d4 +- filename: bleach-3.3.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f0/46/2bbd92086a4c6f051214cb48df6d9132b5f32c5e881d3f4991b16ec7e499/bleach-3.3.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 6123ddc1052673e52bab52cdc955bcb57a015264a1c57d37bea2f6b817af0125 +- filename: testpath-0.4.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/1b/9e/1a170feaa54f22aeb5a5d16c9015e82234275a3c8ab630b552493f9cb8a9/testpath-0.4.4-py2.py3-none-any.whl + validation: + type: sha256 + value: bfcf9411ef4bf3db7579063e0546938b1edda3d69f4e1fb8756991f5951f85d4 +- filename: jupyterlab_pygments-0.1.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a8/6f/c34288766797193b512c6508f5994b830fb06134fdc4ca8214daba0aa443/jupyterlab_pygments-0.1.2-py2.py3-none-any.whl + validation: + type: sha256 + value: abfb880fd1561987efaefcb2d2ac75145d2a5d0139b1876d5be806e32f630008 +- filename: entrypoints-0.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ac/c6/44694103f8c221443ee6b0041f69e2740d89a25641e62fb4f2ee568f2f9c/entrypoints-0.3-py2.py3-none-any.whl + validation: + type: sha256 + value: 589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 +- filename: pandocfilters-1.4.3.tar.gz + url: https://files.pythonhosted.org/packages/28/78/bd59a9adb72fa139b1c9c186e6f65aebee52375a747e4b6a6dcf0880956f/pandocfilters-1.4.3.tar.gz + validation: + type: sha256 + value: bc63fbb50534b4b1f8ebe1860889289e8af94a23bff7445259592df25a3906eb +- filename: nbclient-0.5.2-py3-none-any.whl + url: https://files.pythonhosted.org/packages/e5/e9/cb88ef8fe390439637ea68c5abdf5f490cbf5ad2edbf612b6e03cd30cbf3/nbclient-0.5.2-py3-none-any.whl + validation: + type: sha256 + value: 1e0375490cd33fda6c23e61084476298a87f34d02607a038aa8ecc6e8901615f +- filename: nest_asyncio-1.5.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/52/e2/9b37da54e6e9094d2f558ae643d1954a0fa8215dfee4fa261f31c5439796/nest_asyncio-1.5.1-py3-none-any.whl + validation: + type: sha256 + value: 76d6e972265063fe92a90b9cc4fb82616e07d586b346ed9d2c89a4187acea39c +- filename: webencodings-0.5.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl + validation: + type: sha256 + value: a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 +- filename: pyparsing-2.4.7-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl + validation: + type: sha256 + value: ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b +- filename: chardet-4.0.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl + validation: + type: sha256 + value: f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 +- filename: idna-2.10-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl + validation: + type: sha256 + value: b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 +- filename: urllib3-1.26.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/23/fc/8a49991f7905261f9ca9df5aa9b58363c3c821ce3e7f671895442b7100f2/urllib3-1.26.3-py2.py3-none-any.whl + validation: + type: sha256 + value: 1b465e494e3e0d8939b50680403e3aedaa2bc434b7d5af64dfd3c958d7f5ae80 +- filename: certifi-2020.12.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/5e/a0/5f06e1e1d463903cf0c0eebeb751791119ed7a4b3737fdc9a77f1cdfb51f/certifi-2020.12.5-py2.py3-none-any.whl validation: type: sha256 - value: 3be8f8edea173753dd838c1b6d3bbcb6f5c801121f824a477025c1b6a1d33dc6 + value: 719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830 # List of project maintainers diff --git a/tini b/tini deleted file mode 100644 index 86cb766c6b8af2564ac9201df913fe079acae3d1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24064 zcmeHvdw3hwweQ%m^KcT`2?-cT%O=MG2W(*{c5ng)$+nykIJU9n@JNF#Te2;%B_oaO zgmR0i5*k&wbz3Nu)58fZrLS`jv=kZyB@O|SL)&u$Txdd|gh%O!@JI;_DHL>nYd_?P z5`U-nJKz1|eqRRUJ?p*p+H0@bGqW={yP6tvb8<9wPL0hCv2PPjs2d7Xg&QyC;s#fhx$u|vc9)2~s0#TFe;3ukGB+#%R4&@=WWN-3t z$WzfaTq;1-Y8vARk|SS>nmLHJi=U|W%QGZiIVk1GJ(4Sxa-~vEwR=c04%I4g>Kpw$ zvVWdj2OxqS)MyR-?_^87bhQ4-@X`6!RUAa?;3ulRPoOo`D!D5lM}GdJN0DS~llG>H z%OTl6)k;viU?9-FqUwSHU->{F7~N35p=L$-iYj{~WM9VnP5Oy1P5JDpX|oH4&4ml5w0{7UgV55IE!D)FPE8owI+D5SOcU4mcsL22{-Z3|O-KfCS9 za|<{B(>pJGVAEfy9=rbLyKh?d)W`E59s7&zmyccb;))-Z$M)TD)uP=u#CQMOnN=YxvPIqwlWr@F# z>nYT3KVRTE5r1ZZf1Y-_=D4DZqb{d{gk!$6J3imR;b*0ug@ER1XJ|j^=;C*IXGVZ*&y{CI!oYb9@25A#CI)r5U3>~PscfEi=aOt^$V<~T`u{@rJi+?@Coqq zAhA{UOZjuQ)Wg9|4a$?n%rrQHV?IXK@7kf-C<_)(lEWE|)kK}WgdAD8`= z?AnO5+j_Qx^A$+D3A8l6RnmVIpLvp>Nj-iprD@Mg{c3$g*BUw=#E<-WFw39+1V1}L ze7-LEw`TF1Qh%%L@0Fw+$9m;Yv4g|E03Sba9qysa?g}kpgd>5zpm#tE4HG$VP>(hg?lFK1^!W#ejE%(G z+3635gP~4Py+$AuBw?5UzIP}b2pYYeJ^fH__(D-b>m7<3J(|%2!J)qJkj7hBf{Z^n zOs;vueZ&l%WX0#_{`fcedxnR!-jQ&?@DtwK!%dBN1Kd$yjKHAZM=&|uGYHj27)nB6 zI6_hAj6k)~Ip_@pwQg_3AM_6Tc|XaG-mu@V_tB1h%RD~{K$mP&hAJ=Dh~T2M#$nAdEa?sXs|or zhnF;-h-QyJ7{M?Mc}Id;=Vim4Z88+~1Kvmke4@)3cYn|IQYaen_8~kJIu)E_0vCvc z2E2wJGJye~wz|n(SKqnJzT94wIbUY4MoQ<(|0d5AhUW6*xjLJ~QK=$qj^)2&AuEN> ztyDS}FwHA*PPI)O#_54sv|`-`CkPikgWz24DRK(O(UvaW(i*&wpNT(ee$zdRyfxtj zb$uW_ty$Hf>IdOzt*Q=H=LmnHLZU5h?cxyKzNnHw2xh@c7dc<41usiG$5&YJss<9F z#)7xrUpOpydF#aW=oY-H$wX+i;1RgYag_yMkip{q(}JfplREk>_&ExRcF2OCYr$`@ z;B6NCs0FXan8;f!c)ABs$G8PQUm?-nWx=0f!Ed$T>0U=2Ke6Cxt)PwvE%;Lv674n% z{xl1I!h%=VRwD1V;Lot|@3G*|wBYwz@akTh$OkO=FIf0Z3;v51{2>dTS@1_K__Hl| zJ@)QQJ&_;1lxh0r2_xS;jO^88PtDwEVZv#;x*II%B|iKu#M&mkgy4Q+N*ze!SaJ=) zl=`VX9Bw0+Qa&}o;mZi7R8Kv~;W~mT#Zy~3yoz9&R;h6gFC&;zJvGYV^9ZICPYrQ+ zF~OADsV)wmK`^Css+Gg@38qv|IXGNEFr{#+g2TB4Q|hJ|hd;RlFr{p&h{GQeOsSgE zIQ$O5R8mrhJ_lmS8w69zrVeoUWr8VHQ+qi4Ji(NrsR<50OYkWKKgi)H38s`xZRK#1 zU`oZ*IEQ~pFr{E>l*2zGm{Kn_#Ni(hOevS@;_%%BV*!Z%bNJf?Q|hH09R51Nlya#G z4u6$kO0^W@aJZIfz2kuSq2KcE77U&~)>N`UAM=zH?`kOFaY4I)M%nxXu|~$sNdTeW z@)U9Jteh}+BBVgi*hWkT-`2-|RpOwO8oRyZ0NO{-0a}lLtjCR#Qhm%QVTXUN$NwPF zo{|cHW1C7Qh->Vo5{DjdC}HL$i2LS==+6_?kJmA6^AY3P?c9f6cn)K&=5Ibrr}aeb zFsShz$@|WCXipFW{5cF3Ju&x7pd?Fx;`r@bsvVlSo0F=YAZ@2aG4F(yR6Pb4a_e|M z3O82)H2)oWp(l)zVhY6^a*UbRA$K=V6mF*M&=WV66q_?44kk`_n3o|Jh)xcG46IR7 zWE#i-!oCV@>?VZN_oA)J8IM8e;Ph>8w~O?F>n2LBBT$1c@rVE^*gC5^x75t z1kpS6Ti)jic6>e!3iS9PeTR9ep7V_U+~>x^jJDZITj5#IBkYgX{=&gi^4<$z9gL5n)y&I*MaJd9rL2s*1yMBT zfSjl?H{(3%xWIvw-vREIP;*pbUIUVzsNM;b7_QSH!e`C8oxS7c!B4pU`#{dpe>Um= zH;|!!3F$8q`VZcNIG7I!xq;*5QqXT2Lhe1BC;Nq5st1v3uRKzjHtz=-VcGIN_0SEV zG97=$Y~|SaP9tPillJ(|gcdt`df}!SIT}u;8{KBDuzCbFCCl3ggcBE;H=#+sO1Z`Z z@p~}JKs*K|n%M+8qVX{BA{w)yF}^nw@5=qL+8L{umOK28x#w>@Gy!4kS<7Uf&b7>K z0VP=hwPJQmpr7V`?qPLR#=y^@<>0@ld^Nu;loCCw2fu)%c`?X{_ro|({#tY+MWsQ> zlYf0H;a}mcjX;}aLfzAt*-&Tov70+G_vfG_X~ijg948+y6h4lFB!Vy<7_0qr4W>tY=WvVp??-urRtxJ3%N#1$=3BzA za!}lfIVIeP=Jp19J&tK9S6|^zw7w|LQ)FL?C|yjq$yy3#lgXdT1tu zjfUfG?0~S@1Tx0^X%WaTf(wb8{LqqXcMBWSGB&P;2#*6_0B|dl^{1m6de?v{*(!MWFbVQMN%BP?14CYI0TbtdbRH+~OVUC? zWL72Ao3C>2eU>ZW9tfGwNc6cG?xTc$K%y_rpjjo*cS*D}gYF{qEfP(S^@Yiw5c)ca zUYS9ggl?DU$_%=68PFF?^ok6+i_l9X`U@Gfo4RA;=s$|Fef_T#iG9i93{M~NymN#H z=+RLC$-AITh3IubaPqNw^qWN9Yau@=$ejDpdx$!7IiDLpB?59?j|;==)~9-5TI5q= zVX&HVEnEA;qYeaC@3J+bXT z4JF3=W(~As{=A~^cr!2Y9TV92!pBi##8kwU2=mM``Eb>k%s1F5PST==mK`&7tlIcp zpt*p8g+36v3{pxQQN#C1+sGf}a}h)9b*; z%u8cOYerbQgLh(e6+;lw^3_g8Gw#{+yVV_v=q!%Srtf ze$omG?%fN7d9n2SA++XeA9BC%0wK%qg~IP3D9IG1R-!hHbCv2xc!#Syff94&VQ3<+ zY4Am@x|17*;8$ioO8N4{Z=mMz{e_!Xf&g{XAglWMD3z?_E-)wqcff$q(<1c5Upv2c z?+SQ8=@#3SqxYoEE^>eKggZXnSf%$Yd=%uRFCZ^pL|$#)U-*q9eBnChB|Sa|S@vYk z$`@`vr1$LCcjfJc5?p&yAA-Z&_ZRNaw;`Stg+h2?-VHJ;_9N`#PaJPnX{d0g8BDD8Egs1QXMhhme_@S z>Qx@mC+V6t{<7izdu7s@l z)cZWEYq_48_ZlE2^1v{YGUz2jW#>~P1AI6e6LSv&6T_fQB< zg>kwK`XX+MP!(v-B4~MeX!Wr#mE_T7gC3bsBv%TsWqvWEC9h_li=Mg@YxxzKjGFgL;ctKpLJ?i6$qRE#5H{@~U>pEO z(!K1ssq+jJqSjvkie)+RYs%(-=A`NcAc>K@jtAnFT#^+ zh>}VMEs6UFPN{ZeOnjG=oTyLZ<~pH&!SVXP1ufp7ju)KSb}~Jl%#IOq!#(po@7^aX;?zXo*LETZ=0_il&gva;-9E0iG4oL zxIR|<*7ODIZ3GKukKS6H+bt2enXbDKa(QW+G*sui})ZJbnHnKAV>Xu;L@EYi46X#B{|`(Uk8-x3;M z1|?aP(YOcWXZ8w>+d&e}S4-zBCn#DpPo@dI-#=dON(kf5(Y#l1+z1Y;eXm2Y3eKrQ ze`iMjiz&!dm881o4?7ErT<*44u`KWD}|+JQ6JC~>%*5m=qr4rsbnq&=;t6O_gLa|nK1Sp;6vcexeSr}UmKh)wpbq)X&%S~`b)5cnJMnB2< zN+?$Q+&SddwdUP#^8hbD-mN`k2-=2D-2VjG@+_hTR?JmG{X-e`v!E(9jZb8U=DZRs zn0T6QH=D+m{BbeE!{xDZYVkzuh&%pb)6zfDeYL*hvuWnJe?nI`zh|(@{VEl$2j9jlMw%Iw0h^3kpkD@;2tAa6yjb2m4(uwzt#p>#=P zX@OQB8XUyl1%_>(enuNjLcz$Yf&z`P@_|*Xy+1Sp65l?+h|RwtVAu;ZS8zBG4h0AO zL4yr@!vWe#!Nol8W_M?MM_rrC+3IT3IJnl;R@c(*_FOH%%iT>)ovm#x^{)2z&ed%# z9j%D{Y8_2^`LG{*Ua%u&Nu)q)4jIe~?E?Xybc~^|tbB-vXDX_nQ-@ad50CT>_*Ws0 zo;GK_>zK}~-4A{r^F|ooz`!Q=eXP6E+17k)w6N(zZnVjS_1qr1m2wG|bq90;BF`4>ebGxOt1Q zBM>p=qvot@V(Jjw$$#pR&OaGmMR_G;}@X0p*F`?^`O( zPj0lz*aLqg+SAW`{$b3+spQ&eYfol?xzAbKHdbM;TxqXh<*W~r z+vl&U@cJqwUkB|1qAA7JwcvGMOLO~rhG?&DbFN|K7c`fDik&R zn85I*FYFy;(I9qUF{9s)?qGY>aDXN{3-xB^IBjnd@qp*NI6)Q4kkTxxk#gEnjbIOa z{gT1x4@6kMe_)6W`Xl7NwQzwivWlq!K+~Ul*aObV62MBs{u`nJ?5tuTpXQp>Qh zX(2lNcD zVypc@e;Avn*dP@H^sGA+K^2Y~*mP%ymqXag#-c-%D9cg7&>y7$@*}HQD{b#W53uVj zNI5P%pp>FrT@0=;?9-#k&G-&4pAx5jV8XX!GnuR;5i&xf!{^Dlk<3W+g+tLHtDK*? zu5x=i>suOJ6v;vF&?JJD_J%`)tb&v+tFB&3Z3PK4q|kpa?j+ytH@J@?QUOe(0spXn zfR+0Ez24}6fkgGuC@FjY_x+o!(0unK9~(bLXCuG%h#Eqh{$%0RTH89?T?mHmZfcmk z?lELwH0T{hxu+{5L!$Gn9Kwz{T*C(K%!#4d7>cqeFXq-Pqn9O`<$|C#-<{x6#V>W7 z{TP0)s`Hs^8uJ=PIM9s=sYE)0V)r3R2H$hZ0zpcI%$`iuzk1r;hy045{y;BJFuBc< zvPxWq;KFhGPRyy)YA)L733XWR@GBN6qpLfvN}1SF&(>h~r!3v#n#6G39K_h5g7U&9 zc2Dx!Mn&{^e!(Tmz7!DvT{$y#_joz-CK|jx7#a!EJY@@HXIG|s*TCj>TY0_{5lng1kVLY?$5>aC_-oOT4Tyeoh z%^EC2ZSr$Oc|@(hF(oLS=`w+R)yLfduwz&MWLtHFJ8{Cklrd;UC^8&87WNawj!=)3 zIXDGRQuxt~+iW^$Hx3;g5}qbNZM}r^B-x7PJX_N5mhc=2|3JcXCHyl9+a&x;2^UIuA0DgFF^~V%w4|iZm++Gk zK1IUMN_c^UACU6&SeuUB5H4A8{Bbb12t#LMY)F$Va+{&d=b zcJ$SBx(lu2wRHMHwCweC`T)UbkD`4LZ3Pmb=ndSiqdoK%_|UfE_I)?n2k`*l5ZVbm z87M|#jN*yeINAw365UNO-h4P<{}9?OGEr3ga&BzXayAs@oH=L4%<-HVMTDom9o?Hw zpNCc*C+63*5-1iucXub-;~tZipFy5Y{j=t zYp}6f^PINQSpH?UirjF4t<-5_PFpcJ>TEMzvs-{^v|t*^U>Sa|;I{>1!2fL(?A@9R zso1p3Y;4;099yy5R^+s)`9X1*1OICp(yH*Ix5YGuK0-|DX|}OkM}e&v80cx7 z-C!$j%%~)NUxM5Q$X!Wt=tXXuZ6@h3fS&-K{~IEgt>_!ME?e=~v^pEREw8~=dTV}z zts*u(_X^Qd#6a}4VRr5vK*4MVwR(1I7N$W?V6y)T^#{4NPS`KXU2B_3xX?jk9t)h{SV5Sp|vvYfZ1t-QegLTcO0A%ylsrp3Y@;L08m?Qk( z+VOn4+%}$*i=3hXLAb8NStC!x2XIzTo%2BMBgh@X(?1PpNZMAJYKZr;<1)b)|0O&QCyMCN& zu=`Dl(>EwiV|jJ9(%bTNTg9!@bz4nr#u}R=Y^!nds30#gQQ`ky`B%`>1wH7-$>U@M zPDbEl1WrcaWCTt|;A8|&M&M)wPDbEl1WrcaWCZ@djzGmi2lu~7wyHC9YfXo0=Lj(K zJsb6WQhh&1J^xeRS5wdX)N>#8Jg~UAi)*6$csdmQub-zw1mBhGpeFOpw~1K-R?lC@ zrwLd+Pu(ML&eih@^-M`U&m>)R;8tE7tzEoT_w@9A2Ri6E4jt;bu6o`%G1qYnUYD@) zdjqH9yFs#5_OYRq_orC$rzNc7iARZ?K0Zh2m*W4=8}%K#Y(tL}2|u2Z?Mt$KTee4J zJAIzuJ5{#l$aaNn8)dszw!N|)mhG*w{jO~9m+d36eMYt~$@Xp89+B~@&ynp4 z**3~{t!#T`J1pDmerLmKd=#GG%kvb3@A=`?#u~Q=@BPJ|r&0h*3kvE(LmTn3zu#b` zJxkfLippx{=?`HS32O<5ZtMxMiwzDsLL9XBhA$~7X!VB&1K6#Dx4(QxLfGHEkzp@H z5L;`?7=6KpwmJ2444z zO%2!!6zU1!CAE+FLOoI1j>W&|gLgUDkHt#qMa|-NDY1AdH-h)L0|fzkA&u=vN*TSt z#I^&xuE9rm0{l}wWq2jrGZ4iGX|S(Ak_Q5V0cnB6c|;-w@Eos-%DA6p*vjAw^ln7! z=iM5Lb`Jz1{bkq@L8|E;G~PuKk_WhqUV2@?-zyCa6riWrH$hRcddGPvK8OwM%MkGm z3nPg7F}#R$L2nehAtL?a<(CiJXF}ZKb@JHwTMZ58$I%ovE18gW1 z=Jv9?X)h@7=q}dY(&)hsG#7KX(@vYU?gm!_TkLEHyts^A>GtR?9UcabHfOWvYSz-o zoXuCW%iYZlW!Q(&+J;?qtfj5My{5Iv?E(&4qMAAy+|8?59psu@klSt~HI#Z<7#WnR z+%Cv9vNf)@dL5dbb?zo?*()n(bbFdfXJbnnbFx-vo5x+>(d2AntsQNxE$uFtZ-Cln z>@jSE71tV9v&Rmrz%kca0IXeiHZ_r{0%r%jZzKO$eM{@rZP@nbVR}nbgA2$y7d&&; zHMxW-bgI6|>0VRD8k}pKtI4}I)&ebU1;i%2V^``fLXkZu{;#JkO4JS7N``%Zo-*{Z z&65$m(%tSVW6m~rI|Zb%tz}JF0fiG1&<-V#Yjz1O6lxxz%!q)60@i^}D_>ZH%h?27 z7@p>1hR>dKBZ^V`wma>Lsvp}t_$-W|o(jPig_vlE0}d;OZ-w=o#mI4D{p zEGTlr)G)?1p zDx~*D)+1ZK3Pk*K-;lC@SFVGz-z58OwkEo!Lm zN?xsN8i6BLC9l?J6LJBh)?;AdM|S+0fu*&Ol2_}Wak;?UB<0lmcg3e#ddEgq(NQm}Se;rw1q| zGR&Fv^oAlJaj12&fP}B=oZ5}}S>?CNb=g)ae;_O15}o<38O7HsKRVw54Bk`D=S{|6 z0Zsa^;4z$7<<<8v$EAF(x)G29%D$5SPL{m7f4Kd8!J*dCia$I5zbEC@_^Iz)Zk6)K ze2fjeOevD>y=ck*jQlDGr>O5Q-^ZcJKiT#l0Ldz^U*zD-`b9$K@0lA70ju#B5WY)< z6WYt6*wp=!`W|yOe>VIyWD70w>VB%2CKirt{%rU;@R0w?K7HPX4)zbqzXV>&T_vyX zC)D?{_mFZND!-L|l?Piuv)WhR(L370#isOM>3J Date: Tue, 23 Feb 2021 16:32:31 -0500 Subject: [PATCH 13/36] Added Tini --- Dockerfile | 6 +++--- hardening_manifest.yaml | 10 +++++----- tini | Bin 0 -> 24064 bytes 3 files changed, 8 insertions(+), 8 deletions(-) create mode 100644 tini diff --git a/Dockerfile b/Dockerfile index 8ce3fd7..26a16c5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,8 +50,8 @@ RUN useradd -m -s /bin/bash -N -u $NB_UID -g $NB_GID $NB_USER && \ fix-permissions /opt/app-root -P # install tini -#COPY tini /usr/bin/tini -#RUN chmod +x /usr/bin/tini +COPY tini /usr/bin/tini +RUN chmod +x /usr/bin/tini USER $NB_UID @@ -75,7 +75,7 @@ EXPOSE 8888 # critical env variable to enable jupyter lab GUI (default is the old interface) ENV JUPYTER_ENABLE_LAB=1 # Configure container startup -#ENTRYPOINT ["tini", "-g", "--"] +ENTRYPOINT ["tini", "-g", "--"] CMD ["start-notebook.sh"] # Copy local files as late as possible to avoid cache busting diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 96bd11d..28f4841 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -29,14 +29,14 @@ labels: mil.dso.ironbank.product.name: "jlab-eda" -#- filename: tini -# url: https://github.com/krallin/tini/releases/download/v0.19.0/tini -# validation: -# type: sha256 -# value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c # List of resources to make available to the offline build context resources: +- filename: tini + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c - filename: pip-20.2.4.tar.gz url: https://files.pythonhosted.org/packages/0b/f5/be8e741434a4bf4ce5dbc235aa28ed0666178ea8986ddc10d035023744e6/pip-20.2.4.tar.gz validation: diff --git a/tini b/tini new file mode 100644 index 0000000000000000000000000000000000000000..86cb766c6b8af2564ac9201df913fe079acae3d1 GIT binary patch literal 24064 zcmeHvdw3hwweQ%m^KcT`2?-cT%O=MG2W(*{c5ng)$+nykIJU9n@JNF#Te2;%B_oaO zgmR0i5*k&wbz3Nu)58fZrLS`jv=kZyB@O|SL)&u$Txdd|gh%O!@JI;_DHL>nYd_?P z5`U-nJKz1|eqRRUJ?p*p+H0@bGqW={yP6tvb8<9wPL0hCv2PPjs2d7Xg&QyC;s#fhx$u|vc9)2~s0#TFe;3ukGB+#%R4&@=WWN-3t z$WzfaTq;1-Y8vARk|SS>nmLHJi=U|W%QGZiIVk1GJ(4Sxa-~vEwR=c04%I4g>Kpw$ zvVWdj2OxqS)MyR-?_^87bhQ4-@X`6!RUAa?;3ulRPoOo`D!D5lM}GdJN0DS~llG>H z%OTl6)k;viU?9-FqUwSHU->{F7~N35p=L$-iYj{~WM9VnP5Oy1P5JDpX|oH4&4ml5w0{7UgV55IE!D)FPE8owI+D5SOcU4mcsL22{-Z3|O-KfCS9 za|<{B(>pJGVAEfy9=rbLyKh?d)W`E59s7&zmyccb;))-Z$M)TD)uP=u#CQMOnN=YxvPIqwlWr@F# z>nYT3KVRTE5r1ZZf1Y-_=D4DZqb{d{gk!$6J3imR;b*0ug@ER1XJ|j^=;C*IXGVZ*&y{CI!oYb9@25A#CI)r5U3>~PscfEi=aOt^$V<~T`u{@rJi+?@Coqq zAhA{UOZjuQ)Wg9|4a$?n%rrQHV?IXK@7kf-C<_)(lEWE|)kK}WgdAD8`= z?AnO5+j_Qx^A$+D3A8l6RnmVIpLvp>Nj-iprD@Mg{c3$g*BUw=#E<-WFw39+1V1}L ze7-LEw`TF1Qh%%L@0Fw+$9m;Yv4g|E03Sba9qysa?g}kpgd>5zpm#tE4HG$VP>(hg?lFK1^!W#ejE%(G z+3635gP~4Py+$AuBw?5UzIP}b2pYYeJ^fH__(D-b>m7<3J(|%2!J)qJkj7hBf{Z^n zOs;vueZ&l%WX0#_{`fcedxnR!-jQ&?@DtwK!%dBN1Kd$yjKHAZM=&|uGYHj27)nB6 zI6_hAj6k)~Ip_@pwQg_3AM_6Tc|XaG-mu@V_tB1h%RD~{K$mP&hAJ=Dh~T2M#$nAdEa?sXs|or zhnF;-h-QyJ7{M?Mc}Id;=Vim4Z88+~1Kvmke4@)3cYn|IQYaen_8~kJIu)E_0vCvc z2E2wJGJye~wz|n(SKqnJzT94wIbUY4MoQ<(|0d5AhUW6*xjLJ~QK=$qj^)2&AuEN> ztyDS}FwHA*PPI)O#_54sv|`-`CkPikgWz24DRK(O(UvaW(i*&wpNT(ee$zdRyfxtj zb$uW_ty$Hf>IdOzt*Q=H=LmnHLZU5h?cxyKzNnHw2xh@c7dc<41usiG$5&YJss<9F z#)7xrUpOpydF#aW=oY-H$wX+i;1RgYag_yMkip{q(}JfplREk>_&ExRcF2OCYr$`@ z;B6NCs0FXan8;f!c)ABs$G8PQUm?-nWx=0f!Ed$T>0U=2Ke6Cxt)PwvE%;Lv674n% z{xl1I!h%=VRwD1V;Lot|@3G*|wBYwz@akTh$OkO=FIf0Z3;v51{2>dTS@1_K__Hl| zJ@)QQJ&_;1lxh0r2_xS;jO^88PtDwEVZv#;x*II%B|iKu#M&mkgy4Q+N*ze!SaJ=) zl=`VX9Bw0+Qa&}o;mZi7R8Kv~;W~mT#Zy~3yoz9&R;h6gFC&;zJvGYV^9ZICPYrQ+ zF~OADsV)wmK`^Css+Gg@38qv|IXGNEFr{#+g2TB4Q|hJ|hd;RlFr{p&h{GQeOsSgE zIQ$O5R8mrhJ_lmS8w69zrVeoUWr8VHQ+qi4Ji(NrsR<50OYkWKKgi)H38s`xZRK#1 zU`oZ*IEQ~pFr{E>l*2zGm{Kn_#Ni(hOevS@;_%%BV*!Z%bNJf?Q|hH09R51Nlya#G z4u6$kO0^W@aJZIfz2kuSq2KcE77U&~)>N`UAM=zH?`kOFaY4I)M%nxXu|~$sNdTeW z@)U9Jteh}+BBVgi*hWkT-`2-|RpOwO8oRyZ0NO{-0a}lLtjCR#Qhm%QVTXUN$NwPF zo{|cHW1C7Qh->Vo5{DjdC}HL$i2LS==+6_?kJmA6^AY3P?c9f6cn)K&=5Ibrr}aeb zFsShz$@|WCXipFW{5cF3Ju&x7pd?Fx;`r@bsvVlSo0F=YAZ@2aG4F(yR6Pb4a_e|M z3O82)H2)oWp(l)zVhY6^a*UbRA$K=V6mF*M&=WV66q_?44kk`_n3o|Jh)xcG46IR7 zWE#i-!oCV@>?VZN_oA)J8IM8e;Ph>8w~O?F>n2LBBT$1c@rVE^*gC5^x75t z1kpS6Ti)jic6>e!3iS9PeTR9ep7V_U+~>x^jJDZITj5#IBkYgX{=&gi^4<$z9gL5n)y&I*MaJd9rL2s*1yMBT zfSjl?H{(3%xWIvw-vREIP;*pbUIUVzsNM;b7_QSH!e`C8oxS7c!B4pU`#{dpe>Um= zH;|!!3F$8q`VZcNIG7I!xq;*5QqXT2Lhe1BC;Nq5st1v3uRKzjHtz=-VcGIN_0SEV zG97=$Y~|SaP9tPillJ(|gcdt`df}!SIT}u;8{KBDuzCbFCCl3ggcBE;H=#+sO1Z`Z z@p~}JKs*K|n%M+8qVX{BA{w)yF}^nw@5=qL+8L{umOK28x#w>@Gy!4kS<7Uf&b7>K z0VP=hwPJQmpr7V`?qPLR#=y^@<>0@ld^Nu;loCCw2fu)%c`?X{_ro|({#tY+MWsQ> zlYf0H;a}mcjX;}aLfzAt*-&Tov70+G_vfG_X~ijg948+y6h4lFB!Vy<7_0qr4W>tY=WvVp??-urRtxJ3%N#1$=3BzA za!}lfIVIeP=Jp19J&tK9S6|^zw7w|LQ)FL?C|yjq$yy3#lgXdT1tu zjfUfG?0~S@1Tx0^X%WaTf(wb8{LqqXcMBWSGB&P;2#*6_0B|dl^{1m6de?v{*(!MWFbVQMN%BP?14CYI0TbtdbRH+~OVUC? zWL72Ao3C>2eU>ZW9tfGwNc6cG?xTc$K%y_rpjjo*cS*D}gYF{qEfP(S^@Yiw5c)ca zUYS9ggl?DU$_%=68PFF?^ok6+i_l9X`U@Gfo4RA;=s$|Fef_T#iG9i93{M~NymN#H z=+RLC$-AITh3IubaPqNw^qWN9Yau@=$ejDpdx$!7IiDLpB?59?j|;==)~9-5TI5q= zVX&HVEnEA;qYeaC@3J+bXT z4JF3=W(~As{=A~^cr!2Y9TV92!pBi##8kwU2=mM``Eb>k%s1F5PST==mK`&7tlIcp zpt*p8g+36v3{pxQQN#C1+sGf}a}h)9b*; z%u8cOYerbQgLh(e6+;lw^3_g8Gw#{+yVV_v=q!%Srtf ze$omG?%fN7d9n2SA++XeA9BC%0wK%qg~IP3D9IG1R-!hHbCv2xc!#Syff94&VQ3<+ zY4Am@x|17*;8$ioO8N4{Z=mMz{e_!Xf&g{XAglWMD3z?_E-)wqcff$q(<1c5Upv2c z?+SQ8=@#3SqxYoEE^>eKggZXnSf%$Yd=%uRFCZ^pL|$#)U-*q9eBnChB|Sa|S@vYk z$`@`vr1$LCcjfJc5?p&yAA-Z&_ZRNaw;`Stg+h2?-VHJ;_9N`#PaJPnX{d0g8BDD8Egs1QXMhhme_@S z>Qx@mC+V6t{<7izdu7s@l z)cZWEYq_48_ZlE2^1v{YGUz2jW#>~P1AI6e6LSv&6T_fQB< zg>kwK`XX+MP!(v-B4~MeX!Wr#mE_T7gC3bsBv%TsWqvWEC9h_li=Mg@YxxzKjGFgL;ctKpLJ?i6$qRE#5H{@~U>pEO z(!K1ssq+jJqSjvkie)+RYs%(-=A`NcAc>K@jtAnFT#^+ zh>}VMEs6UFPN{ZeOnjG=oTyLZ<~pH&!SVXP1ufp7ju)KSb}~Jl%#IOq!#(po@7^aX;?zXo*LETZ=0_il&gva;-9E0iG4oL zxIR|<*7ODIZ3GKukKS6H+bt2enXbDKa(QW+G*sui})ZJbnHnKAV>Xu;L@EYi46X#B{|`(Uk8-x3;M z1|?aP(YOcWXZ8w>+d&e}S4-zBCn#DpPo@dI-#=dON(kf5(Y#l1+z1Y;eXm2Y3eKrQ ze`iMjiz&!dm881o4?7ErT<*44u`KWD}|+JQ6JC~>%*5m=qr4rsbnq&=;t6O_gLa|nK1Sp;6vcexeSr}UmKh)wpbq)X&%S~`b)5cnJMnB2< zN+?$Q+&SddwdUP#^8hbD-mN`k2-=2D-2VjG@+_hTR?JmG{X-e`v!E(9jZb8U=DZRs zn0T6QH=D+m{BbeE!{xDZYVkzuh&%pb)6zfDeYL*hvuWnJe?nI`zh|(@{VEl$2j9jlMw%Iw0h^3kpkD@;2tAa6yjb2m4(uwzt#p>#=P zX@OQB8XUyl1%_>(enuNjLcz$Yf&z`P@_|*Xy+1Sp65l?+h|RwtVAu;ZS8zBG4h0AO zL4yr@!vWe#!Nol8W_M?MM_rrC+3IT3IJnl;R@c(*_FOH%%iT>)ovm#x^{)2z&ed%# z9j%D{Y8_2^`LG{*Ua%u&Nu)q)4jIe~?E?Xybc~^|tbB-vXDX_nQ-@ad50CT>_*Ws0 zo;GK_>zK}~-4A{r^F|ooz`!Q=eXP6E+17k)w6N(zZnVjS_1qr1m2wG|bq90;BF`4>ebGxOt1Q zBM>p=qvot@V(Jjw$$#pR&OaGmMR_G;}@X0p*F`?^`O( zPj0lz*aLqg+SAW`{$b3+spQ&eYfol?xzAbKHdbM;TxqXh<*W~r z+vl&U@cJqwUkB|1qAA7JwcvGMOLO~rhG?&DbFN|K7c`fDik&R zn85I*FYFy;(I9qUF{9s)?qGY>aDXN{3-xB^IBjnd@qp*NI6)Q4kkTxxk#gEnjbIOa z{gT1x4@6kMe_)6W`Xl7NwQzwivWlq!K+~Ul*aObV62MBs{u`nJ?5tuTpXQp>Qh zX(2lNcD zVypc@e;Avn*dP@H^sGA+K^2Y~*mP%ymqXag#-c-%D9cg7&>y7$@*}HQD{b#W53uVj zNI5P%pp>FrT@0=;?9-#k&G-&4pAx5jV8XX!GnuR;5i&xf!{^Dlk<3W+g+tLHtDK*? zu5x=i>suOJ6v;vF&?JJD_J%`)tb&v+tFB&3Z3PK4q|kpa?j+ytH@J@?QUOe(0spXn zfR+0Ez24}6fkgGuC@FjY_x+o!(0unK9~(bLXCuG%h#Eqh{$%0RTH89?T?mHmZfcmk z?lELwH0T{hxu+{5L!$Gn9Kwz{T*C(K%!#4d7>cqeFXq-Pqn9O`<$|C#-<{x6#V>W7 z{TP0)s`Hs^8uJ=PIM9s=sYE)0V)r3R2H$hZ0zpcI%$`iuzk1r;hy045{y;BJFuBc< zvPxWq;KFhGPRyy)YA)L733XWR@GBN6qpLfvN}1SF&(>h~r!3v#n#6G39K_h5g7U&9 zc2Dx!Mn&{^e!(Tmz7!DvT{$y#_joz-CK|jx7#a!EJY@@HXIG|s*TCj>TY0_{5lng1kVLY?$5>aC_-oOT4Tyeoh z%^EC2ZSr$Oc|@(hF(oLS=`w+R)yLfduwz&MWLtHFJ8{Cklrd;UC^8&87WNawj!=)3 zIXDGRQuxt~+iW^$Hx3;g5}qbNZM}r^B-x7PJX_N5mhc=2|3JcXCHyl9+a&x;2^UIuA0DgFF^~V%w4|iZm++Gk zK1IUMN_c^UACU6&SeuUB5H4A8{Bbb12t#LMY)F$Va+{&d=b zcJ$SBx(lu2wRHMHwCweC`T)UbkD`4LZ3Pmb=ndSiqdoK%_|UfE_I)?n2k`*l5ZVbm z87M|#jN*yeINAw365UNO-h4P<{}9?OGEr3ga&BzXayAs@oH=L4%<-HVMTDom9o?Hw zpNCc*C+63*5-1iucXub-;~tZipFy5Y{j=t zYp}6f^PINQSpH?UirjF4t<-5_PFpcJ>TEMzvs-{^v|t*^U>Sa|;I{>1!2fL(?A@9R zso1p3Y;4;099yy5R^+s)`9X1*1OICp(yH*Ix5YGuK0-|DX|}OkM}e&v80cx7 z-C!$j%%~)NUxM5Q$X!Wt=tXXuZ6@h3fS&-K{~IEgt>_!ME?e=~v^pEREw8~=dTV}z zts*u(_X^Qd#6a}4VRr5vK*4MVwR(1I7N$W?V6y)T^#{4NPS`KXU2B_3xX?jk9t)h{SV5Sp|vvYfZ1t-QegLTcO0A%ylsrp3Y@;L08m?Qk( z+VOn4+%}$*i=3hXLAb8NStC!x2XIzTo%2BMBgh@X(?1PpNZMAJYKZr;<1)b)|0O&QCyMCN& zu=`Dl(>EwiV|jJ9(%bTNTg9!@bz4nr#u}R=Y^!nds30#gQQ`ky`B%`>1wH7-$>U@M zPDbEl1WrcaWCTt|;A8|&M&M)wPDbEl1WrcaWCZ@djzGmi2lu~7wyHC9YfXo0=Lj(K zJsb6WQhh&1J^xeRS5wdX)N>#8Jg~UAi)*6$csdmQub-zw1mBhGpeFOpw~1K-R?lC@ zrwLd+Pu(ML&eih@^-M`U&m>)R;8tE7tzEoT_w@9A2Ri6E4jt;bu6o`%G1qYnUYD@) zdjqH9yFs#5_OYRq_orC$rzNc7iARZ?K0Zh2m*W4=8}%K#Y(tL}2|u2Z?Mt$KTee4J zJAIzuJ5{#l$aaNn8)dszw!N|)mhG*w{jO~9m+d36eMYt~$@Xp89+B~@&ynp4 z**3~{t!#T`J1pDmerLmKd=#GG%kvb3@A=`?#u~Q=@BPJ|r&0h*3kvE(LmTn3zu#b` zJxkfLippx{=?`HS32O<5ZtMxMiwzDsLL9XBhA$~7X!VB&1K6#Dx4(QxLfGHEkzp@H z5L;`?7=6KpwmJ2444z zO%2!!6zU1!CAE+FLOoI1j>W&|gLgUDkHt#qMa|-NDY1AdH-h)L0|fzkA&u=vN*TSt z#I^&xuE9rm0{l}wWq2jrGZ4iGX|S(Ak_Q5V0cnB6c|;-w@Eos-%DA6p*vjAw^ln7! z=iM5Lb`Jz1{bkq@L8|E;G~PuKk_WhqUV2@?-zyCa6riWrH$hRcddGPvK8OwM%MkGm z3nPg7F}#R$L2nehAtL?a<(CiJXF}ZKb@JHwTMZ58$I%ovE18gW1 z=Jv9?X)h@7=q}dY(&)hsG#7KX(@vYU?gm!_TkLEHyts^A>GtR?9UcabHfOWvYSz-o zoXuCW%iYZlW!Q(&+J;?qtfj5My{5Iv?E(&4qMAAy+|8?59psu@klSt~HI#Z<7#WnR z+%Cv9vNf)@dL5dbb?zo?*()n(bbFdfXJbnnbFx-vo5x+>(d2AntsQNxE$uFtZ-Cln z>@jSE71tV9v&Rmrz%kca0IXeiHZ_r{0%r%jZzKO$eM{@rZP@nbVR}nbgA2$y7d&&; zHMxW-bgI6|>0VRD8k}pKtI4}I)&ebU1;i%2V^``fLXkZu{;#JkO4JS7N``%Zo-*{Z z&65$m(%tSVW6m~rI|Zb%tz}JF0fiG1&<-V#Yjz1O6lxxz%!q)60@i^}D_>ZH%h?27 z7@p>1hR>dKBZ^V`wma>Lsvp}t_$-W|o(jPig_vlE0}d;OZ-w=o#mI4D{p zEGTlr)G)?1p zDx~*D)+1ZK3Pk*K-;lC@SFVGz-z58OwkEo!Lm zN?xsN8i6BLC9l?J6LJBh)?;AdM|S+0fu*&Ol2_}Wak;?UB<0lmcg3e#ddEgq(NQm}Se;rw1q| zGR&Fv^oAlJaj12&fP}B=oZ5}}S>?CNb=g)ae;_O15}o<38O7HsKRVw54Bk`D=S{|6 z0Zsa^;4z$7<<<8v$EAF(x)G29%D$5SPL{m7f4Kd8!J*dCia$I5zbEC@_^Iz)Zk6)K ze2fjeOevD>y=ck*jQlDGr>O5Q-^ZcJKiT#l0Ldz^U*zD-`b9$K@0lA70ju#B5WY)< z6WYt6*wp=!`W|yOe>VIyWD70w>VB%2CKirt{%rU;@R0w?K7HPX4)zbqzXV>&T_vyX zC)D?{_mFZND!-L|l?Piuv)WhR(L370#isOM>3J Date: Wed, 24 Feb 2021 10:33:12 -0500 Subject: [PATCH 14/36] Updated COPY in Dockerfile --- Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 26a16c5..287479f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,7 +64,11 @@ WORKDIR /tmp # Install jupyterlab RUN mkdir ./repo -COPY ./repo/* ./repo + +#Pipeline +COPY ./*.whl ./repo +COPY ./*.tar.gz ./repo + RUN python3.6 -m pip install --no-index --find-links ./repo jupyterlab && \ rm -rf /tmp/repo && \ fix-permissions /opt/app-root -- GitLab From 64c9969cead18708fc1665d7ed1b07556990bd74 Mon Sep 17 00:00:00 2001 From: Diego Alejandro Medin Date: Wed, 24 Feb 2021 11:48:10 -0500 Subject: [PATCH 15/36] Updated Hardening Manifest --- hardening_manifest.yaml | 12 +++---- repo.bad.txt | 69 +++++++++++++++++++++++++++++++++++++++++ repo.txt | 69 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 144 insertions(+), 6 deletions(-) create mode 100644 repo.bad.txt create mode 100644 repo.txt diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 28f4841..de78649 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -62,11 +62,11 @@ resources: validation: type: sha256 value: e36efa5edd52b302f0b784ff2a4d1f2cd50f7058af331151315e98b73f947b8d -- filename: tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/85/26/e710295dcb4aac62b08f22d07efc899574476db37532159a7f71713cdaf2/tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl +- filename: tornado-6.1-cp36-cp36m-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/01/d1/8750ad20cbcefb499bb8b405e243f83c2c89f78d139e6f8c8d800640f554/tornado-6.1-cp36-cp36m-manylinux1_x86_64.whl validation: type: sha256 - value: 65d98939f1a2e74b58839f8c4dab3b6b3c1ce84972ae712be02845e65391ac7c + value: e385b637ac3acaae8022e7e47dfa7b83d3620e432e3ecb9a3f7f58f150e50921 - filename: jupyter_core-4.7.1-py3-none-any.whl url: https://files.pythonhosted.org/packages/53/40/5af36bffa0af3ac71d3a6fc6709de10e4f6ff7c01745b8bc4715372189c9/jupyter_core-4.7.1-py3-none-any.whl validation: @@ -92,11 +92,11 @@ resources: validation: type: sha256 value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a -- filename: MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/9d/d3/75cddfad6ca1d1bb3a017cece499a65e54ceb4583800f1256b8ad07bb57f/MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl +- filename: MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/b2/5f/23e0023be6bb885d00ffbefad2942bc51a620328ee910f64abe5a8d18dd1/MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl validation: type: sha256 - value: 84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0 + value: 717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e - filename: pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl url: https://files.pythonhosted.org/packages/7c/8f/e83fc0060a7626d3555b971a70a37a0d57f727ec7ec860e9aadf96fdd724/pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl validation: diff --git a/repo.bad.txt b/repo.bad.txt new file mode 100644 index 0000000..8ee25bb --- /dev/null +++ b/repo.bad.txt @@ -0,0 +1,69 @@ +Babel-2.9.0-py2.py3-none-any.whl +Jinja2-2.11.3-py2.py3-none-any.whl +MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl +Pygments-2.8.0-py3-none-any.whl +Send2Trash-1.5.0-py3-none-any.whl +anyio-2.1.0-py3-none-any.whl +argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl +async_generator-1.10-py3-none-any.whl +attrs-20.3.0-py2.py3-none-any.whl +backcall-0.2.0-py2.py3-none-any.whl +bleach-3.3.0-py2.py3-none-any.whl +certifi-2020.12.5-py2.py3-none-any.whl +cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl +chardet-4.0.0-py2.py3-none-any.whl +contextvars-2.4.tar.gz +dataclasses-0.8-py3-none-any.whl +decorator-4.4.2-py2.py3-none-any.whl +defusedxml-0.6.0-py2.py3-none-any.whl +entrypoints-0.3-py2.py3-none-any.whl +idna-2.10-py2.py3-none-any.whl +immutables-0.15-cp36-cp36m-manylinux1_x86_64.whl +importlib_metadata-3.5.0-py3-none-any.whl +ipykernel-5.5.0-py3-none-any.whl +ipython-7.16.1-py3-none-any.whl +ipython_genutils-0.2.0-py2.py3-none-any.whl +jedi-0.18.0-py2.py3-none-any.whl +json5-0.9.5-py2.py3-none-any.whl +jsonschema-3.2.0-py2.py3-none-any.whl +jupyter_client-6.1.11-py3-none-any.whl +jupyter_core-4.7.1-py3-none-any.whl +jupyter_packaging-0.7.12-py2.py3-none-any.whl +jupyter_server-1.4.1-py3-none-any.whl +jupyterlab-3.0.9-py3-none-any.whl +jupyterlab_pygments-0.1.2-py2.py3-none-any.whl +jupyterlab_server-2.3.0-py3-none-any.whl +mistune-0.8.4-py2.py3-none-any.whl +nbclassic-0.2.6-py3-none-any.whl +nbclient-0.5.2-py3-none-any.whl +nbconvert-6.0.7-py3-none-any.whl +nbformat-5.1.2-py3-none-any.whl +nest_asyncio-1.5.1-py3-none-any.whl +notebook-6.2.0-py3-none-any.whl +packaging-20.9-py2.py3-none-any.whl +pandocfilters-1.4.3.tar.gz +parso-0.8.1-py2.py3-none-any.whl +pexpect-4.8.0-py2.py3-none-any.whl +pickleshare-0.7.5-py2.py3-none-any.whl +prometheus_client-0.9.0-py2.py3-none-any.whl +prompt_toolkit-3.0.16-py3-none-any.whl +ptyprocess-0.7.0-py2.py3-none-any.whl +pycparser-2.20-py2.py3-none-any.whl +pyparsing-2.4.7-py2.py3-none-any.whl +pyrsistent-0.17.3.tar.gz +python_dateutil-2.8.1-py2.py3-none-any.whl +pytz-2021.1-py2.py3-none-any.whl +pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl +requests-2.25.1-py2.py3-none-any.whl +setuptools-53.0.0-py3-none-any.whl +six-1.15.0-py2.py3-none-any.whl +sniffio-1.2.0-py3-none-any.whl +terminado-0.9.2-py3-none-any.whl +testpath-0.4.4-py2.py3-none-any.whl +tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl +traitlets-4.3.3-py2.py3-none-any.whl +typing_extensions-3.7.4.3-py3-none-any.whl +urllib3-1.26.3-py2.py3-none-any.whl +wcwidth-0.2.5-py2.py3-none-any.whl +webencodings-0.5.1-py2.py3-none-any.whl +zipp-3.4.0-py3-none-any.whl diff --git a/repo.txt b/repo.txt new file mode 100644 index 0000000..041d2ef --- /dev/null +++ b/repo.txt @@ -0,0 +1,69 @@ +Babel-2.9.0-py2.py3-none-any.whl +Jinja2-2.11.3-py2.py3-none-any.whl +MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl +Pygments-2.8.0-py3-none-any.whl +Send2Trash-1.5.0-py3-none-any.whl +anyio-2.1.0-py3-none-any.whl +argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl +async_generator-1.10-py3-none-any.whl +attrs-20.3.0-py2.py3-none-any.whl +backcall-0.2.0-py2.py3-none-any.whl +bleach-3.3.0-py2.py3-none-any.whl +certifi-2020.12.5-py2.py3-none-any.whl +cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl +chardet-4.0.0-py2.py3-none-any.whl +contextvars-2.4.tar.gz +dataclasses-0.8-py3-none-any.whl +decorator-4.4.2-py2.py3-none-any.whl +defusedxml-0.6.0-py2.py3-none-any.whl +entrypoints-0.3-py2.py3-none-any.whl +idna-2.10-py2.py3-none-any.whl +immutables-0.15-cp36-cp36m-manylinux1_x86_64.whl +importlib_metadata-3.5.0-py3-none-any.whl +ipykernel-5.5.0-py3-none-any.whl +ipython-7.16.1-py3-none-any.whl +ipython_genutils-0.2.0-py2.py3-none-any.whl +jedi-0.18.0-py2.py3-none-any.whl +json5-0.9.5-py2.py3-none-any.whl +jsonschema-3.2.0-py2.py3-none-any.whl +jupyter_client-6.1.11-py3-none-any.whl +jupyter_core-4.7.1-py3-none-any.whl +jupyter_packaging-0.7.12-py2.py3-none-any.whl +jupyter_server-1.4.1-py3-none-any.whl +jupyterlab-3.0.9-py3-none-any.whl +jupyterlab_pygments-0.1.2-py2.py3-none-any.whl +jupyterlab_server-2.3.0-py3-none-any.whl +mistune-0.8.4-py2.py3-none-any.whl +nbclassic-0.2.6-py3-none-any.whl +nbclient-0.5.2-py3-none-any.whl +nbconvert-6.0.7-py3-none-any.whl +nbformat-5.1.2-py3-none-any.whl +nest_asyncio-1.5.1-py3-none-any.whl +notebook-6.2.0-py3-none-any.whl +packaging-20.9-py2.py3-none-any.whl +pandocfilters-1.4.3.tar.gz +parso-0.8.1-py2.py3-none-any.whl +pexpect-4.8.0-py2.py3-none-any.whl +pickleshare-0.7.5-py2.py3-none-any.whl +prometheus_client-0.9.0-py2.py3-none-any.whl +prompt_toolkit-3.0.16-py3-none-any.whl +ptyprocess-0.7.0-py2.py3-none-any.whl +pycparser-2.20-py2.py3-none-any.whl +pyparsing-2.4.7-py2.py3-none-any.whl +pyrsistent-0.17.3.tar.gz +python_dateutil-2.8.1-py2.py3-none-any.whl +pytz-2021.1-py2.py3-none-any.whl +pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl +requests-2.25.1-py2.py3-none-any.whl +setuptools-53.0.0-py3-none-any.whl +six-1.15.0-py2.py3-none-any.whl +sniffio-1.2.0-py3-none-any.whl +terminado-0.9.2-py3-none-any.whl +testpath-0.4.4-py2.py3-none-any.whl +tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl +traitlets-4.3.3-py2.py3-none-any.whl +typing_extensions-3.7.4.3-py3-none-any.whl +urllib3-1.26.3-py2.py3-none-any.whl +wcwidth-0.2.5-py2.py3-none-any.whl +webencodings-0.5.1-py2.py3-none-any.whl +zipp-3.4.0-py3-none-any.whl -- GitLab From 132c00c878b3840f8d018fec5cf9dfe2f20c03a6 Mon Sep 17 00:00:00 2001 From: Diego Medina Date: Thu, 25 Feb 2021 19:39:25 +0000 Subject: [PATCH 16/36] Delete tini --- tini | Bin 24064 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 tini diff --git a/tini b/tini deleted file mode 100644 index 86cb766c6b8af2564ac9201df913fe079acae3d1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24064 zcmeHvdw3hwweQ%m^KcT`2?-cT%O=MG2W(*{c5ng)$+nykIJU9n@JNF#Te2;%B_oaO zgmR0i5*k&wbz3Nu)58fZrLS`jv=kZyB@O|SL)&u$Txdd|gh%O!@JI;_DHL>nYd_?P z5`U-nJKz1|eqRRUJ?p*p+H0@bGqW={yP6tvb8<9wPL0hCv2PPjs2d7Xg&QyC;s#fhx$u|vc9)2~s0#TFe;3ukGB+#%R4&@=WWN-3t z$WzfaTq;1-Y8vARk|SS>nmLHJi=U|W%QGZiIVk1GJ(4Sxa-~vEwR=c04%I4g>Kpw$ zvVWdj2OxqS)MyR-?_^87bhQ4-@X`6!RUAa?;3ulRPoOo`D!D5lM}GdJN0DS~llG>H z%OTl6)k;viU?9-FqUwSHU->{F7~N35p=L$-iYj{~WM9VnP5Oy1P5JDpX|oH4&4ml5w0{7UgV55IE!D)FPE8owI+D5SOcU4mcsL22{-Z3|O-KfCS9 za|<{B(>pJGVAEfy9=rbLyKh?d)W`E59s7&zmyccb;))-Z$M)TD)uP=u#CQMOnN=YxvPIqwlWr@F# z>nYT3KVRTE5r1ZZf1Y-_=D4DZqb{d{gk!$6J3imR;b*0ug@ER1XJ|j^=;C*IXGVZ*&y{CI!oYb9@25A#CI)r5U3>~PscfEi=aOt^$V<~T`u{@rJi+?@Coqq zAhA{UOZjuQ)Wg9|4a$?n%rrQHV?IXK@7kf-C<_)(lEWE|)kK}WgdAD8`= z?AnO5+j_Qx^A$+D3A8l6RnmVIpLvp>Nj-iprD@Mg{c3$g*BUw=#E<-WFw39+1V1}L ze7-LEw`TF1Qh%%L@0Fw+$9m;Yv4g|E03Sba9qysa?g}kpgd>5zpm#tE4HG$VP>(hg?lFK1^!W#ejE%(G z+3635gP~4Py+$AuBw?5UzIP}b2pYYeJ^fH__(D-b>m7<3J(|%2!J)qJkj7hBf{Z^n zOs;vueZ&l%WX0#_{`fcedxnR!-jQ&?@DtwK!%dBN1Kd$yjKHAZM=&|uGYHj27)nB6 zI6_hAj6k)~Ip_@pwQg_3AM_6Tc|XaG-mu@V_tB1h%RD~{K$mP&hAJ=Dh~T2M#$nAdEa?sXs|or zhnF;-h-QyJ7{M?Mc}Id;=Vim4Z88+~1Kvmke4@)3cYn|IQYaen_8~kJIu)E_0vCvc z2E2wJGJye~wz|n(SKqnJzT94wIbUY4MoQ<(|0d5AhUW6*xjLJ~QK=$qj^)2&AuEN> ztyDS}FwHA*PPI)O#_54sv|`-`CkPikgWz24DRK(O(UvaW(i*&wpNT(ee$zdRyfxtj zb$uW_ty$Hf>IdOzt*Q=H=LmnHLZU5h?cxyKzNnHw2xh@c7dc<41usiG$5&YJss<9F z#)7xrUpOpydF#aW=oY-H$wX+i;1RgYag_yMkip{q(}JfplREk>_&ExRcF2OCYr$`@ z;B6NCs0FXan8;f!c)ABs$G8PQUm?-nWx=0f!Ed$T>0U=2Ke6Cxt)PwvE%;Lv674n% z{xl1I!h%=VRwD1V;Lot|@3G*|wBYwz@akTh$OkO=FIf0Z3;v51{2>dTS@1_K__Hl| zJ@)QQJ&_;1lxh0r2_xS;jO^88PtDwEVZv#;x*II%B|iKu#M&mkgy4Q+N*ze!SaJ=) zl=`VX9Bw0+Qa&}o;mZi7R8Kv~;W~mT#Zy~3yoz9&R;h6gFC&;zJvGYV^9ZICPYrQ+ zF~OADsV)wmK`^Css+Gg@38qv|IXGNEFr{#+g2TB4Q|hJ|hd;RlFr{p&h{GQeOsSgE zIQ$O5R8mrhJ_lmS8w69zrVeoUWr8VHQ+qi4Ji(NrsR<50OYkWKKgi)H38s`xZRK#1 zU`oZ*IEQ~pFr{E>l*2zGm{Kn_#Ni(hOevS@;_%%BV*!Z%bNJf?Q|hH09R51Nlya#G z4u6$kO0^W@aJZIfz2kuSq2KcE77U&~)>N`UAM=zH?`kOFaY4I)M%nxXu|~$sNdTeW z@)U9Jteh}+BBVgi*hWkT-`2-|RpOwO8oRyZ0NO{-0a}lLtjCR#Qhm%QVTXUN$NwPF zo{|cHW1C7Qh->Vo5{DjdC}HL$i2LS==+6_?kJmA6^AY3P?c9f6cn)K&=5Ibrr}aeb zFsShz$@|WCXipFW{5cF3Ju&x7pd?Fx;`r@bsvVlSo0F=YAZ@2aG4F(yR6Pb4a_e|M z3O82)H2)oWp(l)zVhY6^a*UbRA$K=V6mF*M&=WV66q_?44kk`_n3o|Jh)xcG46IR7 zWE#i-!oCV@>?VZN_oA)J8IM8e;Ph>8w~O?F>n2LBBT$1c@rVE^*gC5^x75t z1kpS6Ti)jic6>e!3iS9PeTR9ep7V_U+~>x^jJDZITj5#IBkYgX{=&gi^4<$z9gL5n)y&I*MaJd9rL2s*1yMBT zfSjl?H{(3%xWIvw-vREIP;*pbUIUVzsNM;b7_QSH!e`C8oxS7c!B4pU`#{dpe>Um= zH;|!!3F$8q`VZcNIG7I!xq;*5QqXT2Lhe1BC;Nq5st1v3uRKzjHtz=-VcGIN_0SEV zG97=$Y~|SaP9tPillJ(|gcdt`df}!SIT}u;8{KBDuzCbFCCl3ggcBE;H=#+sO1Z`Z z@p~}JKs*K|n%M+8qVX{BA{w)yF}^nw@5=qL+8L{umOK28x#w>@Gy!4kS<7Uf&b7>K z0VP=hwPJQmpr7V`?qPLR#=y^@<>0@ld^Nu;loCCw2fu)%c`?X{_ro|({#tY+MWsQ> zlYf0H;a}mcjX;}aLfzAt*-&Tov70+G_vfG_X~ijg948+y6h4lFB!Vy<7_0qr4W>tY=WvVp??-urRtxJ3%N#1$=3BzA za!}lfIVIeP=Jp19J&tK9S6|^zw7w|LQ)FL?C|yjq$yy3#lgXdT1tu zjfUfG?0~S@1Tx0^X%WaTf(wb8{LqqXcMBWSGB&P;2#*6_0B|dl^{1m6de?v{*(!MWFbVQMN%BP?14CYI0TbtdbRH+~OVUC? zWL72Ao3C>2eU>ZW9tfGwNc6cG?xTc$K%y_rpjjo*cS*D}gYF{qEfP(S^@Yiw5c)ca zUYS9ggl?DU$_%=68PFF?^ok6+i_l9X`U@Gfo4RA;=s$|Fef_T#iG9i93{M~NymN#H z=+RLC$-AITh3IubaPqNw^qWN9Yau@=$ejDpdx$!7IiDLpB?59?j|;==)~9-5TI5q= zVX&HVEnEA;qYeaC@3J+bXT z4JF3=W(~As{=A~^cr!2Y9TV92!pBi##8kwU2=mM``Eb>k%s1F5PST==mK`&7tlIcp zpt*p8g+36v3{pxQQN#C1+sGf}a}h)9b*; z%u8cOYerbQgLh(e6+;lw^3_g8Gw#{+yVV_v=q!%Srtf ze$omG?%fN7d9n2SA++XeA9BC%0wK%qg~IP3D9IG1R-!hHbCv2xc!#Syff94&VQ3<+ zY4Am@x|17*;8$ioO8N4{Z=mMz{e_!Xf&g{XAglWMD3z?_E-)wqcff$q(<1c5Upv2c z?+SQ8=@#3SqxYoEE^>eKggZXnSf%$Yd=%uRFCZ^pL|$#)U-*q9eBnChB|Sa|S@vYk z$`@`vr1$LCcjfJc5?p&yAA-Z&_ZRNaw;`Stg+h2?-VHJ;_9N`#PaJPnX{d0g8BDD8Egs1QXMhhme_@S z>Qx@mC+V6t{<7izdu7s@l z)cZWEYq_48_ZlE2^1v{YGUz2jW#>~P1AI6e6LSv&6T_fQB< zg>kwK`XX+MP!(v-B4~MeX!Wr#mE_T7gC3bsBv%TsWqvWEC9h_li=Mg@YxxzKjGFgL;ctKpLJ?i6$qRE#5H{@~U>pEO z(!K1ssq+jJqSjvkie)+RYs%(-=A`NcAc>K@jtAnFT#^+ zh>}VMEs6UFPN{ZeOnjG=oTyLZ<~pH&!SVXP1ufp7ju)KSb}~Jl%#IOq!#(po@7^aX;?zXo*LETZ=0_il&gva;-9E0iG4oL zxIR|<*7ODIZ3GKukKS6H+bt2enXbDKa(QW+G*sui})ZJbnHnKAV>Xu;L@EYi46X#B{|`(Uk8-x3;M z1|?aP(YOcWXZ8w>+d&e}S4-zBCn#DpPo@dI-#=dON(kf5(Y#l1+z1Y;eXm2Y3eKrQ ze`iMjiz&!dm881o4?7ErT<*44u`KWD}|+JQ6JC~>%*5m=qr4rsbnq&=;t6O_gLa|nK1Sp;6vcexeSr}UmKh)wpbq)X&%S~`b)5cnJMnB2< zN+?$Q+&SddwdUP#^8hbD-mN`k2-=2D-2VjG@+_hTR?JmG{X-e`v!E(9jZb8U=DZRs zn0T6QH=D+m{BbeE!{xDZYVkzuh&%pb)6zfDeYL*hvuWnJe?nI`zh|(@{VEl$2j9jlMw%Iw0h^3kpkD@;2tAa6yjb2m4(uwzt#p>#=P zX@OQB8XUyl1%_>(enuNjLcz$Yf&z`P@_|*Xy+1Sp65l?+h|RwtVAu;ZS8zBG4h0AO zL4yr@!vWe#!Nol8W_M?MM_rrC+3IT3IJnl;R@c(*_FOH%%iT>)ovm#x^{)2z&ed%# z9j%D{Y8_2^`LG{*Ua%u&Nu)q)4jIe~?E?Xybc~^|tbB-vXDX_nQ-@ad50CT>_*Ws0 zo;GK_>zK}~-4A{r^F|ooz`!Q=eXP6E+17k)w6N(zZnVjS_1qr1m2wG|bq90;BF`4>ebGxOt1Q zBM>p=qvot@V(Jjw$$#pR&OaGmMR_G;}@X0p*F`?^`O( zPj0lz*aLqg+SAW`{$b3+spQ&eYfol?xzAbKHdbM;TxqXh<*W~r z+vl&U@cJqwUkB|1qAA7JwcvGMOLO~rhG?&DbFN|K7c`fDik&R zn85I*FYFy;(I9qUF{9s)?qGY>aDXN{3-xB^IBjnd@qp*NI6)Q4kkTxxk#gEnjbIOa z{gT1x4@6kMe_)6W`Xl7NwQzwivWlq!K+~Ul*aObV62MBs{u`nJ?5tuTpXQp>Qh zX(2lNcD zVypc@e;Avn*dP@H^sGA+K^2Y~*mP%ymqXag#-c-%D9cg7&>y7$@*}HQD{b#W53uVj zNI5P%pp>FrT@0=;?9-#k&G-&4pAx5jV8XX!GnuR;5i&xf!{^Dlk<3W+g+tLHtDK*? zu5x=i>suOJ6v;vF&?JJD_J%`)tb&v+tFB&3Z3PK4q|kpa?j+ytH@J@?QUOe(0spXn zfR+0Ez24}6fkgGuC@FjY_x+o!(0unK9~(bLXCuG%h#Eqh{$%0RTH89?T?mHmZfcmk z?lELwH0T{hxu+{5L!$Gn9Kwz{T*C(K%!#4d7>cqeFXq-Pqn9O`<$|C#-<{x6#V>W7 z{TP0)s`Hs^8uJ=PIM9s=sYE)0V)r3R2H$hZ0zpcI%$`iuzk1r;hy045{y;BJFuBc< zvPxWq;KFhGPRyy)YA)L733XWR@GBN6qpLfvN}1SF&(>h~r!3v#n#6G39K_h5g7U&9 zc2Dx!Mn&{^e!(Tmz7!DvT{$y#_joz-CK|jx7#a!EJY@@HXIG|s*TCj>TY0_{5lng1kVLY?$5>aC_-oOT4Tyeoh z%^EC2ZSr$Oc|@(hF(oLS=`w+R)yLfduwz&MWLtHFJ8{Cklrd;UC^8&87WNawj!=)3 zIXDGRQuxt~+iW^$Hx3;g5}qbNZM}r^B-x7PJX_N5mhc=2|3JcXCHyl9+a&x;2^UIuA0DgFF^~V%w4|iZm++Gk zK1IUMN_c^UACU6&SeuUB5H4A8{Bbb12t#LMY)F$Va+{&d=b zcJ$SBx(lu2wRHMHwCweC`T)UbkD`4LZ3Pmb=ndSiqdoK%_|UfE_I)?n2k`*l5ZVbm z87M|#jN*yeINAw365UNO-h4P<{}9?OGEr3ga&BzXayAs@oH=L4%<-HVMTDom9o?Hw zpNCc*C+63*5-1iucXub-;~tZipFy5Y{j=t zYp}6f^PINQSpH?UirjF4t<-5_PFpcJ>TEMzvs-{^v|t*^U>Sa|;I{>1!2fL(?A@9R zso1p3Y;4;099yy5R^+s)`9X1*1OICp(yH*Ix5YGuK0-|DX|}OkM}e&v80cx7 z-C!$j%%~)NUxM5Q$X!Wt=tXXuZ6@h3fS&-K{~IEgt>_!ME?e=~v^pEREw8~=dTV}z zts*u(_X^Qd#6a}4VRr5vK*4MVwR(1I7N$W?V6y)T^#{4NPS`KXU2B_3xX?jk9t)h{SV5Sp|vvYfZ1t-QegLTcO0A%ylsrp3Y@;L08m?Qk( z+VOn4+%}$*i=3hXLAb8NStC!x2XIzTo%2BMBgh@X(?1PpNZMAJYKZr;<1)b)|0O&QCyMCN& zu=`Dl(>EwiV|jJ9(%bTNTg9!@bz4nr#u}R=Y^!nds30#gQQ`ky`B%`>1wH7-$>U@M zPDbEl1WrcaWCTt|;A8|&M&M)wPDbEl1WrcaWCZ@djzGmi2lu~7wyHC9YfXo0=Lj(K zJsb6WQhh&1J^xeRS5wdX)N>#8Jg~UAi)*6$csdmQub-zw1mBhGpeFOpw~1K-R?lC@ zrwLd+Pu(ML&eih@^-M`U&m>)R;8tE7tzEoT_w@9A2Ri6E4jt;bu6o`%G1qYnUYD@) zdjqH9yFs#5_OYRq_orC$rzNc7iARZ?K0Zh2m*W4=8}%K#Y(tL}2|u2Z?Mt$KTee4J zJAIzuJ5{#l$aaNn8)dszw!N|)mhG*w{jO~9m+d36eMYt~$@Xp89+B~@&ynp4 z**3~{t!#T`J1pDmerLmKd=#GG%kvb3@A=`?#u~Q=@BPJ|r&0h*3kvE(LmTn3zu#b` zJxkfLippx{=?`HS32O<5ZtMxMiwzDsLL9XBhA$~7X!VB&1K6#Dx4(QxLfGHEkzp@H z5L;`?7=6KpwmJ2444z zO%2!!6zU1!CAE+FLOoI1j>W&|gLgUDkHt#qMa|-NDY1AdH-h)L0|fzkA&u=vN*TSt z#I^&xuE9rm0{l}wWq2jrGZ4iGX|S(Ak_Q5V0cnB6c|;-w@Eos-%DA6p*vjAw^ln7! z=iM5Lb`Jz1{bkq@L8|E;G~PuKk_WhqUV2@?-zyCa6riWrH$hRcddGPvK8OwM%MkGm z3nPg7F}#R$L2nehAtL?a<(CiJXF}ZKb@JHwTMZ58$I%ovE18gW1 z=Jv9?X)h@7=q}dY(&)hsG#7KX(@vYU?gm!_TkLEHyts^A>GtR?9UcabHfOWvYSz-o zoXuCW%iYZlW!Q(&+J;?qtfj5My{5Iv?E(&4qMAAy+|8?59psu@klSt~HI#Z<7#WnR z+%Cv9vNf)@dL5dbb?zo?*()n(bbFdfXJbnnbFx-vo5x+>(d2AntsQNxE$uFtZ-Cln z>@jSE71tV9v&Rmrz%kca0IXeiHZ_r{0%r%jZzKO$eM{@rZP@nbVR}nbgA2$y7d&&; zHMxW-bgI6|>0VRD8k}pKtI4}I)&ebU1;i%2V^``fLXkZu{;#JkO4JS7N``%Zo-*{Z z&65$m(%tSVW6m~rI|Zb%tz}JF0fiG1&<-V#Yjz1O6lxxz%!q)60@i^}D_>ZH%h?27 z7@p>1hR>dKBZ^V`wma>Lsvp}t_$-W|o(jPig_vlE0}d;OZ-w=o#mI4D{p zEGTlr)G)?1p zDx~*D)+1ZK3Pk*K-;lC@SFVGz-z58OwkEo!Lm zN?xsN8i6BLC9l?J6LJBh)?;AdM|S+0fu*&Ol2_}Wak;?UB<0lmcg3e#ddEgq(NQm}Se;rw1q| zGR&Fv^oAlJaj12&fP}B=oZ5}}S>?CNb=g)ae;_O15}o<38O7HsKRVw54Bk`D=S{|6 z0Zsa^;4z$7<<<8v$EAF(x)G29%D$5SPL{m7f4Kd8!J*dCia$I5zbEC@_^Iz)Zk6)K ze2fjeOevD>y=ck*jQlDGr>O5Q-^ZcJKiT#l0Ldz^U*zD-`b9$K@0lA70ju#B5WY)< z6WYt6*wp=!`W|yOe>VIyWD70w>VB%2CKirt{%rU;@R0w?K7HPX4)zbqzXV>&T_vyX zC)D?{_mFZND!-L|l?Piuv)WhR(L370#isOM>3J Date: Thu, 25 Feb 2021 19:39:44 +0000 Subject: [PATCH 17/36] Delete report.txt --- report.txt | 105 ----------------------------------------------------- 1 file changed, 105 deletions(-) delete mode 100644 report.txt diff --git a/report.txt b/report.txt deleted file mode 100644 index 1f90d77..0000000 --- a/report.txt +++ /dev/null @@ -1,105 +0,0 @@ -Image Digest: sha256:8f97095cbbf8f9d24e9fd7062233d7aad6e0dd2744e65c95aa449dd9095bf3b8 -Full Tag: localhost:5000/jlab-base-ai:latest -Image ID: fa711f819d95c5e55b92ef291fd0778f1b9814aaaeb887d7f0381c73d6130a63 -Status: fail -Last Eval: 2021-02-13T04:25:06Z -Policy ID: 2c53a13c-1765-11e8-82ef-23527761d060 -Final Action: stop -Final Action Reason: policy_evaluation - -Gate Trigger Detail - Status -dockerfile instruction Dockerfile directive 'HEALTHCHECK' not found, matching condition 'not_exists' check warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - binutils (CVE-2021-20197 - https://access.redhat.com/security/cve/CVE-2021-20197) warn -vulnerabilities package MEDIUM Vulnerability found in non-os package type (python) - bleach (fixed in: 3.3.0)(GHSA-vv2x-vrpj-qqpq - https://github.com/advisories/GHSA-vv2x-vrpj-qqpq) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - brotli (CVE-2020-8927 - https://access.redhat.com/security/cve/CVE-2020-8927) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - curl (CVE-2020-8285 - https://access.redhat.com/security/cve/CVE-2020-8285) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - curl (CVE-2020-8284 - https://access.redhat.com/security/cve/CVE-2020-8284) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - curl (CVE-2020-8286 - https://access.redhat.com/security/cve/CVE-2020-8286) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc-common (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc-devel (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc-headers (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - glibc-minimal-langpack (CVE-2021-3326 - https://access.redhat.com/security/cve/CVE-2021-3326) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-8832 - https://access.redhat.com/security/cve/CVE-2020-8832) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-12464 - https://access.redhat.com/security/cve/CVE-2020-12464) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-10741 - https://access.redhat.com/security/cve/CVE-2020-10741) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-13844 - https://access.redhat.com/security/cve/CVE-2020-13844) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-12114 - https://access.redhat.com/security/cve/CVE-2020-12114) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-14416 - https://access.redhat.com/security/cve/CVE-2020-14416) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-14356 - https://access.redhat.com/security/cve/CVE-2020-14356) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-28915 - https://access.redhat.com/security/cve/CVE-2020-28915) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-15802 - https://access.redhat.com/security/cve/CVE-2020-15802) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25645 - https://access.redhat.com/security/cve/CVE-2020-25645) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25284 - https://access.redhat.com/security/cve/CVE-2020-25284) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25285 - https://access.redhat.com/security/cve/CVE-2020-25285) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25212 - https://access.redhat.com/security/cve/CVE-2020-25212) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-27152 - https://access.redhat.com/security/cve/CVE-2020-27152) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-8694 - https://access.redhat.com/security/cve/CVE-2020-8694) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-26541 - https://access.redhat.com/security/cve/CVE-2020-26541) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-3178 - https://access.redhat.com/security/cve/CVE-2021-3178) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25705 - https://access.redhat.com/security/cve/CVE-2020-25705) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-14351 - https://access.redhat.com/security/cve/CVE-2020-14351) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-15437 - https://access.redhat.com/security/cve/CVE-2020-15437) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25704 - https://access.redhat.com/security/cve/CVE-2020-25704) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-16120 - https://access.redhat.com/security/cve/CVE-2020-16120) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-4788 - https://access.redhat.com/security/cve/CVE-2020-4788) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-29660 - https://access.redhat.com/security/cve/CVE-2020-29660) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-27786 - https://access.redhat.com/security/cve/CVE-2020-27786) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-25643 - https://access.redhat.com/security/cve/CVE-2020-25643) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-24394 - https://access.redhat.com/security/cve/CVE-2020-24394) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-14314 - https://access.redhat.com/security/cve/CVE-2020-14314) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-27777 - https://access.redhat.com/security/cve/CVE-2020-27777) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2019-20794 - https://access.redhat.com/security/cve/CVE-2019-20794) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-35508 - https://access.redhat.com/security/cve/CVE-2020-35508) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-27835 - https://access.redhat.com/security/cve/CVE-2020-27835) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-36158 - https://access.redhat.com/security/cve/CVE-2020-36158) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-0342 - https://access.redhat.com/security/cve/CVE-2021-0342) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-28974 - https://access.redhat.com/security/cve/CVE-2020-28974) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-0431 - https://access.redhat.com/security/cve/CVE-2020-0431) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-0404 - https://access.redhat.com/security/cve/CVE-2020-0404) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-0427 - https://access.redhat.com/security/cve/CVE-2020-0427) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-20194 - https://access.redhat.com/security/cve/CVE-2021-20194) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-3348 - https://access.redhat.com/security/cve/CVE-2021-3348) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - krb5-libs (CVE-2020-28196 - https://access.redhat.com/security/cve/CVE-2020-28196) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - libcurl (CVE-2020-8285 - https://access.redhat.com/security/cve/CVE-2020-8285) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - libcurl (CVE-2020-8284 - https://access.redhat.com/security/cve/CVE-2020-8284) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - libcurl (CVE-2020-8286 - https://access.redhat.com/security/cve/CVE-2020-8286) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - libxml2 (CVE-2020-24977 - https://access.redhat.com/security/cve/CVE-2020-24977) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit (CVE-2020-29363 - https://access.redhat.com/security/cve/CVE-2020-29363) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit (CVE-2020-29361 - https://access.redhat.com/security/cve/CVE-2020-29361) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit (CVE-2020-29362 - https://access.redhat.com/security/cve/CVE-2020-29362) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit-trust (CVE-2020-29363 - https://access.redhat.com/security/cve/CVE-2020-29363) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit-trust (CVE-2020-29361 - https://access.redhat.com/security/cve/CVE-2020-29361) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - p11-kit-trust (CVE-2020-29362 - https://access.redhat.com/security/cve/CVE-2020-29362) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-interpreter (CVE-2020-12723 - https://access.redhat.com/security/cve/CVE-2020-12723) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-interpreter (CVE-2020-10878 - https://access.redhat.com/security/cve/CVE-2020-10878) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-interpreter (CVE-2020-10543 - https://access.redhat.com/security/cve/CVE-2020-10543) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-libs (CVE-2020-12723 - https://access.redhat.com/security/cve/CVE-2020-12723) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-libs (CVE-2020-10878 - https://access.redhat.com/security/cve/CVE-2020-10878) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-libs (CVE-2020-10543 - https://access.redhat.com/security/cve/CVE-2020-10543) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-macros (CVE-2020-12723 - https://access.redhat.com/security/cve/CVE-2020-12723) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-macros (CVE-2020-10878 - https://access.redhat.com/security/cve/CVE-2020-10878) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - perl-macros (CVE-2020-10543 - https://access.redhat.com/security/cve/CVE-2020-10543) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - platform-python (CVE-2020-26116 - https://access.redhat.com/security/cve/CVE-2020-26116) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - platform-python (CVE-2020-27619 - https://access.redhat.com/security/cve/CVE-2020-27619) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - platform-python-devel (CVE-2020-26116 - https://access.redhat.com/security/cve/CVE-2020-26116) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - platform-python-devel (CVE-2020-27619 - https://access.redhat.com/security/cve/CVE-2020-27619) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - python3-libs (CVE-2020-26116 - https://access.redhat.com/security/cve/CVE-2020-26116) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - python3-libs (CVE-2020-27619 - https://access.redhat.com/security/cve/CVE-2020-27619) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - python3-libxml2 (CVE-2020-24977 - https://access.redhat.com/security/cve/CVE-2020-24977) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - sqlite-libs (CVE-2020-13434 - https://access.redhat.com/security/cve/CVE-2020-13434) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - sqlite-libs (CVE-2020-15358 - https://access.redhat.com/security/cve/CVE-2020-15358) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - systemd (CVE-2020-13776 - https://access.redhat.com/security/cve/CVE-2020-13776) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - systemd-libs (CVE-2020-13776 - https://access.redhat.com/security/cve/CVE-2020-13776) warn -vulnerabilities package MEDIUM Vulnerability found in os package type (rpm) - systemd-pam (CVE-2020-13776 - https://access.redhat.com/security/cve/CVE-2020-13776) warn -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc-common (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc-devel (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc-headers (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - glibc-minimal-langpack (CVE-2019-25013 - https://access.redhat.com/security/cve/CVE-2019-25013) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-29661 - https://access.redhat.com/security/cve/CVE-2020-29661) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-28374 - https://access.redhat.com/security/cve/CVE-2020-28374) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2020-0466 - https://access.redhat.com/security/cve/CVE-2020-0466) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-3347 - https://access.redhat.com/security/cve/CVE-2021-3347) stop -vulnerabilities package HIGH Vulnerability found in os package type (rpm) - kernel-headers (CVE-2021-26708 - https://access.redhat.com/security/cve/CVE-2021-26708) stop \ No newline at end of file -- GitLab From 580dc190b31e4a2985754596800c376e706fca24 Mon Sep 17 00:00:00 2001 From: Diego Medina Date: Thu, 25 Feb 2021 19:39:53 +0000 Subject: [PATCH 18/36] Delete repo.txt --- repo.txt | 69 -------------------------------------------------------- 1 file changed, 69 deletions(-) delete mode 100644 repo.txt diff --git a/repo.txt b/repo.txt deleted file mode 100644 index 041d2ef..0000000 --- a/repo.txt +++ /dev/null @@ -1,69 +0,0 @@ -Babel-2.9.0-py2.py3-none-any.whl -Jinja2-2.11.3-py2.py3-none-any.whl -MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl -Pygments-2.8.0-py3-none-any.whl -Send2Trash-1.5.0-py3-none-any.whl -anyio-2.1.0-py3-none-any.whl -argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl -async_generator-1.10-py3-none-any.whl -attrs-20.3.0-py2.py3-none-any.whl -backcall-0.2.0-py2.py3-none-any.whl -bleach-3.3.0-py2.py3-none-any.whl -certifi-2020.12.5-py2.py3-none-any.whl -cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl -chardet-4.0.0-py2.py3-none-any.whl -contextvars-2.4.tar.gz -dataclasses-0.8-py3-none-any.whl -decorator-4.4.2-py2.py3-none-any.whl -defusedxml-0.6.0-py2.py3-none-any.whl -entrypoints-0.3-py2.py3-none-any.whl -idna-2.10-py2.py3-none-any.whl -immutables-0.15-cp36-cp36m-manylinux1_x86_64.whl -importlib_metadata-3.5.0-py3-none-any.whl -ipykernel-5.5.0-py3-none-any.whl -ipython-7.16.1-py3-none-any.whl -ipython_genutils-0.2.0-py2.py3-none-any.whl -jedi-0.18.0-py2.py3-none-any.whl -json5-0.9.5-py2.py3-none-any.whl -jsonschema-3.2.0-py2.py3-none-any.whl -jupyter_client-6.1.11-py3-none-any.whl -jupyter_core-4.7.1-py3-none-any.whl -jupyter_packaging-0.7.12-py2.py3-none-any.whl -jupyter_server-1.4.1-py3-none-any.whl -jupyterlab-3.0.9-py3-none-any.whl -jupyterlab_pygments-0.1.2-py2.py3-none-any.whl -jupyterlab_server-2.3.0-py3-none-any.whl -mistune-0.8.4-py2.py3-none-any.whl -nbclassic-0.2.6-py3-none-any.whl -nbclient-0.5.2-py3-none-any.whl -nbconvert-6.0.7-py3-none-any.whl -nbformat-5.1.2-py3-none-any.whl -nest_asyncio-1.5.1-py3-none-any.whl -notebook-6.2.0-py3-none-any.whl -packaging-20.9-py2.py3-none-any.whl -pandocfilters-1.4.3.tar.gz -parso-0.8.1-py2.py3-none-any.whl -pexpect-4.8.0-py2.py3-none-any.whl -pickleshare-0.7.5-py2.py3-none-any.whl -prometheus_client-0.9.0-py2.py3-none-any.whl -prompt_toolkit-3.0.16-py3-none-any.whl -ptyprocess-0.7.0-py2.py3-none-any.whl -pycparser-2.20-py2.py3-none-any.whl -pyparsing-2.4.7-py2.py3-none-any.whl -pyrsistent-0.17.3.tar.gz -python_dateutil-2.8.1-py2.py3-none-any.whl -pytz-2021.1-py2.py3-none-any.whl -pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl -requests-2.25.1-py2.py3-none-any.whl -setuptools-53.0.0-py3-none-any.whl -six-1.15.0-py2.py3-none-any.whl -sniffio-1.2.0-py3-none-any.whl -terminado-0.9.2-py3-none-any.whl -testpath-0.4.4-py2.py3-none-any.whl -tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl -traitlets-4.3.3-py2.py3-none-any.whl -typing_extensions-3.7.4.3-py3-none-any.whl -urllib3-1.26.3-py2.py3-none-any.whl -wcwidth-0.2.5-py2.py3-none-any.whl -webencodings-0.5.1-py2.py3-none-any.whl -zipp-3.4.0-py3-none-any.whl -- GitLab From 86152f3bbaa8296db0dcdf31437b9401231508ca Mon Sep 17 00:00:00 2001 From: Diego Medina Date: Thu, 25 Feb 2021 19:40:03 +0000 Subject: [PATCH 19/36] Delete Jenkinsfile --- Jenkinsfile | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index e539b1c..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,3 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: "2.2.9") - -- GitLab From c8378aeaf5c3c4f517e765a108dcb6af77ff268d Mon Sep 17 00:00:00 2001 From: Diego Medina Date: Thu, 25 Feb 2021 19:40:20 +0000 Subject: [PATCH 20/36] Delete repo.bad.txt --- repo.bad.txt | 69 ---------------------------------------------------- 1 file changed, 69 deletions(-) delete mode 100644 repo.bad.txt diff --git a/repo.bad.txt b/repo.bad.txt deleted file mode 100644 index 8ee25bb..0000000 --- a/repo.bad.txt +++ /dev/null @@ -1,69 +0,0 @@ -Babel-2.9.0-py2.py3-none-any.whl -Jinja2-2.11.3-py2.py3-none-any.whl -MarkupSafe-1.1.1-cp36-cp36m-manylinux2010_x86_64.whl -Pygments-2.8.0-py3-none-any.whl -Send2Trash-1.5.0-py3-none-any.whl -anyio-2.1.0-py3-none-any.whl -argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl -async_generator-1.10-py3-none-any.whl -attrs-20.3.0-py2.py3-none-any.whl -backcall-0.2.0-py2.py3-none-any.whl -bleach-3.3.0-py2.py3-none-any.whl -certifi-2020.12.5-py2.py3-none-any.whl -cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl -chardet-4.0.0-py2.py3-none-any.whl -contextvars-2.4.tar.gz -dataclasses-0.8-py3-none-any.whl -decorator-4.4.2-py2.py3-none-any.whl -defusedxml-0.6.0-py2.py3-none-any.whl -entrypoints-0.3-py2.py3-none-any.whl -idna-2.10-py2.py3-none-any.whl -immutables-0.15-cp36-cp36m-manylinux1_x86_64.whl -importlib_metadata-3.5.0-py3-none-any.whl -ipykernel-5.5.0-py3-none-any.whl -ipython-7.16.1-py3-none-any.whl -ipython_genutils-0.2.0-py2.py3-none-any.whl -jedi-0.18.0-py2.py3-none-any.whl -json5-0.9.5-py2.py3-none-any.whl -jsonschema-3.2.0-py2.py3-none-any.whl -jupyter_client-6.1.11-py3-none-any.whl -jupyter_core-4.7.1-py3-none-any.whl -jupyter_packaging-0.7.12-py2.py3-none-any.whl -jupyter_server-1.4.1-py3-none-any.whl -jupyterlab-3.0.9-py3-none-any.whl -jupyterlab_pygments-0.1.2-py2.py3-none-any.whl -jupyterlab_server-2.3.0-py3-none-any.whl -mistune-0.8.4-py2.py3-none-any.whl -nbclassic-0.2.6-py3-none-any.whl -nbclient-0.5.2-py3-none-any.whl -nbconvert-6.0.7-py3-none-any.whl -nbformat-5.1.2-py3-none-any.whl -nest_asyncio-1.5.1-py3-none-any.whl -notebook-6.2.0-py3-none-any.whl -packaging-20.9-py2.py3-none-any.whl -pandocfilters-1.4.3.tar.gz -parso-0.8.1-py2.py3-none-any.whl -pexpect-4.8.0-py2.py3-none-any.whl -pickleshare-0.7.5-py2.py3-none-any.whl -prometheus_client-0.9.0-py2.py3-none-any.whl -prompt_toolkit-3.0.16-py3-none-any.whl -ptyprocess-0.7.0-py2.py3-none-any.whl -pycparser-2.20-py2.py3-none-any.whl -pyparsing-2.4.7-py2.py3-none-any.whl -pyrsistent-0.17.3.tar.gz -python_dateutil-2.8.1-py2.py3-none-any.whl -pytz-2021.1-py2.py3-none-any.whl -pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl -requests-2.25.1-py2.py3-none-any.whl -setuptools-53.0.0-py3-none-any.whl -six-1.15.0-py2.py3-none-any.whl -sniffio-1.2.0-py3-none-any.whl -terminado-0.9.2-py3-none-any.whl -testpath-0.4.4-py2.py3-none-any.whl -tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl -traitlets-4.3.3-py2.py3-none-any.whl -typing_extensions-3.7.4.3-py3-none-any.whl -urllib3-1.26.3-py2.py3-none-any.whl -wcwidth-0.2.5-py2.py3-none-any.whl -webencodings-0.5.1-py2.py3-none-any.whl -zipp-3.4.0-py3-none-any.whl -- GitLab From 24488c757434c6951f3c4d8225270f135511a72a Mon Sep 17 00:00:00 2001 From: Komnick Date: Mon, 29 Mar 2021 13:13:00 -0400 Subject: [PATCH 21/36] edited start-notebook.sh, removed --NotebookApp.token='' --NotebookApp.password='' --- .gitignore | 1 + Dockerfile | 10 +++++----- scripts/start-notebook.sh | 2 +- tini | Bin 0 -> 24064 bytes 4 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 tini diff --git a/.gitignore b/.gitignore index 24277ec..1c93483 100644 --- a/.gitignore +++ b/.gitignore @@ -4,5 +4,6 @@ *.ps1 packages.txt repo/** +test_commands.txt anchore-reports/** report.txt diff --git a/Dockerfile b/Dockerfile index 287479f..9b67432 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ -ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=ironbank/redhat/python/python36 -ARG BASE_TAG=3.6 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +#ARG BASE_REGISTRY=registry1.dso.mil +#ARG BASE_IMAGE=ironbank/redhat/python/python36 +#ARG BASE_TAG=3.6 +#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -#FROM python36-ai:latest +FROM python36-ai:latest ARG NB_USER="jovyan" # NB_UID == 1001 b/c the default user in the ironbank python36 image is uid 1001 diff --git a/scripts/start-notebook.sh b/scripts/start-notebook.sh index 62f2134..ffadb75 100755 --- a/scripts/start-notebook.sh +++ b/scripts/start-notebook.sh @@ -11,7 +11,7 @@ fi if [[ ! -z "${JUPYTERHUB_API_TOKEN}" ]]; then # launched by JupyterHub, use single-user entrypoint - exec /usr/local/bin/start-singleuser.sh --NotebookApp.token='' --NotebookApp.password='' "$@" + exec /usr/local/bin/start-singleuser.sh "$@" elif [[ ! -z "${JUPYTER_ENABLE_LAB}" ]]; then . /usr/local/bin/start.sh $wrapper jupyter lab --NotebookApp.token='' --NotebookApp.password='' "$@" else diff --git a/tini b/tini new file mode 100644 index 0000000000000000000000000000000000000000..86cb766c6b8af2564ac9201df913fe079acae3d1 GIT binary patch literal 24064 zcmeHvdw3hwweQ%m^KcT`2?-cT%O=MG2W(*{c5ng)$+nykIJU9n@JNF#Te2;%B_oaO zgmR0i5*k&wbz3Nu)58fZrLS`jv=kZyB@O|SL)&u$Txdd|gh%O!@JI;_DHL>nYd_?P z5`U-nJKz1|eqRRUJ?p*p+H0@bGqW={yP6tvb8<9wPL0hCv2PPjs2d7Xg&QyC;s#fhx$u|vc9)2~s0#TFe;3ukGB+#%R4&@=WWN-3t z$WzfaTq;1-Y8vARk|SS>nmLHJi=U|W%QGZiIVk1GJ(4Sxa-~vEwR=c04%I4g>Kpw$ zvVWdj2OxqS)MyR-?_^87bhQ4-@X`6!RUAa?;3ulRPoOo`D!D5lM}GdJN0DS~llG>H z%OTl6)k;viU?9-FqUwSHU->{F7~N35p=L$-iYj{~WM9VnP5Oy1P5JDpX|oH4&4ml5w0{7UgV55IE!D)FPE8owI+D5SOcU4mcsL22{-Z3|O-KfCS9 za|<{B(>pJGVAEfy9=rbLyKh?d)W`E59s7&zmyccb;))-Z$M)TD)uP=u#CQMOnN=YxvPIqwlWr@F# z>nYT3KVRTE5r1ZZf1Y-_=D4DZqb{d{gk!$6J3imR;b*0ug@ER1XJ|j^=;C*IXGVZ*&y{CI!oYb9@25A#CI)r5U3>~PscfEi=aOt^$V<~T`u{@rJi+?@Coqq zAhA{UOZjuQ)Wg9|4a$?n%rrQHV?IXK@7kf-C<_)(lEWE|)kK}WgdAD8`= z?AnO5+j_Qx^A$+D3A8l6RnmVIpLvp>Nj-iprD@Mg{c3$g*BUw=#E<-WFw39+1V1}L ze7-LEw`TF1Qh%%L@0Fw+$9m;Yv4g|E03Sba9qysa?g}kpgd>5zpm#tE4HG$VP>(hg?lFK1^!W#ejE%(G z+3635gP~4Py+$AuBw?5UzIP}b2pYYeJ^fH__(D-b>m7<3J(|%2!J)qJkj7hBf{Z^n zOs;vueZ&l%WX0#_{`fcedxnR!-jQ&?@DtwK!%dBN1Kd$yjKHAZM=&|uGYHj27)nB6 zI6_hAj6k)~Ip_@pwQg_3AM_6Tc|XaG-mu@V_tB1h%RD~{K$mP&hAJ=Dh~T2M#$nAdEa?sXs|or zhnF;-h-QyJ7{M?Mc}Id;=Vim4Z88+~1Kvmke4@)3cYn|IQYaen_8~kJIu)E_0vCvc z2E2wJGJye~wz|n(SKqnJzT94wIbUY4MoQ<(|0d5AhUW6*xjLJ~QK=$qj^)2&AuEN> ztyDS}FwHA*PPI)O#_54sv|`-`CkPikgWz24DRK(O(UvaW(i*&wpNT(ee$zdRyfxtj zb$uW_ty$Hf>IdOzt*Q=H=LmnHLZU5h?cxyKzNnHw2xh@c7dc<41usiG$5&YJss<9F z#)7xrUpOpydF#aW=oY-H$wX+i;1RgYag_yMkip{q(}JfplREk>_&ExRcF2OCYr$`@ z;B6NCs0FXan8;f!c)ABs$G8PQUm?-nWx=0f!Ed$T>0U=2Ke6Cxt)PwvE%;Lv674n% z{xl1I!h%=VRwD1V;Lot|@3G*|wBYwz@akTh$OkO=FIf0Z3;v51{2>dTS@1_K__Hl| zJ@)QQJ&_;1lxh0r2_xS;jO^88PtDwEVZv#;x*II%B|iKu#M&mkgy4Q+N*ze!SaJ=) zl=`VX9Bw0+Qa&}o;mZi7R8Kv~;W~mT#Zy~3yoz9&R;h6gFC&;zJvGYV^9ZICPYrQ+ zF~OADsV)wmK`^Css+Gg@38qv|IXGNEFr{#+g2TB4Q|hJ|hd;RlFr{p&h{GQeOsSgE zIQ$O5R8mrhJ_lmS8w69zrVeoUWr8VHQ+qi4Ji(NrsR<50OYkWKKgi)H38s`xZRK#1 zU`oZ*IEQ~pFr{E>l*2zGm{Kn_#Ni(hOevS@;_%%BV*!Z%bNJf?Q|hH09R51Nlya#G z4u6$kO0^W@aJZIfz2kuSq2KcE77U&~)>N`UAM=zH?`kOFaY4I)M%nxXu|~$sNdTeW z@)U9Jteh}+BBVgi*hWkT-`2-|RpOwO8oRyZ0NO{-0a}lLtjCR#Qhm%QVTXUN$NwPF zo{|cHW1C7Qh->Vo5{DjdC}HL$i2LS==+6_?kJmA6^AY3P?c9f6cn)K&=5Ibrr}aeb zFsShz$@|WCXipFW{5cF3Ju&x7pd?Fx;`r@bsvVlSo0F=YAZ@2aG4F(yR6Pb4a_e|M z3O82)H2)oWp(l)zVhY6^a*UbRA$K=V6mF*M&=WV66q_?44kk`_n3o|Jh)xcG46IR7 zWE#i-!oCV@>?VZN_oA)J8IM8e;Ph>8w~O?F>n2LBBT$1c@rVE^*gC5^x75t z1kpS6Ti)jic6>e!3iS9PeTR9ep7V_U+~>x^jJDZITj5#IBkYgX{=&gi^4<$z9gL5n)y&I*MaJd9rL2s*1yMBT zfSjl?H{(3%xWIvw-vREIP;*pbUIUVzsNM;b7_QSH!e`C8oxS7c!B4pU`#{dpe>Um= zH;|!!3F$8q`VZcNIG7I!xq;*5QqXT2Lhe1BC;Nq5st1v3uRKzjHtz=-VcGIN_0SEV zG97=$Y~|SaP9tPillJ(|gcdt`df}!SIT}u;8{KBDuzCbFCCl3ggcBE;H=#+sO1Z`Z z@p~}JKs*K|n%M+8qVX{BA{w)yF}^nw@5=qL+8L{umOK28x#w>@Gy!4kS<7Uf&b7>K z0VP=hwPJQmpr7V`?qPLR#=y^@<>0@ld^Nu;loCCw2fu)%c`?X{_ro|({#tY+MWsQ> zlYf0H;a}mcjX;}aLfzAt*-&Tov70+G_vfG_X~ijg948+y6h4lFB!Vy<7_0qr4W>tY=WvVp??-urRtxJ3%N#1$=3BzA za!}lfIVIeP=Jp19J&tK9S6|^zw7w|LQ)FL?C|yjq$yy3#lgXdT1tu zjfUfG?0~S@1Tx0^X%WaTf(wb8{LqqXcMBWSGB&P;2#*6_0B|dl^{1m6de?v{*(!MWFbVQMN%BP?14CYI0TbtdbRH+~OVUC? zWL72Ao3C>2eU>ZW9tfGwNc6cG?xTc$K%y_rpjjo*cS*D}gYF{qEfP(S^@Yiw5c)ca zUYS9ggl?DU$_%=68PFF?^ok6+i_l9X`U@Gfo4RA;=s$|Fef_T#iG9i93{M~NymN#H z=+RLC$-AITh3IubaPqNw^qWN9Yau@=$ejDpdx$!7IiDLpB?59?j|;==)~9-5TI5q= zVX&HVEnEA;qYeaC@3J+bXT z4JF3=W(~As{=A~^cr!2Y9TV92!pBi##8kwU2=mM``Eb>k%s1F5PST==mK`&7tlIcp zpt*p8g+36v3{pxQQN#C1+sGf}a}h)9b*; z%u8cOYerbQgLh(e6+;lw^3_g8Gw#{+yVV_v=q!%Srtf ze$omG?%fN7d9n2SA++XeA9BC%0wK%qg~IP3D9IG1R-!hHbCv2xc!#Syff94&VQ3<+ zY4Am@x|17*;8$ioO8N4{Z=mMz{e_!Xf&g{XAglWMD3z?_E-)wqcff$q(<1c5Upv2c z?+SQ8=@#3SqxYoEE^>eKggZXnSf%$Yd=%uRFCZ^pL|$#)U-*q9eBnChB|Sa|S@vYk z$`@`vr1$LCcjfJc5?p&yAA-Z&_ZRNaw;`Stg+h2?-VHJ;_9N`#PaJPnX{d0g8BDD8Egs1QXMhhme_@S z>Qx@mC+V6t{<7izdu7s@l z)cZWEYq_48_ZlE2^1v{YGUz2jW#>~P1AI6e6LSv&6T_fQB< zg>kwK`XX+MP!(v-B4~MeX!Wr#mE_T7gC3bsBv%TsWqvWEC9h_li=Mg@YxxzKjGFgL;ctKpLJ?i6$qRE#5H{@~U>pEO z(!K1ssq+jJqSjvkie)+RYs%(-=A`NcAc>K@jtAnFT#^+ zh>}VMEs6UFPN{ZeOnjG=oTyLZ<~pH&!SVXP1ufp7ju)KSb}~Jl%#IOq!#(po@7^aX;?zXo*LETZ=0_il&gva;-9E0iG4oL zxIR|<*7ODIZ3GKukKS6H+bt2enXbDKa(QW+G*sui})ZJbnHnKAV>Xu;L@EYi46X#B{|`(Uk8-x3;M z1|?aP(YOcWXZ8w>+d&e}S4-zBCn#DpPo@dI-#=dON(kf5(Y#l1+z1Y;eXm2Y3eKrQ ze`iMjiz&!dm881o4?7ErT<*44u`KWD}|+JQ6JC~>%*5m=qr4rsbnq&=;t6O_gLa|nK1Sp;6vcexeSr}UmKh)wpbq)X&%S~`b)5cnJMnB2< zN+?$Q+&SddwdUP#^8hbD-mN`k2-=2D-2VjG@+_hTR?JmG{X-e`v!E(9jZb8U=DZRs zn0T6QH=D+m{BbeE!{xDZYVkzuh&%pb)6zfDeYL*hvuWnJe?nI`zh|(@{VEl$2j9jlMw%Iw0h^3kpkD@;2tAa6yjb2m4(uwzt#p>#=P zX@OQB8XUyl1%_>(enuNjLcz$Yf&z`P@_|*Xy+1Sp65l?+h|RwtVAu;ZS8zBG4h0AO zL4yr@!vWe#!Nol8W_M?MM_rrC+3IT3IJnl;R@c(*_FOH%%iT>)ovm#x^{)2z&ed%# z9j%D{Y8_2^`LG{*Ua%u&Nu)q)4jIe~?E?Xybc~^|tbB-vXDX_nQ-@ad50CT>_*Ws0 zo;GK_>zK}~-4A{r^F|ooz`!Q=eXP6E+17k)w6N(zZnVjS_1qr1m2wG|bq90;BF`4>ebGxOt1Q zBM>p=qvot@V(Jjw$$#pR&OaGmMR_G;}@X0p*F`?^`O( zPj0lz*aLqg+SAW`{$b3+spQ&eYfol?xzAbKHdbM;TxqXh<*W~r z+vl&U@cJqwUkB|1qAA7JwcvGMOLO~rhG?&DbFN|K7c`fDik&R zn85I*FYFy;(I9qUF{9s)?qGY>aDXN{3-xB^IBjnd@qp*NI6)Q4kkTxxk#gEnjbIOa z{gT1x4@6kMe_)6W`Xl7NwQzwivWlq!K+~Ul*aObV62MBs{u`nJ?5tuTpXQp>Qh zX(2lNcD zVypc@e;Avn*dP@H^sGA+K^2Y~*mP%ymqXag#-c-%D9cg7&>y7$@*}HQD{b#W53uVj zNI5P%pp>FrT@0=;?9-#k&G-&4pAx5jV8XX!GnuR;5i&xf!{^Dlk<3W+g+tLHtDK*? zu5x=i>suOJ6v;vF&?JJD_J%`)tb&v+tFB&3Z3PK4q|kpa?j+ytH@J@?QUOe(0spXn zfR+0Ez24}6fkgGuC@FjY_x+o!(0unK9~(bLXCuG%h#Eqh{$%0RTH89?T?mHmZfcmk z?lELwH0T{hxu+{5L!$Gn9Kwz{T*C(K%!#4d7>cqeFXq-Pqn9O`<$|C#-<{x6#V>W7 z{TP0)s`Hs^8uJ=PIM9s=sYE)0V)r3R2H$hZ0zpcI%$`iuzk1r;hy045{y;BJFuBc< zvPxWq;KFhGPRyy)YA)L733XWR@GBN6qpLfvN}1SF&(>h~r!3v#n#6G39K_h5g7U&9 zc2Dx!Mn&{^e!(Tmz7!DvT{$y#_joz-CK|jx7#a!EJY@@HXIG|s*TCj>TY0_{5lng1kVLY?$5>aC_-oOT4Tyeoh z%^EC2ZSr$Oc|@(hF(oLS=`w+R)yLfduwz&MWLtHFJ8{Cklrd;UC^8&87WNawj!=)3 zIXDGRQuxt~+iW^$Hx3;g5}qbNZM}r^B-x7PJX_N5mhc=2|3JcXCHyl9+a&x;2^UIuA0DgFF^~V%w4|iZm++Gk zK1IUMN_c^UACU6&SeuUB5H4A8{Bbb12t#LMY)F$Va+{&d=b zcJ$SBx(lu2wRHMHwCweC`T)UbkD`4LZ3Pmb=ndSiqdoK%_|UfE_I)?n2k`*l5ZVbm z87M|#jN*yeINAw365UNO-h4P<{}9?OGEr3ga&BzXayAs@oH=L4%<-HVMTDom9o?Hw zpNCc*C+63*5-1iucXub-;~tZipFy5Y{j=t zYp}6f^PINQSpH?UirjF4t<-5_PFpcJ>TEMzvs-{^v|t*^U>Sa|;I{>1!2fL(?A@9R zso1p3Y;4;099yy5R^+s)`9X1*1OICp(yH*Ix5YGuK0-|DX|}OkM}e&v80cx7 z-C!$j%%~)NUxM5Q$X!Wt=tXXuZ6@h3fS&-K{~IEgt>_!ME?e=~v^pEREw8~=dTV}z zts*u(_X^Qd#6a}4VRr5vK*4MVwR(1I7N$W?V6y)T^#{4NPS`KXU2B_3xX?jk9t)h{SV5Sp|vvYfZ1t-QegLTcO0A%ylsrp3Y@;L08m?Qk( z+VOn4+%}$*i=3hXLAb8NStC!x2XIzTo%2BMBgh@X(?1PpNZMAJYKZr;<1)b)|0O&QCyMCN& zu=`Dl(>EwiV|jJ9(%bTNTg9!@bz4nr#u}R=Y^!nds30#gQQ`ky`B%`>1wH7-$>U@M zPDbEl1WrcaWCTt|;A8|&M&M)wPDbEl1WrcaWCZ@djzGmi2lu~7wyHC9YfXo0=Lj(K zJsb6WQhh&1J^xeRS5wdX)N>#8Jg~UAi)*6$csdmQub-zw1mBhGpeFOpw~1K-R?lC@ zrwLd+Pu(ML&eih@^-M`U&m>)R;8tE7tzEoT_w@9A2Ri6E4jt;bu6o`%G1qYnUYD@) zdjqH9yFs#5_OYRq_orC$rzNc7iARZ?K0Zh2m*W4=8}%K#Y(tL}2|u2Z?Mt$KTee4J zJAIzuJ5{#l$aaNn8)dszw!N|)mhG*w{jO~9m+d36eMYt~$@Xp89+B~@&ynp4 z**3~{t!#T`J1pDmerLmKd=#GG%kvb3@A=`?#u~Q=@BPJ|r&0h*3kvE(LmTn3zu#b` zJxkfLippx{=?`HS32O<5ZtMxMiwzDsLL9XBhA$~7X!VB&1K6#Dx4(QxLfGHEkzp@H z5L;`?7=6KpwmJ2444z zO%2!!6zU1!CAE+FLOoI1j>W&|gLgUDkHt#qMa|-NDY1AdH-h)L0|fzkA&u=vN*TSt z#I^&xuE9rm0{l}wWq2jrGZ4iGX|S(Ak_Q5V0cnB6c|;-w@Eos-%DA6p*vjAw^ln7! z=iM5Lb`Jz1{bkq@L8|E;G~PuKk_WhqUV2@?-zyCa6riWrH$hRcddGPvK8OwM%MkGm z3nPg7F}#R$L2nehAtL?a<(CiJXF}ZKb@JHwTMZ58$I%ovE18gW1 z=Jv9?X)h@7=q}dY(&)hsG#7KX(@vYU?gm!_TkLEHyts^A>GtR?9UcabHfOWvYSz-o zoXuCW%iYZlW!Q(&+J;?qtfj5My{5Iv?E(&4qMAAy+|8?59psu@klSt~HI#Z<7#WnR z+%Cv9vNf)@dL5dbb?zo?*()n(bbFdfXJbnnbFx-vo5x+>(d2AntsQNxE$uFtZ-Cln z>@jSE71tV9v&Rmrz%kca0IXeiHZ_r{0%r%jZzKO$eM{@rZP@nbVR}nbgA2$y7d&&; zHMxW-bgI6|>0VRD8k}pKtI4}I)&ebU1;i%2V^``fLXkZu{;#JkO4JS7N``%Zo-*{Z z&65$m(%tSVW6m~rI|Zb%tz}JF0fiG1&<-V#Yjz1O6lxxz%!q)60@i^}D_>ZH%h?27 z7@p>1hR>dKBZ^V`wma>Lsvp}t_$-W|o(jPig_vlE0}d;OZ-w=o#mI4D{p zEGTlr)G)?1p zDx~*D)+1ZK3Pk*K-;lC@SFVGz-z58OwkEo!Lm zN?xsN8i6BLC9l?J6LJBh)?;AdM|S+0fu*&Ol2_}Wak;?UB<0lmcg3e#ddEgq(NQm}Se;rw1q| zGR&Fv^oAlJaj12&fP}B=oZ5}}S>?CNb=g)ae;_O15}o<38O7HsKRVw54Bk`D=S{|6 z0Zsa^;4z$7<<<8v$EAF(x)G29%D$5SPL{m7f4Kd8!J*dCia$I5zbEC@_^Iz)Zk6)K ze2fjeOevD>y=ck*jQlDGr>O5Q-^ZcJKiT#l0Ldz^U*zD-`b9$K@0lA70ju#B5WY)< z6WYt6*wp=!`W|yOe>VIyWD70w>VB%2CKirt{%rU;@R0w?K7HPX4)zbqzXV>&T_vyX zC)D?{_mFZND!-L|l?Piuv)WhR(L370#isOM>3J Date: Fri, 16 Apr 2021 10:29:30 -0400 Subject: [PATCH 22/36] added maintainer to hardening_manifest --- hardening_manifest.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index de78649..ba81385 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -400,6 +400,7 @@ maintainers: name: "Diego Medina" username: "Diego_Medina" cht_member: true - - - +- email: "daniel.s.komnick.mil@mail.mil" + name: "Dan Komnick" + username: "Komnick" + cht_member: false -- GitLab From cd828f072108b72585e6540bba368b6507da9c7f Mon Sep 17 00:00:00 2001 From: Komnick Date: Mon, 19 Apr 2021 19:29:14 -0400 Subject: [PATCH 23/36] init branch commit --- Dockerfile | 19 +- hardening_manifest.yaml | 410 +++++++++++++++++++--------------------- 2 files changed, 203 insertions(+), 226 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9b67432..488b581 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,16 +63,13 @@ RUN mkdir /home/$NB_USER/work WORKDIR /tmp # Install jupyterlab -RUN mkdir ./repo +#RUN mkdir ./repo #Pipeline -COPY ./*.whl ./repo -COPY ./*.tar.gz ./repo - -RUN python3.6 -m pip install --no-index --find-links ./repo jupyterlab && \ - rm -rf /tmp/repo && \ - fix-permissions /opt/app-root +COPY *.whl /tmp/repo +COPY *.tar.gz /tmp/repo +RUN python3.8 -m pip install --no-index --find-links /tmp/repo jupyterlab EXPOSE 8888 @@ -92,13 +89,17 @@ USER root RUN chmod +x /usr/local/bin/start-notebook.sh RUN fix-permissions /etc/jupyter && \ - fix-permissions /usr/libexec/openssh/ssh-keysign + fix-permissions /usr/libexec/openssh/ssh-keysign && \ + fix-permissions /opt/app-root # destroy /usr/share/doc/perl* and tornado test.key as they contain 'secrets' flagged by IB RUN rm -rf \ /usr/share/doc/perl-IO-Socket-SSL \ /usr/share/doc/perl-Net-SSLeay/examples \ - /opt/app-root/lib/python3.6/site-packages/tornado/test/test.key + /opt/app-root/lib/python3.8/site-packages/tornado/test/test.key + +# Clean up +RUN rm -rf /tmp/repo # Switch back to jovyan to avoid accidental container runs as root USER $NB_UID diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ba81385..1467f38 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -37,156 +37,121 @@ resources: validation: type: sha256 value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c -- filename: pip-20.2.4.tar.gz - url: https://files.pythonhosted.org/packages/0b/f5/be8e741434a4bf4ce5dbc235aa28ed0666178ea8986ddc10d035023744e6/pip-20.2.4.tar.gz - validation: - type: sha256 - value: 85c99a857ea0fb0aedf23833d9be5c40cf253fe24443f0829c7b472e23c364a1 -- filename: jupyterlab-3.0.9-py3-none-any.whl - url: https://files.pythonhosted.org/packages/6c/10/a4f23f2eb00a2135d95e4fc6ff790a337652201ea76e12b26e8acc61c8a2/jupyterlab-3.0.9-py3-none-any.whl - validation: - type: sha256 - value: 03dc942696eeb6ecebe3482dec1973a8287f1a3973aca04fb64f13497029280b -- filename: nbclassic-0.2.6-py3-none-any.whl - url: https://files.pythonhosted.org/packages/e6/f0/113b9a6975e53285c56091a250be4828dd20d80172620a4ff74ed26c9fe7/nbclassic-0.2.6-py3-none-any.whl +- filename: Babel-2.9.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/dd/a5/81076e10b5ef74493cf08a8e419e61b64324c9c55db4aa7f89c0240c4873/Babel-2.9.0-py2.py3-none-any.whl validation: type: sha256 - value: 0248333262d6f90c2fbe05aacb4f008f1d71b5250a9f737488e0a03cfa1c6ed5 + value: 9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5 - filename: Jinja2-2.11.3-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl validation: type: sha256 value: 03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419 -- filename: jupyter_packaging-0.7.12-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/44/90/1ee67d0ca65bd507872accab7dfaad085ea9f9d74c7379b523dfd0498c0f/jupyter_packaging-0.7.12-py2.py3-none-any.whl - validation: - type: sha256 - value: e36efa5edd52b302f0b784ff2a4d1f2cd50f7058af331151315e98b73f947b8d -- filename: tornado-6.1-cp36-cp36m-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/01/d1/8750ad20cbcefb499bb8b405e243f83c2c89f78d139e6f8c8d800640f554/tornado-6.1-cp36-cp36m-manylinux1_x86_64.whl - validation: - type: sha256 - value: e385b637ac3acaae8022e7e47dfa7b83d3620e432e3ecb9a3f7f58f150e50921 -- filename: jupyter_core-4.7.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/53/40/5af36bffa0af3ac71d3a6fc6709de10e4f6ff7c01745b8bc4715372189c9/jupyter_core-4.7.1-py3-none-any.whl - validation: - type: sha256 - value: 8c6c0cac5c1b563622ad49321d5ec47017bd18b94facb381c6973a0486395f8e -- filename: jupyterlab_server-2.3.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/dd/a7/fd7f7e38647b3c1d8ae37bf8b21157662d84ebd0ebf5b64a607c7c77f676/jupyterlab_server-2.3.0-py3-none-any.whl - validation: - type: sha256 - value: 653cb811739e59f2f6998f659b4635a90c110a128e0245ce27dc3fe02c46543a -- filename: jupyter_server-1.4.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/ec/b7/f8964ca33e61c6fa8f4e494e4940fb6de021f5caa52c2dce32316fac8611/jupyter_server-1.4.1-py3-none-any.whl +- filename: MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/80/16/98afa5c19296aaf7b16d1eb3c7e997656e6cfad79606e7d3885905615e96/MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl validation: type: sha256 - value: af518ce295bfaa0d5c05031f963bdcfcd2ab156cb2223c0a70665219aed338da -- filename: ipython-7.16.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/23/6a/210816c943c9aeeb29e4e18a298f14bf0e118fe222a23e13bfcc2d41b0a4/ipython-7.16.1-py3-none-any.whl - validation: - type: sha256 - value: 2dbcc8c27ca7d3cfe4fcdff7f45b27f9a8d3edfa70ff8024a71c7a8eb5f09d64 -- filename: packaging-20.9-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl + value: d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032 +- filename: Pygments-2.8.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/3a/80/a52c0a7c5939737c6dca75a831e89658ecb6f590fb7752ac777d221937b9/Pygments-2.8.1-py3-none-any.whl validation: type: sha256 - value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a -- filename: MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/b2/5f/23e0023be6bb885d00ffbefad2942bc51a620328ee910f64abe5a8d18dd1/MarkupSafe-1.1.1-cp36-cp36m-manylinux1_x86_64.whl + value: 534ef71d539ae97d4c3a4cf7d6f110f214b0e687e92f9cb9d2a3b0d3101289c8 +- filename: Send2Trash-1.5.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/49/46/c3dc27481d1cc57b9385aff41c474ceb7714f7935b1247194adae45db714/Send2Trash-1.5.0-py3-none-any.whl validation: type: sha256 - value: 717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e -- filename: pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/7c/8f/e83fc0060a7626d3555b971a70a37a0d57f727ec7ec860e9aadf96fdd724/pyzmq-22.0.3-cp36-cp36m-manylinux1_x86_64.whl + value: f1691922577b6fa12821234aeb57599d887c4900b9ca537948d2dac34aea888b +- filename: anyio-2.2.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/49/c3/b83a3c02c7d6f66932e9a72621d7f207cbfd2bd72b4c8931567ee386fb55/anyio-2.2.0-py3-none-any.whl validation: type: sha256 - value: 26380487eae4034d6c2a3fb8d0f2dff6dd0d9dd711894e8d25aa2d1938950a33 -- filename: traitlets-4.3.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ca/ab/872a23e29cec3cf2594af7e857f18b687ad21039c1f9b922fac5b9b142d5/traitlets-4.3.3-py2.py3-none-any.whl + value: aa3da546ed17f097ca876c78024dea380a3b7fa80759abfdda59f12176a3dac8 +- filename: argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/e0/d7/5da06217807106ed6d7b4f5ccb8ec5e3f9ec969217faad4b5d1af0b55101/argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl validation: type: sha256 - value: 70b4c6a1d9019d7b4f6846832288f86998aa3b9207c6821f3578a6a6a467fe44 -- filename: nbformat-5.1.2-py3-none-any.whl - url: https://files.pythonhosted.org/packages/13/1d/59cbc5a6b627ba3b4c0ec5ccc82a9002e58b324e2620a4929b81f1f8d309/nbformat-5.1.2-py3-none-any.whl + value: b160416adc0f012fb1f12588a5e6954889510f82f698e23ed4f4fa57f12a0647 +- filename: async_generator-1.10-py3-none-any.whl + url: https://files.pythonhosted.org/packages/71/52/39d20e03abd0ac9159c162ec24b93fbcaa111e8400308f2465432495ca2b/async_generator-1.10-py3-none-any.whl validation: type: sha256 - value: 3949fdc8f5fa0b1afca16fb307546e78494fa7a7bceff880df8168eafda0e7ac -- filename: anyio-2.1.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/b4/e5/a5aaca991a72839ea76162e81b48377db444d9ab3d32ccdaa267417ce0e9/anyio-2.1.0-py3-none-any.whl + value: 01c7bf666359b4967d2cda0000cc2e4af16a0ae098cbffcb8472fb9e8ad6585b +- filename: attrs-20.3.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c3/aa/cb45262569fcc047bf070b5de61813724d6726db83259222cd7b4c79821a/attrs-20.3.0-py2.py3-none-any.whl validation: type: sha256 - value: c286818ccd5dcbd5d385b223f16a055393474527b1d5650da489828a9887d559 -- filename: jupyter_client-6.1.11-py3-none-any.whl - url: https://files.pythonhosted.org/packages/83/d6/30aed7ef13ff3f359e99626c1b0a32ebbc3bf9b9d5616ec46e9e245d5fa9/jupyter_client-6.1.11-py3-none-any.whl + value: 31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 +- filename: backcall-0.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl validation: type: sha256 - value: 5eaaa41df449167ebba5e1cf6ca9b31f7fd4f71625069836e2e4fee07fe3cb13 -- filename: nbconvert-6.0.7-py3-none-any.whl - url: https://files.pythonhosted.org/packages/13/2f/acbe7006548f3914456ee47f97a2033b1b2f3daf921b12ac94105d87c163/nbconvert-6.0.7-py3-none-any.whl + value: fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255 +- filename: bleach-3.3.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f0/46/2bbd92086a4c6f051214cb48df6d9132b5f32c5e881d3f4991b16ec7e499/bleach-3.3.0-py2.py3-none-any.whl validation: type: sha256 - value: 39e9f977920b203baea0be67eea59f7b37a761caa542abe80f5897ce3cf6311d -- filename: prometheus_client-0.9.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f4/7e/ef341c67ed43ad2e39633a35c28b77bc555f9572f4df4fee11c2b467db00/prometheus_client-0.9.0-py2.py3-none-any.whl + value: 6123ddc1052673e52bab52cdc955bcb57a015264a1c57d37bea2f6b817af0125 +- filename: certifi-2020.12.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/5e/a0/5f06e1e1d463903cf0c0eebeb751791119ed7a4b3737fdc9a77f1cdfb51f/certifi-2020.12.5-py2.py3-none-any.whl validation: type: sha256 - value: b08c34c328e1bf5961f0b4352668e6c8f145b4a087e09b7296ef62cbe4693d35 -- filename: ipython_genutils-0.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/fa/bc/9bd3b5c2b4774d5f33b2d544f1460be9df7df2fe42f352135381c347c69a/ipython_genutils-0.2.0-py2.py3-none-any.whl + value: 719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830 +- filename: cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/5c/0f/e07df370fac0e99e938edc62c8a15e54b9d75605e11838fa0ef300118e1d/cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl validation: type: sha256 - value: 72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8 -- filename: Send2Trash-1.5.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/49/46/c3dc27481d1cc57b9385aff41c474ceb7714f7935b1247194adae45db714/Send2Trash-1.5.0-py3-none-any.whl + value: 6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e +- filename: chardet-4.0.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl validation: type: sha256 - value: f1691922577b6fa12821234aeb57599d887c4900b9ca537948d2dac34aea888b -- filename: terminado-0.9.2-py3-none-any.whl - url: https://files.pythonhosted.org/packages/de/74/604d9dcbb5b73b54d07c78764b22568b8c7923d93e257dc9766142f67b81/terminado-0.9.2-py3-none-any.whl + value: f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 +- filename: decorator-5.0.7-py3-none-any.whl + url: https://files.pythonhosted.org/packages/bc/b4/c208a551033a7abb67703be73dea3d917dbce528bd87bcd6f7dfceec7097/decorator-5.0.7-py3-none-any.whl validation: type: sha256 - value: 23a053e06b22711269563c8bb96b36a036a86be8b5353e85e804f89b84aaa23f -- filename: typing_extensions-3.7.4.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/60/7a/e881b5abb54db0e6e671ab088d079c57ce54e8a01a3ca443f561ccadb37e/typing_extensions-3.7.4.3-py3-none-any.whl + value: 945d84890bb20cc4a2f4a31fc4311c0c473af65ea318617f13a7257c9a58bc98 +- filename: defusedxml-0.7.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/07/6c/aa3f2f849e01cb6a001cd8554a88d4c77c5c1a31c95bdf1cf9301e6d9ef4/defusedxml-0.7.1-py2.py3-none-any.whl validation: type: sha256 - value: 7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 -- filename: sniffio-1.2.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/52/b0/7b2e028b63d092804b6794595871f936aafa5e9322dcaaad50ebf67445b3/sniffio-1.2.0-py3-none-any.whl + value: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 +- filename: deprecation-2.1.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/02/c3/253a89ee03fc9b9682f1541728eb66db7db22148cd94f89ab22528cd1e1b/deprecation-2.1.0-py2.py3-none-any.whl validation: type: sha256 - value: 471b71698eac1c2112a40ce2752bb2f4a4814c22a54a3eed3676bc0f5ca9f663 -- filename: async_generator-1.10-py3-none-any.whl - url: https://files.pythonhosted.org/packages/71/52/39d20e03abd0ac9159c162ec24b93fbcaa111e8400308f2465432495ca2b/async_generator-1.10-py3-none-any.whl + value: a10811591210e1fb0e768a8c25517cabeabcba6f0bf96564f8ff45189f90b14a +- filename: entrypoints-0.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ac/c6/44694103f8c221443ee6b0041f69e2740d89a25641e62fb4f2ee568f2f9c/entrypoints-0.3-py2.py3-none-any.whl validation: type: sha256 - value: 01c7bf666359b4967d2cda0000cc2e4af16a0ae098cbffcb8472fb9e8ad6585b -- filename: idna-3.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/29/88/c52aae187d3b128a0f13f36a6c987fc0d408d03a678ad9996516925d8495/idna-3.1-py3-none-any.whl + value: 589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 +- filename: idna-2.10-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl validation: type: sha256 - value: 5205d03e7bcbb919cc9c19885f9920d622ca52448306f2377daede5cf3faac16 -- filename: dataclasses-0.8-py3-none-any.whl - url: https://files.pythonhosted.org/packages/fe/ca/75fac5856ab5cfa51bbbcefa250182e50441074fdc3f803f6e76451fab43/dataclasses-0.8-py3-none-any.whl + value: b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 +- filename: ipykernel-5.5.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/3a/7d/9f8ac1b1b76f2f1538b5650f0b5636bae082724b1e06939a3a9d38e1380e/ipykernel-5.5.3-py3-none-any.whl validation: type: sha256 - value: 0201d89fa866f68c8ebd9d08ee6ff50c0b255f8ec63a71c16fda7af82bb887bf -- filename: python_dateutil-2.8.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl + value: 21abd584543759e49010975a4621603b3cf871b1039cb3879a14094717692614 +- filename: ipython-7.22.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/c9/b1/82cbe2b856386f44f37fdae54d9b425813bd86fe33385c9d658d64826098/ipython-7.22.0-py3-none-any.whl validation: type: sha256 - value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a -- filename: requests-2.25.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl + value: c0ce02dfaa5f854809ab7413c601c4543846d9da81010258ecdab299b542d199 +- filename: ipython_genutils-0.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/fa/bc/9bd3b5c2b4774d5f33b2d544f1460be9df7df2fe42f352135381c347c69a/ipython_genutils-0.2.0-py2.py3-none-any.whl validation: type: sha256 - value: c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e -- filename: Babel-2.9.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/dd/a5/81076e10b5ef74493cf08a8e419e61b64324c9c55db4aa7f89c0240c4873/Babel-2.9.0-py2.py3-none-any.whl + value: 72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8 +- filename: jedi-0.18.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f9/36/7aa67ae2663025b49e8426ead0bad983fee1b73f472536e9790655da0277/jedi-0.18.0-py2.py3-none-any.whl validation: type: sha256 - value: 9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5 + value: 18456d83f65f400ab0c2d3319e48520420ef43b23a086fdc05dff34132f0fb93 - filename: json5-0.9.5-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/2b/81/22bf51a5bc60dde18bb6164fd597f18ee683de8670e141364d9c432dd3cf/json5-0.9.5-py2.py3-none-any.whl validation: @@ -197,202 +162,213 @@ resources: validation: type: sha256 value: 4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163 -- filename: six-1.15.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl +- filename: jupyter_client-6.1.12-py3-none-any.whl + url: https://files.pythonhosted.org/packages/77/e8/c3cf72a32a697256608d5fa96360c431adec6e1c6709ba7f13f99ff5ee04/jupyter_client-6.1.12-py3-none-any.whl validation: type: sha256 - value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced -- filename: attrs-20.3.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/c3/aa/cb45262569fcc047bf070b5de61813724d6726db83259222cd7b4c79821a/attrs-20.3.0-py2.py3-none-any.whl + value: e053a2c44b6fa597feebe2b3ecb5eea3e03d1d91cc94351a52931ee1426aecfc +- filename: jupyter_core-4.7.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/53/40/5af36bffa0af3ac71d3a6fc6709de10e4f6ff7c01745b8bc4715372189c9/jupyter_core-4.7.1-py3-none-any.whl validation: type: sha256 - value: 31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 -- filename: pyrsistent-0.17.3.tar.gz - url: https://files.pythonhosted.org/packages/4d/70/fd441df751ba8b620e03fd2d2d9ca902103119616f0f6cc42e6405035062/pyrsistent-0.17.3.tar.gz + value: 8c6c0cac5c1b563622ad49321d5ec47017bd18b94facb381c6973a0486395f8e +- filename: jupyter_packaging-0.9.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/21/34/ecb37fca8e8ec84b63e1fca0d9ed22a311d8781db95787c04355647b3bfb/jupyter_packaging-0.9.2-py2.py3-none-any.whl validation: type: sha256 - value: 2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e -- filename: setuptools-53.0.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/15/0e/255e3d57965f318973e417d5b7034223f1223de500d91b945ddfaef42a37/setuptools-53.0.0-py3-none-any.whl + value: 7d2cff62d0b0cf5267f5cd9edb4bd04591f68aa919bf026e7787f0424c0e7c55 +- filename: jupyter_server-1.6.2-py3-none-any.whl + url: https://files.pythonhosted.org/packages/b8/75/7b99df23c1e7a12b4259d1642e7bbdeb9b151ef1c3a30ad2387d93e91d25/jupyter_server-1.6.2-py3-none-any.whl validation: type: sha256 - value: 0e86620d658c5ca87a71a283bd308fcaeb4c33e17792ef6f081aec17c171347f -- filename: importlib_metadata-3.5.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/64/6f/f948e4b17ffd7edc2b107049d58b6d8b464002a73fcda4daad6564637427/importlib_metadata-3.5.0-py3-none-any.whl + value: c863481c4f6fc7c9fcb82b5f903b5a73742bb89b2b4d1babc814116a3dc40635 +- filename: jupyterlab-3.0.14-py3-none-any.whl + url: https://files.pythonhosted.org/packages/2e/61/62d3ce4b845ad79a48abfa09de79e528f8c97298f55c89b5c25bf8f3acd0/jupyterlab-3.0.14-py3-none-any.whl validation: type: sha256 - value: 31c5c29f17d064cc71bf6a005a8b25b3332787ab2e7362d5d258800ac825f471 -- filename: notebook-6.2.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/74/19/50cd38acf22e33370d01fef764355f1e3517f6e12b4fceb8d434ece4f8fd/notebook-6.2.0-py3-none-any.whl + value: 223ad786032119f495edc894a81925b6cc327a184f150adbc4e5ef94965d4921 +- filename: jupyterlab_pygments-0.1.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a8/6f/c34288766797193b512c6508f5994b830fb06134fdc4ca8214daba0aa443/jupyterlab_pygments-0.1.2-py2.py3-none-any.whl validation: - type: sha256 - value: 25ad93c982b623441b491e693ef400598d1a46cdf11b8c9c0b3be6c61ebbb6cd -- filename: ipykernel-5.5.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/56/95/3a670c8b2c2370bd8631c313f42e60983b3113ffec4035940592252bd6d5/ipykernel-5.5.0-py3-none-any.whl + type: sha256 + value: abfb880fd1561987efaefcb2d2ac75145d2a5d0139b1876d5be806e32f630008 +- filename: jupyterlab_server-2.4.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/0e/06/3078fdcf2da0a1aa109ccafaab9788c5a35db5be3c042b3eac2cb75d315d/jupyterlab_server-2.4.0-py3-none-any.whl validation: type: sha256 - value: efd07253b54d84d26e0878d268c8c3a41582a18750da633c2febfd2ece0d467d -- filename: argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/e0/d7/5da06217807106ed6d7b4f5ccb8ec5e3f9ec969217faad4b5d1af0b55101/argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl + value: 94e606edb7b60e3fc54b8b4de14cded1483959361df9023e50092b6f8ede9cf6 +- filename: mistune-0.8.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/09/ec/4b43dae793655b7d8a25f76119624350b4d65eb663459eb9603d7f1f0345/mistune-0.8.4-py2.py3-none-any.whl validation: type: sha256 - value: b160416adc0f012fb1f12588a5e6954889510f82f698e23ed4f4fa57f12a0647 -- filename: contextvars-2.4.tar.gz - url: https://files.pythonhosted.org/packages/83/96/55b82d9f13763be9d672622e1b8106c85acb83edd7cc2fa5bc67cd9877e9/contextvars-2.4.tar.gz + value: 88a1051873018da288eee8538d476dffe1262495144b33ecb586c4ab266bb8d4 +- filename: nbclassic-0.2.7-py3-none-any.whl + url: https://files.pythonhosted.org/packages/b3/32/27e9575f53991c9538ebb6940164a12bc845e1894e03ac7be9b650a3e4c2/nbclassic-0.2.7-py3-none-any.whl validation: type: sha256 - value: f38c908aaa59c14335eeea12abea5f443646216c4e29380d7bf34d2018e2c39e -- filename: immutables-0.15-cp36-cp36m-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/4a/52/e64a14a99c509cbdfe0405e9f076aef0331cb9548a3efa1d5bacd524978a/immutables-0.15-cp36-cp36m-manylinux1_x86_64.whl + value: 8843cafa3827db05b9e7da909a4955b552de13e20707474844cfdd84bf4bf655 +- filename: nbclient-0.5.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/22/a6/f3a01a5c1a0e72d1d064f33d4cd9c3a782010f48f48f47f256d0b438994a/nbclient-0.5.3-py3-none-any.whl validation: type: sha256 - value: b8ad986f9b532c026f19585289384b0769188fcb68b37c7f0bd0df9092a6ca54 -- filename: ptyprocess-0.7.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/22/a6/858897256d0deac81a172289110f31629fc4cee19b6f01283303e18c8db3/ptyprocess-0.7.0-py2.py3-none-any.whl + value: e79437364a2376892b3f46bedbf9b444e5396cfb1bc366a472c37b48e9551500 +- filename: nbconvert-6.0.7-py3-none-any.whl + url: https://files.pythonhosted.org/packages/13/2f/acbe7006548f3914456ee47f97a2033b1b2f3daf921b12ac94105d87c163/nbconvert-6.0.7-py3-none-any.whl validation: type: sha256 - value: 4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35 -- filename: decorator-4.4.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ed/1b/72a1821152d07cf1d8b6fce298aeb06a7eb90f4d6d41acec9861e7cc6df0/decorator-4.4.2-py2.py3-none-any.whl + value: 39e9f977920b203baea0be67eea59f7b37a761caa542abe80f5897ce3cf6311d +- filename: nbformat-5.1.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/e7/c7/dd50978c637a7af8234909277c4e7ec1b71310c13fb3135f3c8f5b6e045f/nbformat-5.1.3-py3-none-any.whl validation: type: sha256 - value: 41fa54c2a0cc4ba648be4fd43cff00aedf5b9465c9bf18d64325bc225f08f760 -- filename: cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/2b/cf/9a3b04e57191a970836aeaa8b2075574f02fbdb65d6368457a2f13213e7f/cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl + value: eb8447edd7127d043361bc17f2f5a807626bc8e878c7709a1c647abda28a9171 +- filename: nest_asyncio-1.5.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/52/e2/9b37da54e6e9094d2f558ae643d1954a0fa8215dfee4fa261f31c5439796/nest_asyncio-1.5.1-py3-none-any.whl validation: type: sha256 - value: 69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5 -- filename: pycparser-2.20-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl + value: 76d6e972265063fe92a90b9cc4fb82616e07d586b346ed9d2c89a4187acea39c +- filename: notebook-6.3.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/5d/86/8f951abc6ac651a75a059d2b77fe99fa5df80bf4dc4700c126a0bee486b8/notebook-6.3.0-py3-none-any.whl validation: type: sha256 - value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 -- filename: pytz-2021.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/70/94/784178ca5dd892a98f113cdd923372024dc04b8d40abe77ca76b5fb90ca6/pytz-2021.1-py2.py3-none-any.whl + value: cb271af1e8134e3d6fc6d458bdc79c40cbfc84c1eb036a493f216d58f0880e92 +- filename: packaging-20.9-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl validation: type: sha256 - value: eb10ce3e7736052ed3623d49975ce333bcd712c7bb19a58b9e2089d4057d0798 -- filename: zipp-3.4.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/41/ad/6a4f1a124b325618a7fb758b885b68ff7b058eec47d9220a12ab38d90b1f/zipp-3.4.0-py3-none-any.whl + value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a +- filename: pandocfilters-1.4.3.tar.gz + url: https://files.pythonhosted.org/packages/28/78/bd59a9adb72fa139b1c9c186e6f65aebee52375a747e4b6a6dcf0880956f/pandocfilters-1.4.3.tar.gz validation: type: sha256 - value: 102c24ef8f171fd729d46599845e95c7ab894a4cf45f5de11a44cc7444fb1108 -- filename: jedi-0.18.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f9/36/7aa67ae2663025b49e8426ead0bad983fee1b73f472536e9790655da0277/jedi-0.18.0-py2.py3-none-any.whl + value: bc63fbb50534b4b1f8ebe1860889289e8af94a23bff7445259592df25a3906eb +- filename: parso-0.8.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a9/c4/d5476373088c120ffed82f34c74b266ccae31a68d665b837354d4d8dc8be/parso-0.8.2-py2.py3-none-any.whl validation: type: sha256 - value: 18456d83f65f400ab0c2d3319e48520420ef43b23a086fdc05dff34132f0fb93 + value: a8c4922db71e4fdb90e0d0bc6e50f9b273d3397925e5e60a717e719201778d22 - filename: pexpect-4.8.0-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/39/7b/88dbb785881c28a102619d46423cb853b46dbccc70d3ac362d99773a78ce/pexpect-4.8.0-py2.py3-none-any.whl validation: type: sha256 value: 0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937 -- filename: prompt_toolkit-3.0.16-py3-none-any.whl - url: https://files.pythonhosted.org/packages/a6/0b/c6de29441b29f8b54d5bbe29a8b223de6e400714ff50e85541bd4c783421/prompt_toolkit-3.0.16-py3-none-any.whl +- filename: pickleshare-0.7.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/9a/41/220f49aaea88bc6fa6cba8d05ecf24676326156c23b991e80b3f2fc24c77/pickleshare-0.7.5-py2.py3-none-any.whl validation: type: sha256 - value: 62c811e46bd09130fb11ab759012a4ae385ce4fb2073442d1898867a824183bd -- filename: backcall-0.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl + value: 9649af414d74d4df115d5d718f82acb59c9d418196b7b4290ed47a12ce62df56 +- filename: prometheus_client-0.10.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/22/f7/f6e1676521ce7e311d38563d2cf6594d09d3717d799ede7dab7b2520093e/prometheus_client-0.10.1-py2.py3-none-any.whl validation: type: sha256 - value: fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255 -- filename: pickleshare-0.7.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/9a/41/220f49aaea88bc6fa6cba8d05ecf24676326156c23b991e80b3f2fc24c77/pickleshare-0.7.5-py2.py3-none-any.whl + value: 030e4f9df5f53db2292eec37c6255957eb76168c6f974e4176c711cf91ed34aa +- filename: prompt_toolkit-3.0.18-py3-none-any.whl + url: https://files.pythonhosted.org/packages/eb/e6/4b4ca4fa94462d4560ba2f4e62e62108ab07be2e16a92e594e43b12d3300/prompt_toolkit-3.0.18-py3-none-any.whl validation: type: sha256 - value: 9649af414d74d4df115d5d718f82acb59c9d418196b7b4290ed47a12ce62df56 -- filename: Pygments-2.8.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/d4/ef/881b14d3ad4d6a86384d63bfbb87205161e4fc46420526380ec209a12e17/Pygments-2.8.0-py3-none-any.whl + value: bf00f22079f5fadc949f42ae8ff7f05702826a97059ffcc6281036ad40ac6f04 +- filename: ptyprocess-0.7.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/22/a6/858897256d0deac81a172289110f31629fc4cee19b6f01283303e18c8db3/ptyprocess-0.7.0-py2.py3-none-any.whl validation: type: sha256 - value: b21b072d0ccdf29297a82a2363359d99623597b8a265b8081760e4d0f7153c88 -- filename: parso-0.8.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ad/f0/ef6bdb1eba2dbfda60c985cd8d7b47b6ed8c6a1f5d212f39ff50b64f172c/parso-0.8.1-py2.py3-none-any.whl + value: 4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35 +- filename: pycparser-2.20-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl validation: type: sha256 - value: 15b00182f472319383252c18d5913b69269590616c947747bc50bf4ac768f410 -- filename: wcwidth-0.2.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/59/7c/e39aca596badaf1b78e8f547c807b04dae603a433d3e7a7e04d67f2ef3e5/wcwidth-0.2.5-py2.py3-none-any.whl + value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 +- filename: pyparsing-2.4.7-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl validation: type: sha256 - value: beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 -- filename: defusedxml-0.6.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/06/74/9b387472866358ebc08732de3da6dc48e44b0aacd2ddaa5cb85ab7e986a2/defusedxml-0.6.0-py2.py3-none-any.whl + value: ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b +- filename: pyrsistent-0.17.3.tar.gz + url: https://files.pythonhosted.org/packages/4d/70/fd441df751ba8b620e03fd2d2d9ca902103119616f0f6cc42e6405035062/pyrsistent-0.17.3.tar.gz validation: type: sha256 - value: 6687150770438374ab581bb7a1b327a847dd9c5749e396102de3fad4e8a3ef93 -- filename: mistune-0.8.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/09/ec/4b43dae793655b7d8a25f76119624350b4d65eb663459eb9603d7f1f0345/mistune-0.8.4-py2.py3-none-any.whl + value: 2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e +- filename: python_dateutil-2.8.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl validation: type: sha256 - value: 88a1051873018da288eee8538d476dffe1262495144b33ecb586c4ab266bb8d4 -- filename: bleach-3.3.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f0/46/2bbd92086a4c6f051214cb48df6d9132b5f32c5e881d3f4991b16ec7e499/bleach-3.3.0-py2.py3-none-any.whl + value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a +- filename: pytz-2021.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/70/94/784178ca5dd892a98f113cdd923372024dc04b8d40abe77ca76b5fb90ca6/pytz-2021.1-py2.py3-none-any.whl validation: type: sha256 - value: 6123ddc1052673e52bab52cdc955bcb57a015264a1c57d37bea2f6b817af0125 -- filename: testpath-0.4.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/1b/9e/1a170feaa54f22aeb5a5d16c9015e82234275a3c8ab630b552493f9cb8a9/testpath-0.4.4-py2.py3-none-any.whl + value: eb10ce3e7736052ed3623d49975ce333bcd712c7bb19a58b9e2089d4057d0798 +- filename: pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/98/f0/848d7850eb8a65f3534c1f4d0e0ba8ba8de2d32a02fa9df1d41a08cc667f/pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl validation: type: sha256 - value: bfcf9411ef4bf3db7579063e0546938b1edda3d69f4e1fb8756991f5951f85d4 -- filename: jupyterlab_pygments-0.1.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a8/6f/c34288766797193b512c6508f5994b830fb06134fdc4ca8214daba0aa443/jupyterlab_pygments-0.1.2-py2.py3-none-any.whl + value: 9221783dacb419604d5345d0e097bddef4459a9a95322de6c306bf1d9896559f +- filename: requests-2.25.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl validation: type: sha256 - value: abfb880fd1561987efaefcb2d2ac75145d2a5d0139b1876d5be806e32f630008 -- filename: entrypoints-0.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ac/c6/44694103f8c221443ee6b0041f69e2740d89a25641e62fb4f2ee568f2f9c/entrypoints-0.3-py2.py3-none-any.whl + value: c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e +- filename: setuptools-56.0.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/ae/42/2876a3a136f8bfa9bd703518441c8db78ff1eeaddf174baa85c083c1fd15/setuptools-56.0.0-py3-none-any.whl validation: type: sha256 - value: 589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 -- filename: pandocfilters-1.4.3.tar.gz - url: https://files.pythonhosted.org/packages/28/78/bd59a9adb72fa139b1c9c186e6f65aebee52375a747e4b6a6dcf0880956f/pandocfilters-1.4.3.tar.gz + value: 7430499900e443375ba9449a9cc5d78506b801e929fef4a186496012f93683b5 +- filename: six-1.15.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl validation: type: sha256 - value: bc63fbb50534b4b1f8ebe1860889289e8af94a23bff7445259592df25a3906eb -- filename: nbclient-0.5.2-py3-none-any.whl - url: https://files.pythonhosted.org/packages/e5/e9/cb88ef8fe390439637ea68c5abdf5f490cbf5ad2edbf612b6e03cd30cbf3/nbclient-0.5.2-py3-none-any.whl + value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced +- filename: sniffio-1.2.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/52/b0/7b2e028b63d092804b6794595871f936aafa5e9322dcaaad50ebf67445b3/sniffio-1.2.0-py3-none-any.whl validation: type: sha256 - value: 1e0375490cd33fda6c23e61084476298a87f34d02607a038aa8ecc6e8901615f -- filename: nest_asyncio-1.5.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/52/e2/9b37da54e6e9094d2f558ae643d1954a0fa8215dfee4fa261f31c5439796/nest_asyncio-1.5.1-py3-none-any.whl + value: 471b71698eac1c2112a40ce2752bb2f4a4814c22a54a3eed3676bc0f5ca9f663 +- filename: terminado-0.9.4-py3-none-any.whl + url: https://files.pythonhosted.org/packages/47/ad/f7bc3e40570212ed9ccc9ac72d17315574d82fc100eb74d660c31817ddd2/terminado-0.9.4-py3-none-any.whl validation: type: sha256 - value: 76d6e972265063fe92a90b9cc4fb82616e07d586b346ed9d2c89a4187acea39c -- filename: webencodings-0.5.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl + value: daed77f9fad7b32558fa84b226a76f45a02242c20813502f36c4e1ade6d8f1ad +- filename: testpath-0.4.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/1b/9e/1a170feaa54f22aeb5a5d16c9015e82234275a3c8ab630b552493f9cb8a9/testpath-0.4.4-py2.py3-none-any.whl validation: type: sha256 - value: a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 -- filename: pyparsing-2.4.7-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl + value: bfcf9411ef4bf3db7579063e0546938b1edda3d69f4e1fb8756991f5951f85d4 +- filename: tomlkit-0.7.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/bc/01/a0ee34fe37dd54f795e8f8a820af57c9a94d7358276acf6cdc21ae8d9533/tomlkit-0.7.0-py2.py3-none-any.whl validation: type: sha256 - value: ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b -- filename: chardet-4.0.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl + value: 6babbd33b17d5c9691896b0e68159215a9387ebfa938aa3ac42f4a4beeb2b831 +- filename: tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/7a/4a/4fafa6f032f9e202ce5bc1becacef5588a34fd0f0539fdcc705fa2b5ca4a/tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl validation: type: sha256 - value: f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 -- filename: idna-2.10-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl + value: d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f +- filename: traitlets-5.0.5-py3-none-any.whl + url: https://files.pythonhosted.org/packages/f6/7d/3ecb0ebd0ce8dcdfa7bd47ab85c1d4a521e6770ef283d0824f5804994dfe/traitlets-5.0.5-py3-none-any.whl validation: type: sha256 - value: b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 -- filename: urllib3-1.26.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/23/fc/8a49991f7905261f9ca9df5aa9b58363c3c821ce3e7f671895442b7100f2/urllib3-1.26.3-py2.py3-none-any.whl + value: 69ff3f9d5351f31a7ad80443c2674b7099df13cc41fc5fa6e2f6d3b0330b0426 +- filename: urllib3-1.26.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/09/c6/d3e3abe5b4f4f16cf0dfc9240ab7ce10c2baa0e268989a4e3ec19e90c84e/urllib3-1.26.4-py2.py3-none-any.whl validation: type: sha256 - value: 1b465e494e3e0d8939b50680403e3aedaa2bc434b7d5af64dfd3c958d7f5ae80 -- filename: certifi-2020.12.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/5e/a0/5f06e1e1d463903cf0c0eebeb751791119ed7a4b3737fdc9a77f1cdfb51f/certifi-2020.12.5-py2.py3-none-any.whl + value: 2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df +- filename: wcwidth-0.2.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/59/7c/e39aca596badaf1b78e8f547c807b04dae603a433d3e7a7e04d67f2ef3e5/wcwidth-0.2.5-py2.py3-none-any.whl validation: type: sha256 - value: 719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830 - + value: beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 +- filename: webencodings-0.5.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl + validation: + type: sha256 + value: a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 +- filename: wheel-0.36.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/65/63/39d04c74222770ed1589c0eaba06c05891801219272420b40311cd60c880/wheel-0.36.2-py2.py3-none-any.whl + validation: + type: sha256 + value: 78b5b185f0e5763c26ca1e324373aadd49182ca90e825f7853f4b2509215dc0e + + # List of project maintainers maintainers: -- GitLab From 33a6bfb504cf5f83942051150e86446a19bc5578 Mon Sep 17 00:00:00 2001 From: Komnick Date: Tue, 27 Apr 2021 15:59:58 -0400 Subject: [PATCH 24/36] updated FROM to python38-ai --- Dockerfile | 72 +-- README.md | 4 +- hardening_manifest.yaml | 717 ++++++++++++------------ scripts/jupyter_lab_config.py | 848 +++++++++++++++++++++++++++++ scripts/jupyter_notebook_config.py | 55 -- scripts/start-notebook.sh | 4 +- 6 files changed, 1254 insertions(+), 446 deletions(-) create mode 100644 scripts/jupyter_lab_config.py delete mode 100644 scripts/jupyter_notebook_config.py diff --git a/Dockerfile b/Dockerfile index 488b581..d86a77e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ #ARG BASE_REGISTRY=registry1.dso.mil -#ARG BASE_IMAGE=ironbank/redhat/python/python36 -#ARG BASE_TAG=3.6 +#ARG BASE_IMAGE=ironbank/opensource/python/python38 +#ARG BASE_TAG=3.8 #FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -FROM python36-ai:latest +FROM python38-ai:latest ARG NB_USER="jovyan" # NB_UID == 1001 b/c the default user in the ironbank python36 image is uid 1001 @@ -19,11 +19,13 @@ USER root # we've removed it due to cve's # we have also removed bzip2 install as its provided by the python36 base image # we have also removed the lang pack installations due to cve's -RUN yum update -y -q && \ - yum install -y -q \ - procps \ - ca-certificates && \ - yum clean all +RUN yum update -y -q \ + && yum install -y -q \ + git \ + procps \ + wget \ + ca-certificates \ + && yum clean all # Configure environment ENV SHELL=/bin/bash \ @@ -45,11 +47,11 @@ RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashr # Create NB_USER with name jovyan user with UID=1000 and in the 'users' group # and make sure these dirs are writable by the `users` group. -RUN useradd -m -s /bin/bash -N -u $NB_UID -g $NB_GID $NB_USER && \ - fix-permissions $HOME -P && \ - fix-permissions /opt/app-root -P +RUN useradd -m -s /bin/bash -N -u $NB_UID -g $NB_GID $NB_USER \ + && fix-permissions $HOME -P \ + && fix-permissions /opt/app-root -P -# install tini +# Install Tini COPY tini /usr/bin/tini RUN chmod +x /usr/bin/tini @@ -57,19 +59,26 @@ USER $NB_UID ARG PYTHON_VERSION=default +# add python3.6 -m pip directory to the path +ENV PATH=/home/jovyan/.local/bin:$PATH +# suppress pip version warning +ENV PIP_DISABLE_PIP_VERSION_CHECK=1 + # Setup work directory for backward-compatibility RUN mkdir /home/$NB_USER/work WORKDIR /tmp -# Install jupyterlab -#RUN mkdir ./repo +# dev +# COPY repo . -#Pipeline -COPY *.whl /tmp/repo -COPY *.tar.gz /tmp/repo +# ib pipeline +COPY *.whl . +COPY *.tar.gz . -RUN python3.8 -m pip install --no-index --find-links /tmp/repo jupyterlab +RUN python3.8 -m pip install --no-index --find-links . \ + pip \ + jupyterlab EXPOSE 8888 @@ -81,29 +90,28 @@ CMD ["start-notebook.sh"] # Copy local files as late as possible to avoid cache busting COPY scripts/start.sh scripts/start-notebook.sh scripts/start-singleuser.sh /usr/local/bin/ -COPY scripts/jupyter_notebook_config.py /etc/jupyter/ +COPY scripts/jupyter_lab_config.py /etc/jupyter/ # Fix permissions on /etc/jupyter and /usr/libexec/openssh/ssh-keysign USER root - -RUN chmod +x /usr/local/bin/start-notebook.sh - RUN fix-permissions /etc/jupyter && \ - fix-permissions /usr/libexec/openssh/ssh-keysign && \ - fix-permissions /opt/app-root + fix-permissions /usr/libexec/openssh/ssh-keysign +RUN yum remove perl -y -# destroy /usr/share/doc/perl* and tornado test.key as they contain 'secrets' flagged by IB -RUN rm -rf \ - /usr/share/doc/perl-IO-Socket-SSL \ - /usr/share/doc/perl-Net-SSLeay/examples \ - /opt/app-root/lib/python3.8/site-packages/tornado/test/test.key +# cleanup installed packages +RUN rm -rf \ + /tmp/repo \ + /tmp/openssl-1.1.1j -# Clean up -RUN rm -rf /tmp/repo +# remove IB flagged 'secrets' +RUN rm -rf \ + /usr/share/doc/perl-IO-Socket-SSL \ + /usr/share/doc/perl-Net-SSLeay \ + /home/jovyan/.local/lib/python3.8/site-packages/tornado/test/test.key # Switch back to jovyan to avoid accidental container runs as root USER $NB_UID HEALTHCHECK CMD pgrep "jupyter" > /dev/null || exit 1 -WORKDIR $HOME \ No newline at end of file +WORKDIR $HOME diff --git a/README.md b/README.md index ead46f8..16636c1 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,6 @@ ## Description -A jupyterlab notebook container implementing the jupyterlab interface (with left-navigation tabs etc.), Python3.6 (python36 base image) and pip version 20.2.4. +A minimal jupyterlab notebook container implementing the jupyterlab interface (with left-navigation tabs etc.), Python3.8 (Iron Bank python36 base image) and pip version 21.0.1. -Additionally, this container includes specific python packages that support AI/ML and data science initiatives. +This image is an UBI 8 refactor of the opensource Dockerfile here: https://github.com/jupyter/docker-stacks/tree/master/base-notebook. diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1467f38..afc5c5f 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,381 +2,388 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "carnegie-mellon/jlab-eda" +name: "opensource/jupyter/jupyterlab" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "1.4.2" +- "2.2.9" - "latest" # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "redhat/python/python36" - BASE_TAG: "3.6" + BASE_IMAGE: "opensource/python/python38" + BASE_TAG: "3.8" # Docker image labels labels: - org.opencontainers.image.title: "JupyterLab - Exploratory Data Analytics" + org.opencontainers.image.title: "jupyterlab" org.opencontainers.image.description: "JupyterLab is the next-generation web-based user interface for Project Jupyter." org.opencontainers.image.licenses: "MIT License (MIT)" org.opencontainers.image.url: " " org.opencontainers.image.vendor: "jupyterlab" - org.opencontainers.image.version: "1.4.2" + org.opencontainers.image.version: "3.0.14" mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science" mil.dso.ironbank.image.type: "opensource" - mil.dso.ironbank.product.name: "jlab-eda" + mil.dso.ironbank.product.name: "jupyterlab" - - - # List of resources to make available to the offline build context +# List of resources to make available to the offline build context resources: -- filename: tini - url: https://github.com/krallin/tini/releases/download/v0.19.0/tini - validation: - type: sha256 - value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c -- filename: Babel-2.9.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/dd/a5/81076e10b5ef74493cf08a8e419e61b64324c9c55db4aa7f89c0240c4873/Babel-2.9.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5 -- filename: Jinja2-2.11.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl - validation: - type: sha256 - value: 03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419 -- filename: MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/80/16/98afa5c19296aaf7b16d1eb3c7e997656e6cfad79606e7d3885905615e96/MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl - validation: - type: sha256 - value: d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032 -- filename: Pygments-2.8.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/3a/80/a52c0a7c5939737c6dca75a831e89658ecb6f590fb7752ac777d221937b9/Pygments-2.8.1-py3-none-any.whl - validation: - type: sha256 - value: 534ef71d539ae97d4c3a4cf7d6f110f214b0e687e92f9cb9d2a3b0d3101289c8 -- filename: Send2Trash-1.5.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/49/46/c3dc27481d1cc57b9385aff41c474ceb7714f7935b1247194adae45db714/Send2Trash-1.5.0-py3-none-any.whl - validation: - type: sha256 - value: f1691922577b6fa12821234aeb57599d887c4900b9ca537948d2dac34aea888b -- filename: anyio-2.2.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/49/c3/b83a3c02c7d6f66932e9a72621d7f207cbfd2bd72b4c8931567ee386fb55/anyio-2.2.0-py3-none-any.whl - validation: - type: sha256 - value: aa3da546ed17f097ca876c78024dea380a3b7fa80759abfdda59f12176a3dac8 -- filename: argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/e0/d7/5da06217807106ed6d7b4f5ccb8ec5e3f9ec969217faad4b5d1af0b55101/argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl - validation: - type: sha256 - value: b160416adc0f012fb1f12588a5e6954889510f82f698e23ed4f4fa57f12a0647 -- filename: async_generator-1.10-py3-none-any.whl - url: https://files.pythonhosted.org/packages/71/52/39d20e03abd0ac9159c162ec24b93fbcaa111e8400308f2465432495ca2b/async_generator-1.10-py3-none-any.whl - validation: - type: sha256 - value: 01c7bf666359b4967d2cda0000cc2e4af16a0ae098cbffcb8472fb9e8ad6585b -- filename: attrs-20.3.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/c3/aa/cb45262569fcc047bf070b5de61813724d6726db83259222cd7b4c79821a/attrs-20.3.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 -- filename: backcall-0.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl - validation: - type: sha256 - value: fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255 -- filename: bleach-3.3.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f0/46/2bbd92086a4c6f051214cb48df6d9132b5f32c5e881d3f4991b16ec7e499/bleach-3.3.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 6123ddc1052673e52bab52cdc955bcb57a015264a1c57d37bea2f6b817af0125 -- filename: certifi-2020.12.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/5e/a0/5f06e1e1d463903cf0c0eebeb751791119ed7a4b3737fdc9a77f1cdfb51f/certifi-2020.12.5-py2.py3-none-any.whl - validation: - type: sha256 - value: 719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830 -- filename: cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/5c/0f/e07df370fac0e99e938edc62c8a15e54b9d75605e11838fa0ef300118e1d/cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl - validation: - type: sha256 - value: 6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e -- filename: chardet-4.0.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl - validation: - type: sha256 - value: f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 -- filename: decorator-5.0.7-py3-none-any.whl - url: https://files.pythonhosted.org/packages/bc/b4/c208a551033a7abb67703be73dea3d917dbce528bd87bcd6f7dfceec7097/decorator-5.0.7-py3-none-any.whl - validation: - type: sha256 - value: 945d84890bb20cc4a2f4a31fc4311c0c473af65ea318617f13a7257c9a58bc98 -- filename: defusedxml-0.7.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/07/6c/aa3f2f849e01cb6a001cd8554a88d4c77c5c1a31c95bdf1cf9301e6d9ef4/defusedxml-0.7.1-py2.py3-none-any.whl - validation: - type: sha256 - value: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 -- filename: deprecation-2.1.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/02/c3/253a89ee03fc9b9682f1541728eb66db7db22148cd94f89ab22528cd1e1b/deprecation-2.1.0-py2.py3-none-any.whl - validation: - type: sha256 - value: a10811591210e1fb0e768a8c25517cabeabcba6f0bf96564f8ff45189f90b14a -- filename: entrypoints-0.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ac/c6/44694103f8c221443ee6b0041f69e2740d89a25641e62fb4f2ee568f2f9c/entrypoints-0.3-py2.py3-none-any.whl - validation: - type: sha256 - value: 589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 -- filename: idna-2.10-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl - validation: - type: sha256 - value: b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 -- filename: ipykernel-5.5.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/3a/7d/9f8ac1b1b76f2f1538b5650f0b5636bae082724b1e06939a3a9d38e1380e/ipykernel-5.5.3-py3-none-any.whl - validation: - type: sha256 - value: 21abd584543759e49010975a4621603b3cf871b1039cb3879a14094717692614 -- filename: ipython-7.22.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/c9/b1/82cbe2b856386f44f37fdae54d9b425813bd86fe33385c9d658d64826098/ipython-7.22.0-py3-none-any.whl - validation: - type: sha256 - value: c0ce02dfaa5f854809ab7413c601c4543846d9da81010258ecdab299b542d199 -- filename: ipython_genutils-0.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/fa/bc/9bd3b5c2b4774d5f33b2d544f1460be9df7df2fe42f352135381c347c69a/ipython_genutils-0.2.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8 -- filename: jedi-0.18.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f9/36/7aa67ae2663025b49e8426ead0bad983fee1b73f472536e9790655da0277/jedi-0.18.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 18456d83f65f400ab0c2d3319e48520420ef43b23a086fdc05dff34132f0fb93 -- filename: json5-0.9.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/2b/81/22bf51a5bc60dde18bb6164fd597f18ee683de8670e141364d9c432dd3cf/json5-0.9.5-py2.py3-none-any.whl - validation: - type: sha256 - value: af1a1b9a2850c7f62c23fde18be4749b3599fd302f494eebf957e2ada6b9e42c -- filename: jsonschema-3.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163 -- filename: jupyter_client-6.1.12-py3-none-any.whl - url: https://files.pythonhosted.org/packages/77/e8/c3cf72a32a697256608d5fa96360c431adec6e1c6709ba7f13f99ff5ee04/jupyter_client-6.1.12-py3-none-any.whl - validation: - type: sha256 - value: e053a2c44b6fa597feebe2b3ecb5eea3e03d1d91cc94351a52931ee1426aecfc -- filename: jupyter_core-4.7.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/53/40/5af36bffa0af3ac71d3a6fc6709de10e4f6ff7c01745b8bc4715372189c9/jupyter_core-4.7.1-py3-none-any.whl - validation: - type: sha256 - value: 8c6c0cac5c1b563622ad49321d5ec47017bd18b94facb381c6973a0486395f8e -- filename: jupyter_packaging-0.9.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/21/34/ecb37fca8e8ec84b63e1fca0d9ed22a311d8781db95787c04355647b3bfb/jupyter_packaging-0.9.2-py2.py3-none-any.whl - validation: - type: sha256 - value: 7d2cff62d0b0cf5267f5cd9edb4bd04591f68aa919bf026e7787f0424c0e7c55 -- filename: jupyter_server-1.6.2-py3-none-any.whl - url: https://files.pythonhosted.org/packages/b8/75/7b99df23c1e7a12b4259d1642e7bbdeb9b151ef1c3a30ad2387d93e91d25/jupyter_server-1.6.2-py3-none-any.whl - validation: - type: sha256 - value: c863481c4f6fc7c9fcb82b5f903b5a73742bb89b2b4d1babc814116a3dc40635 -- filename: jupyterlab-3.0.14-py3-none-any.whl - url: https://files.pythonhosted.org/packages/2e/61/62d3ce4b845ad79a48abfa09de79e528f8c97298f55c89b5c25bf8f3acd0/jupyterlab-3.0.14-py3-none-any.whl - validation: - type: sha256 - value: 223ad786032119f495edc894a81925b6cc327a184f150adbc4e5ef94965d4921 -- filename: jupyterlab_pygments-0.1.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a8/6f/c34288766797193b512c6508f5994b830fb06134fdc4ca8214daba0aa443/jupyterlab_pygments-0.1.2-py2.py3-none-any.whl - validation: - type: sha256 - value: abfb880fd1561987efaefcb2d2ac75145d2a5d0139b1876d5be806e32f630008 -- filename: jupyterlab_server-2.4.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/0e/06/3078fdcf2da0a1aa109ccafaab9788c5a35db5be3c042b3eac2cb75d315d/jupyterlab_server-2.4.0-py3-none-any.whl - validation: - type: sha256 - value: 94e606edb7b60e3fc54b8b4de14cded1483959361df9023e50092b6f8ede9cf6 -- filename: mistune-0.8.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/09/ec/4b43dae793655b7d8a25f76119624350b4d65eb663459eb9603d7f1f0345/mistune-0.8.4-py2.py3-none-any.whl - validation: - type: sha256 - value: 88a1051873018da288eee8538d476dffe1262495144b33ecb586c4ab266bb8d4 -- filename: nbclassic-0.2.7-py3-none-any.whl - url: https://files.pythonhosted.org/packages/b3/32/27e9575f53991c9538ebb6940164a12bc845e1894e03ac7be9b650a3e4c2/nbclassic-0.2.7-py3-none-any.whl - validation: - type: sha256 - value: 8843cafa3827db05b9e7da909a4955b552de13e20707474844cfdd84bf4bf655 -- filename: nbclient-0.5.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/22/a6/f3a01a5c1a0e72d1d064f33d4cd9c3a782010f48f48f47f256d0b438994a/nbclient-0.5.3-py3-none-any.whl - validation: - type: sha256 - value: e79437364a2376892b3f46bedbf9b444e5396cfb1bc366a472c37b48e9551500 -- filename: nbconvert-6.0.7-py3-none-any.whl - url: https://files.pythonhosted.org/packages/13/2f/acbe7006548f3914456ee47f97a2033b1b2f3daf921b12ac94105d87c163/nbconvert-6.0.7-py3-none-any.whl - validation: - type: sha256 - value: 39e9f977920b203baea0be67eea59f7b37a761caa542abe80f5897ce3cf6311d -- filename: nbformat-5.1.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/e7/c7/dd50978c637a7af8234909277c4e7ec1b71310c13fb3135f3c8f5b6e045f/nbformat-5.1.3-py3-none-any.whl - validation: - type: sha256 - value: eb8447edd7127d043361bc17f2f5a807626bc8e878c7709a1c647abda28a9171 -- filename: nest_asyncio-1.5.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/52/e2/9b37da54e6e9094d2f558ae643d1954a0fa8215dfee4fa261f31c5439796/nest_asyncio-1.5.1-py3-none-any.whl - validation: - type: sha256 - value: 76d6e972265063fe92a90b9cc4fb82616e07d586b346ed9d2c89a4187acea39c -- filename: notebook-6.3.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/5d/86/8f951abc6ac651a75a059d2b77fe99fa5df80bf4dc4700c126a0bee486b8/notebook-6.3.0-py3-none-any.whl - validation: - type: sha256 - value: cb271af1e8134e3d6fc6d458bdc79c40cbfc84c1eb036a493f216d58f0880e92 -- filename: packaging-20.9-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl - validation: - type: sha256 - value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a -- filename: pandocfilters-1.4.3.tar.gz - url: https://files.pythonhosted.org/packages/28/78/bd59a9adb72fa139b1c9c186e6f65aebee52375a747e4b6a6dcf0880956f/pandocfilters-1.4.3.tar.gz - validation: - type: sha256 - value: bc63fbb50534b4b1f8ebe1860889289e8af94a23bff7445259592df25a3906eb -- filename: parso-0.8.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a9/c4/d5476373088c120ffed82f34c74b266ccae31a68d665b837354d4d8dc8be/parso-0.8.2-py2.py3-none-any.whl - validation: - type: sha256 - value: a8c4922db71e4fdb90e0d0bc6e50f9b273d3397925e5e60a717e719201778d22 -- filename: pexpect-4.8.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/39/7b/88dbb785881c28a102619d46423cb853b46dbccc70d3ac362d99773a78ce/pexpect-4.8.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937 -- filename: pickleshare-0.7.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/9a/41/220f49aaea88bc6fa6cba8d05ecf24676326156c23b991e80b3f2fc24c77/pickleshare-0.7.5-py2.py3-none-any.whl - validation: - type: sha256 - value: 9649af414d74d4df115d5d718f82acb59c9d418196b7b4290ed47a12ce62df56 -- filename: prometheus_client-0.10.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/22/f7/f6e1676521ce7e311d38563d2cf6594d09d3717d799ede7dab7b2520093e/prometheus_client-0.10.1-py2.py3-none-any.whl - validation: - type: sha256 - value: 030e4f9df5f53db2292eec37c6255957eb76168c6f974e4176c711cf91ed34aa -- filename: prompt_toolkit-3.0.18-py3-none-any.whl - url: https://files.pythonhosted.org/packages/eb/e6/4b4ca4fa94462d4560ba2f4e62e62108ab07be2e16a92e594e43b12d3300/prompt_toolkit-3.0.18-py3-none-any.whl - validation: - type: sha256 - value: bf00f22079f5fadc949f42ae8ff7f05702826a97059ffcc6281036ad40ac6f04 -- filename: ptyprocess-0.7.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/22/a6/858897256d0deac81a172289110f31629fc4cee19b6f01283303e18c8db3/ptyprocess-0.7.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35 -- filename: pycparser-2.20-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl - validation: - type: sha256 - value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 -- filename: pyparsing-2.4.7-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl - validation: - type: sha256 - value: ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b -- filename: pyrsistent-0.17.3.tar.gz - url: https://files.pythonhosted.org/packages/4d/70/fd441df751ba8b620e03fd2d2d9ca902103119616f0f6cc42e6405035062/pyrsistent-0.17.3.tar.gz - validation: - type: sha256 - value: 2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e -- filename: python_dateutil-2.8.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl - validation: - type: sha256 - value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a -- filename: pytz-2021.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/70/94/784178ca5dd892a98f113cdd923372024dc04b8d40abe77ca76b5fb90ca6/pytz-2021.1-py2.py3-none-any.whl - validation: - type: sha256 - value: eb10ce3e7736052ed3623d49975ce333bcd712c7bb19a58b9e2089d4057d0798 -- filename: pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/98/f0/848d7850eb8a65f3534c1f4d0e0ba8ba8de2d32a02fa9df1d41a08cc667f/pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl - validation: - type: sha256 - value: 9221783dacb419604d5345d0e097bddef4459a9a95322de6c306bf1d9896559f -- filename: requests-2.25.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl - validation: - type: sha256 - value: c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e -- filename: setuptools-56.0.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/ae/42/2876a3a136f8bfa9bd703518441c8db78ff1eeaddf174baa85c083c1fd15/setuptools-56.0.0-py3-none-any.whl - validation: - type: sha256 - value: 7430499900e443375ba9449a9cc5d78506b801e929fef4a186496012f93683b5 -- filename: six-1.15.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced -- filename: sniffio-1.2.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/52/b0/7b2e028b63d092804b6794595871f936aafa5e9322dcaaad50ebf67445b3/sniffio-1.2.0-py3-none-any.whl - validation: - type: sha256 - value: 471b71698eac1c2112a40ce2752bb2f4a4814c22a54a3eed3676bc0f5ca9f663 -- filename: terminado-0.9.4-py3-none-any.whl - url: https://files.pythonhosted.org/packages/47/ad/f7bc3e40570212ed9ccc9ac72d17315574d82fc100eb74d660c31817ddd2/terminado-0.9.4-py3-none-any.whl - validation: - type: sha256 - value: daed77f9fad7b32558fa84b226a76f45a02242c20813502f36c4e1ade6d8f1ad -- filename: testpath-0.4.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/1b/9e/1a170feaa54f22aeb5a5d16c9015e82234275a3c8ab630b552493f9cb8a9/testpath-0.4.4-py2.py3-none-any.whl - validation: - type: sha256 - value: bfcf9411ef4bf3db7579063e0546938b1edda3d69f4e1fb8756991f5951f85d4 -- filename: tomlkit-0.7.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/bc/01/a0ee34fe37dd54f795e8f8a820af57c9a94d7358276acf6cdc21ae8d9533/tomlkit-0.7.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 6babbd33b17d5c9691896b0e68159215a9387ebfa938aa3ac42f4a4beeb2b831 -- filename: tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/7a/4a/4fafa6f032f9e202ce5bc1becacef5588a34fd0f0539fdcc705fa2b5ca4a/tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl - validation: - type: sha256 - value: d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f -- filename: traitlets-5.0.5-py3-none-any.whl - url: https://files.pythonhosted.org/packages/f6/7d/3ecb0ebd0ce8dcdfa7bd47ab85c1d4a521e6770ef283d0824f5804994dfe/traitlets-5.0.5-py3-none-any.whl - validation: - type: sha256 - value: 69ff3f9d5351f31a7ad80443c2674b7099df13cc41fc5fa6e2f6d3b0330b0426 -- filename: urllib3-1.26.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/09/c6/d3e3abe5b4f4f16cf0dfc9240ab7ce10c2baa0e268989a4e3ec19e90c84e/urllib3-1.26.4-py2.py3-none-any.whl - validation: - type: sha256 - value: 2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df -- filename: wcwidth-0.2.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/59/7c/e39aca596badaf1b78e8f547c807b04dae603a433d3e7a7e04d67f2ef3e5/wcwidth-0.2.5-py2.py3-none-any.whl - validation: - type: sha256 - value: beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 -- filename: webencodings-0.5.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl - validation: - type: sha256 - value: a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 -- filename: wheel-0.36.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/65/63/39d04c74222770ed1589c0eaba06c05891801219272420b40311cd60c880/wheel-0.36.2-py2.py3-none-any.whl - validation: - type: sha256 - value: 78b5b185f0e5763c26ca1e324373aadd49182ca90e825f7853f4b2509215dc0e - - - + - filename: jupyterlab-3.0.14-py3-none-any.whl + url: https://files.pythonhosted.org/packages/2e/61/62d3ce4b845ad79a48abfa09de79e528f8c97298f55c89b5c25bf8f3acd0/jupyterlab-3.0.14-py3-none-any.whl + validation: + type: sha256 + value: 223ad786032119f495edc894a81925b6cc327a184f150adbc4e5ef94965d4921 + - filename: nbclassic-0.2.7-py3-none-any.whl + url: https://files.pythonhosted.org/packages/b3/32/27e9575f53991c9538ebb6940164a12bc845e1894e03ac7be9b650a3e4c2/nbclassic-0.2.7-py3-none-any.whl + validation: + type: sha256 + value: 8843cafa3827db05b9e7da909a4955b552de13e20707474844cfdd84bf4bf655 + - filename: jupyter_packaging-0.9.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/21/34/ecb37fca8e8ec84b63e1fca0d9ed22a311d8781db95787c04355647b3bfb/jupyter_packaging-0.9.2-py2.py3-none-any.whl + validation: + type: sha256 + value: 7d2cff62d0b0cf5267f5cd9edb4bd04591f68aa919bf026e7787f0424c0e7c55 + - filename: tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/7a/4a/4fafa6f032f9e202ce5bc1becacef5588a34fd0f0539fdcc705fa2b5ca4a/tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl + validation: + type: sha256 + value: d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f + - filename: Jinja2-2.11.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl + validation: + type: sha256 + value: 03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419 + - filename: jupyter_core-4.7.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/53/40/5af36bffa0af3ac71d3a6fc6709de10e4f6ff7c01745b8bc4715372189c9/jupyter_core-4.7.1-py3-none-any.whl + validation: + type: sha256 + value: 8c6c0cac5c1b563622ad49321d5ec47017bd18b94facb381c6973a0486395f8e + - filename: jupyter_server-1.6.4-py3-none-any.whl + url: https://files.pythonhosted.org/packages/ae/af/9181eb8e3759d04f591e4640c53fa276a5b630ad0c85e3b49fbd7c70579d/jupyter_server-1.6.4-py3-none-any.whl + validation: + type: sha256 + value: 942b9a092f79b3663f78c8003a411e6672f0ca8cfc64a59657060a0e5a02a0cb + - filename: ipython-7.22.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/c9/b1/82cbe2b856386f44f37fdae54d9b425813bd86fe33385c9d658d64826098/ipython-7.22.0-py3-none-any.whl + validation: + type: sha256 + value: c0ce02dfaa5f854809ab7413c601c4543846d9da81010258ecdab299b542d199 + - filename: jupyterlab_server-2.4.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/0e/06/3078fdcf2da0a1aa109ccafaab9788c5a35db5be3c042b3eac2cb75d315d/jupyterlab_server-2.4.0-py3-none-any.whl + validation: + type: sha256 + value: 94e606edb7b60e3fc54b8b4de14cded1483959361df9023e50092b6f8ede9cf6 + - filename: packaging-20.9-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl + validation: + type: sha256 + value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a + - filename: MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/80/16/98afa5c19296aaf7b16d1eb3c7e997656e6cfad79606e7d3885905615e96/MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl + validation: + type: sha256 + value: d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032 + - filename: deprecation-2.1.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/02/c3/253a89ee03fc9b9682f1541728eb66db7db22148cd94f89ab22528cd1e1b/deprecation-2.1.0-py2.py3-none-any.whl + validation: + type: sha256 + value: a10811591210e1fb0e768a8c25517cabeabcba6f0bf96564f8ff45189f90b14a + - filename: setuptools-56.0.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/ae/42/2876a3a136f8bfa9bd703518441c8db78ff1eeaddf174baa85c083c1fd15/setuptools-56.0.0-py3-none-any.whl + validation: + type: sha256 + value: 7430499900e443375ba9449a9cc5d78506b801e929fef4a186496012f93683b5 + - filename: tomlkit-0.7.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/bc/01/a0ee34fe37dd54f795e8f8a820af57c9a94d7358276acf6cdc21ae8d9533/tomlkit-0.7.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 6babbd33b17d5c9691896b0e68159215a9387ebfa938aa3ac42f4a4beeb2b831 + - filename: wheel-0.36.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/65/63/39d04c74222770ed1589c0eaba06c05891801219272420b40311cd60c880/wheel-0.36.2-py2.py3-none-any.whl + validation: + type: sha256 + value: 78b5b185f0e5763c26ca1e324373aadd49182ca90e825f7853f4b2509215dc0e + - filename: argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/e0/d7/5da06217807106ed6d7b4f5ccb8ec5e3f9ec969217faad4b5d1af0b55101/argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl + validation: + type: sha256 + value: b160416adc0f012fb1f12588a5e6954889510f82f698e23ed4f4fa57f12a0647 + - filename: anyio-2.2.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/49/c3/b83a3c02c7d6f66932e9a72621d7f207cbfd2bd72b4c8931567ee386fb55/anyio-2.2.0-py3-none-any.whl + validation: + type: sha256 + value: aa3da546ed17f097ca876c78024dea380a3b7fa80759abfdda59f12176a3dac8 + - filename: Send2Trash-1.5.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/49/46/c3dc27481d1cc57b9385aff41c474ceb7714f7935b1247194adae45db714/Send2Trash-1.5.0-py3-none-any.whl + validation: + type: sha256 + value: f1691922577b6fa12821234aeb57599d887c4900b9ca537948d2dac34aea888b + - filename: ipython_genutils-0.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/fa/bc/9bd3b5c2b4774d5f33b2d544f1460be9df7df2fe42f352135381c347c69a/ipython_genutils-0.2.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8 + - filename: traitlets-5.0.5-py3-none-any.whl + url: https://files.pythonhosted.org/packages/f6/7d/3ecb0ebd0ce8dcdfa7bd47ab85c1d4a521e6770ef283d0824f5804994dfe/traitlets-5.0.5-py3-none-any.whl + validation: + type: sha256 + value: 69ff3f9d5351f31a7ad80443c2674b7099df13cc41fc5fa6e2f6d3b0330b0426 + - filename: jupyter_client-6.1.12-py3-none-any.whl + url: https://files.pythonhosted.org/packages/77/e8/c3cf72a32a697256608d5fa96360c431adec6e1c6709ba7f13f99ff5ee04/jupyter_client-6.1.12-py3-none-any.whl + validation: + type: sha256 + value: e053a2c44b6fa597feebe2b3ecb5eea3e03d1d91cc94351a52931ee1426aecfc + - filename: terminado-0.9.4-py3-none-any.whl + url: https://files.pythonhosted.org/packages/47/ad/f7bc3e40570212ed9ccc9ac72d17315574d82fc100eb74d660c31817ddd2/terminado-0.9.4-py3-none-any.whl + validation: + type: sha256 + value: daed77f9fad7b32558fa84b226a76f45a02242c20813502f36c4e1ade6d8f1ad + - filename: prometheus_client-0.10.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/22/f7/f6e1676521ce7e311d38563d2cf6594d09d3717d799ede7dab7b2520093e/prometheus_client-0.10.1-py2.py3-none-any.whl + validation: + type: sha256 + value: 030e4f9df5f53db2292eec37c6255957eb76168c6f974e4176c711cf91ed34aa + - filename: nbformat-5.1.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/e7/c7/dd50978c637a7af8234909277c4e7ec1b71310c13fb3135f3c8f5b6e045f/nbformat-5.1.3-py3-none-any.whl + validation: + type: sha256 + value: eb8447edd7127d043361bc17f2f5a807626bc8e878c7709a1c647abda28a9171 + - filename: pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/98/f0/848d7850eb8a65f3534c1f4d0e0ba8ba8de2d32a02fa9df1d41a08cc667f/pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl + validation: + type: sha256 + value: 9221783dacb419604d5345d0e097bddef4459a9a95322de6c306bf1d9896559f + - filename: nbconvert-6.0.7-py3-none-any.whl + url: https://files.pythonhosted.org/packages/13/2f/acbe7006548f3914456ee47f97a2033b1b2f3daf921b12ac94105d87c163/nbconvert-6.0.7-py3-none-any.whl + validation: + type: sha256 + value: 39e9f977920b203baea0be67eea59f7b37a761caa542abe80f5897ce3cf6311d + - filename: idna-3.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/29/88/c52aae187d3b128a0f13f36a6c987fc0d408d03a678ad9996516925d8495/idna-3.1-py3-none-any.whl + validation: + type: sha256 + value: 5205d03e7bcbb919cc9c19885f9920d622ca52448306f2377daede5cf3faac16 + - filename: sniffio-1.2.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/52/b0/7b2e028b63d092804b6794595871f936aafa5e9322dcaaad50ebf67445b3/sniffio-1.2.0-py3-none-any.whl + validation: + type: sha256 + value: 471b71698eac1c2112a40ce2752bb2f4a4814c22a54a3eed3676bc0f5ca9f663 + - filename: python_dateutil-2.8.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl + validation: + type: sha256 + value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a + - filename: jsonschema-3.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163 + - filename: Babel-2.9.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/dd/a5/81076e10b5ef74493cf08a8e419e61b64324c9c55db4aa7f89c0240c4873/Babel-2.9.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5 + - filename: requests-2.25.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl + validation: + type: sha256 + value: c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e + - filename: json5-0.9.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/2b/81/22bf51a5bc60dde18bb6164fd597f18ee683de8670e141364d9c432dd3cf/json5-0.9.5-py2.py3-none-any.whl + validation: + type: sha256 + value: af1a1b9a2850c7f62c23fde18be4749b3599fd302f494eebf957e2ada6b9e42c + - filename: attrs-20.3.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c3/aa/cb45262569fcc047bf070b5de61813724d6726db83259222cd7b4c79821a/attrs-20.3.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 + - filename: six-1.15.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced + - filename: pyrsistent-0.17.3.tar.gz + url: https://files.pythonhosted.org/packages/4d/70/fd441df751ba8b620e03fd2d2d9ca902103119616f0f6cc42e6405035062/pyrsistent-0.17.3.tar.gz + validation: + type: sha256 + value: 2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e + - filename: notebook-6.3.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/5d/86/8f951abc6ac651a75a059d2b77fe99fa5df80bf4dc4700c126a0bee486b8/notebook-6.3.0-py3-none-any.whl + validation: + type: sha256 + value: cb271af1e8134e3d6fc6d458bdc79c40cbfc84c1eb036a493f216d58f0880e92 + - filename: ipykernel-5.5.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/3a/7d/9f8ac1b1b76f2f1538b5650f0b5636bae082724b1e06939a3a9d38e1380e/ipykernel-5.5.3-py3-none-any.whl + validation: + type: sha256 + value: 21abd584543759e49010975a4621603b3cf871b1039cb3879a14094717692614 + - filename: ptyprocess-0.7.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/22/a6/858897256d0deac81a172289110f31629fc4cee19b6f01283303e18c8db3/ptyprocess-0.7.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35 + - filename: cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/5c/0f/e07df370fac0e99e938edc62c8a15e54b9d75605e11838fa0ef300118e1d/cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl + validation: + type: sha256 + value: 6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e + - filename: pycparser-2.20-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl + validation: + type: sha256 + value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 + - filename: pytz-2021.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/70/94/784178ca5dd892a98f113cdd923372024dc04b8d40abe77ca76b5fb90ca6/pytz-2021.1-py2.py3-none-any.whl + validation: + type: sha256 + value: eb10ce3e7736052ed3623d49975ce333bcd712c7bb19a58b9e2089d4057d0798 + - filename: Pygments-2.8.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/3a/80/a52c0a7c5939737c6dca75a831e89658ecb6f590fb7752ac777d221937b9/Pygments-2.8.1-py3-none-any.whl + validation: + type: sha256 + value: 534ef71d539ae97d4c3a4cf7d6f110f214b0e687e92f9cb9d2a3b0d3101289c8 + - filename: pickleshare-0.7.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/9a/41/220f49aaea88bc6fa6cba8d05ecf24676326156c23b991e80b3f2fc24c77/pickleshare-0.7.5-py2.py3-none-any.whl + validation: + type: sha256 + value: 9649af414d74d4df115d5d718f82acb59c9d418196b7b4290ed47a12ce62df56 + - filename: jedi-0.18.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f9/36/7aa67ae2663025b49e8426ead0bad983fee1b73f472536e9790655da0277/jedi-0.18.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 18456d83f65f400ab0c2d3319e48520420ef43b23a086fdc05dff34132f0fb93 + - filename: prompt_toolkit-3.0.18-py3-none-any.whl + url: https://files.pythonhosted.org/packages/eb/e6/4b4ca4fa94462d4560ba2f4e62e62108ab07be2e16a92e594e43b12d3300/prompt_toolkit-3.0.18-py3-none-any.whl + validation: + type: sha256 + value: bf00f22079f5fadc949f42ae8ff7f05702826a97059ffcc6281036ad40ac6f04 + - filename: pexpect-4.8.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/39/7b/88dbb785881c28a102619d46423cb853b46dbccc70d3ac362d99773a78ce/pexpect-4.8.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937 + - filename: decorator-5.0.7-py3-none-any.whl + url: https://files.pythonhosted.org/packages/bc/b4/c208a551033a7abb67703be73dea3d917dbce528bd87bcd6f7dfceec7097/decorator-5.0.7-py3-none-any.whl + validation: + type: sha256 + value: 945d84890bb20cc4a2f4a31fc4311c0c473af65ea318617f13a7257c9a58bc98 + - filename: backcall-0.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl + validation: + type: sha256 + value: fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255 + - filename: parso-0.8.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a9/c4/d5476373088c120ffed82f34c74b266ccae31a68d665b837354d4d8dc8be/parso-0.8.2-py2.py3-none-any.whl + validation: + type: sha256 + value: a8c4922db71e4fdb90e0d0bc6e50f9b273d3397925e5e60a717e719201778d22 + - filename: wcwidth-0.2.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/59/7c/e39aca596badaf1b78e8f547c807b04dae603a433d3e7a7e04d67f2ef3e5/wcwidth-0.2.5-py2.py3-none-any.whl + validation: + type: sha256 + value: beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 + - filename: testpath-0.4.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/1b/9e/1a170feaa54f22aeb5a5d16c9015e82234275a3c8ab630b552493f9cb8a9/testpath-0.4.4-py2.py3-none-any.whl + validation: + type: sha256 + value: bfcf9411ef4bf3db7579063e0546938b1edda3d69f4e1fb8756991f5951f85d4 + - filename: mistune-0.8.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/09/ec/4b43dae793655b7d8a25f76119624350b4d65eb663459eb9603d7f1f0345/mistune-0.8.4-py2.py3-none-any.whl + validation: + type: sha256 + value: 88a1051873018da288eee8538d476dffe1262495144b33ecb586c4ab266bb8d4 + - filename: defusedxml-0.7.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/07/6c/aa3f2f849e01cb6a001cd8554a88d4c77c5c1a31c95bdf1cf9301e6d9ef4/defusedxml-0.7.1-py2.py3-none-any.whl + validation: + type: sha256 + value: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 + - filename: nbclient-0.5.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/22/a6/f3a01a5c1a0e72d1d064f33d4cd9c3a782010f48f48f47f256d0b438994a/nbclient-0.5.3-py3-none-any.whl + validation: + type: sha256 + value: e79437364a2376892b3f46bedbf9b444e5396cfb1bc366a472c37b48e9551500 + - filename: jupyterlab_pygments-0.1.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a8/6f/c34288766797193b512c6508f5994b830fb06134fdc4ca8214daba0aa443/jupyterlab_pygments-0.1.2-py2.py3-none-any.whl + validation: + type: sha256 + value: abfb880fd1561987efaefcb2d2ac75145d2a5d0139b1876d5be806e32f630008 + - filename: entrypoints-0.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ac/c6/44694103f8c221443ee6b0041f69e2740d89a25641e62fb4f2ee568f2f9c/entrypoints-0.3-py2.py3-none-any.whl + validation: + type: sha256 + value: 589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 + - filename: pandocfilters-1.4.3.tar.gz + url: https://files.pythonhosted.org/packages/28/78/bd59a9adb72fa139b1c9c186e6f65aebee52375a747e4b6a6dcf0880956f/pandocfilters-1.4.3.tar.gz + validation: + type: sha256 + value: bc63fbb50534b4b1f8ebe1860889289e8af94a23bff7445259592df25a3906eb + - filename: bleach-3.3.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f0/46/2bbd92086a4c6f051214cb48df6d9132b5f32c5e881d3f4991b16ec7e499/bleach-3.3.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 6123ddc1052673e52bab52cdc955bcb57a015264a1c57d37bea2f6b817af0125 + - filename: async_generator-1.10-py3-none-any.whl + url: https://files.pythonhosted.org/packages/71/52/39d20e03abd0ac9159c162ec24b93fbcaa111e8400308f2465432495ca2b/async_generator-1.10-py3-none-any.whl + validation: + type: sha256 + value: 01c7bf666359b4967d2cda0000cc2e4af16a0ae098cbffcb8472fb9e8ad6585b + - filename: nest_asyncio-1.5.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/52/e2/9b37da54e6e9094d2f558ae643d1954a0fa8215dfee4fa261f31c5439796/nest_asyncio-1.5.1-py3-none-any.whl + validation: + type: sha256 + value: 76d6e972265063fe92a90b9cc4fb82616e07d586b346ed9d2c89a4187acea39c + - filename: webencodings-0.5.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl + validation: + type: sha256 + value: a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 + - filename: pyparsing-2.4.7-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl + validation: + type: sha256 + value: ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b + - filename: chardet-4.0.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl + validation: + type: sha256 + value: f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 + - filename: urllib3-1.26.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/09/c6/d3e3abe5b4f4f16cf0dfc9240ab7ce10c2baa0e268989a4e3ec19e90c84e/urllib3-1.26.4-py2.py3-none-any.whl + validation: + type: sha256 + value: 2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df + - filename: idna-2.10-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl + validation: + type: sha256 + value: b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 + - filename: certifi-2020.12.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/5e/a0/5f06e1e1d463903cf0c0eebeb751791119ed7a4b3737fdc9a77f1cdfb51f/certifi-2020.12.5-py2.py3-none-any.whl + validation: + type: sha256 + value: 719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830 + - filename: pip-21.0.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/fe/ef/60d7ba03b5c442309ef42e7d69959f73aacccd0d86008362a681c4698e83/pip-21.0.1-py3-none-any.whl + validation: + type: sha256 + value: 37fd50e056e2aed635dec96594606f0286640489b0db0ce7607f7e51890372d5 + - filename: tini + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + + # List of project maintainers maintainers: -- email: "diego.a.medina9.mil@mail.mil" - name: "Diego Medina" - username: "Diego_Medina" - cht_member: true -- email: "daniel.s.komnick.mil@mail.mil" - name: "Dan Komnick" - username: "Komnick" +- email: "remccarthy@sei.cmu.edu" + name: "Rob McCarthy" + username: "remccarthy" + cht_member: false +- email: "daniel.komnick@gmail.com" + name: "Daniel Komnick" + username: "dkomnick" cht_member: false diff --git a/scripts/jupyter_lab_config.py b/scripts/jupyter_lab_config.py new file mode 100644 index 0000000..0bb5c2b --- /dev/null +++ b/scripts/jupyter_lab_config.py @@ -0,0 +1,848 @@ +# Configuration file for lab. + +#------------------------------------------------------------------------------ +# Application(SingletonConfigurable) configuration +#------------------------------------------------------------------------------ +c.ServerApp.ip = '0.0.0.0' +c.ServerApp.port = 8888 +c.ServerApp.token = '' +c.ServerApp.password = '' + +## This is an application. + +## The date format used by logging formatters for %(asctime)s +# Default: '%Y-%m-%d %H:%M:%S' +# c.Application.log_datefmt = '%Y-%m-%d %H:%M:%S' + +## The Logging format template +# Default: '[%(name)s]%(highlevel)s %(message)s' +# c.Application.log_format = '[%(name)s]%(highlevel)s %(message)s' + +## Set the log level by value or name. +# Choices: any of [0, 10, 20, 30, 40, 50, 'DEBUG', 'INFO', 'WARN', 'ERROR', 'CRITICAL'] +# Default: 30 +# c.Application.log_level = 30 + +## Instead of starting the Application, dump configuration to stdout +# Default: False +# c.Application.show_config = False + +## Instead of starting the Application, dump configuration to stdout (as JSON) +# Default: False +# c.Application.show_config_json = False + +#------------------------------------------------------------------------------ +# JupyterApp(Application) configuration +#------------------------------------------------------------------------------ +## Base class for Jupyter applications + +## Answer yes to any prompts. +# Default: False +# c.JupyterApp.answer_yes = False + +## Full path of a config file. +# Default: '' +# c.JupyterApp.config_file = '' + +## Specify a config file to load. +# Default: '' +# c.JupyterApp.config_file_name = '' + +## Generate default config file. +# Default: False +# c.JupyterApp.generate_config = False + +## The date format used by logging formatters for %(asctime)s +# See also: Application.log_datefmt +# c.JupyterApp.log_datefmt = '%Y-%m-%d %H:%M:%S' + +## The Logging format template +# See also: Application.log_format +# c.JupyterApp.log_format = '[%(name)s]%(highlevel)s %(message)s' + +## Set the log level by value or name. +# See also: Application.log_level +# c.JupyterApp.log_level = 30 + +## Instead of starting the Application, dump configuration to stdout +# See also: Application.show_config +# c.JupyterApp.show_config = False + +## Instead of starting the Application, dump configuration to stdout (as JSON) +# See also: Application.show_config_json +# c.JupyterApp.show_config_json = False + +#------------------------------------------------------------------------------ +# ExtensionApp(JupyterApp) configuration +#------------------------------------------------------------------------------ +## Base class for configurable Jupyter Server Extension Applications. +# +# ExtensionApp subclasses can be initialized two ways: +# 1. Extension is listed as a jpserver_extension, and ServerApp calls +# its load_jupyter_server_extension classmethod. This is the +# classic way of loading a server extension. +# 2. Extension is launched directly by calling its `launch_instance` +# class method. This method can be set as a entry_point in +# the extensions setup.py + +## Answer yes to any prompts. +# See also: JupyterApp.answer_yes +# c.ExtensionApp.answer_yes = False + +## Full path of a config file. +# See also: JupyterApp.config_file +# c.ExtensionApp.config_file = '' + +## Specify a config file to load. +# See also: JupyterApp.config_file_name +# c.ExtensionApp.config_file_name = '' + +# Default: '' +# c.ExtensionApp.default_url = '' + +## Generate default config file. +# See also: JupyterApp.generate_config +# c.ExtensionApp.generate_config = False + +## Handlers appended to the server. +# Default: [] +# c.ExtensionApp.handlers = [] + +## The date format used by logging formatters for %(asctime)s +# See also: Application.log_datefmt +# c.ExtensionApp.log_datefmt = '%Y-%m-%d %H:%M:%S' + +## The Logging format template +# See also: Application.log_format +# c.ExtensionApp.log_format = '[%(name)s]%(highlevel)s %(message)s' + +## Set the log level by value or name. +# See also: Application.log_level +# c.ExtensionApp.log_level = 30 + +## Whether to open in a browser after starting. The specific browser used is +# platform dependent and determined by the python standard library `webbrowser` +# module, unless it is overridden using the --browser (ServerApp.browser) +# configuration option. +# Default: False +# c.ExtensionApp.open_browser = False + +## Settings that will passed to the server. +# Default: {} +# c.ExtensionApp.settings = {} + +## Instead of starting the Application, dump configuration to stdout +# See also: Application.show_config +# c.ExtensionApp.show_config = False + +## Instead of starting the Application, dump configuration to stdout (as JSON) +# See also: Application.show_config_json +# c.ExtensionApp.show_config_json = False + +## paths to search for serving static files. +# +# This allows adding javascript/css to be available from the notebook server +# machine, or overriding individual files in the IPython +# Default: [] +# c.ExtensionApp.static_paths = [] + +## Url where the static assets for the extension are served. +# Default: '' +# c.ExtensionApp.static_url_prefix = '' + +## Paths to search for serving jinja templates. +# +# Can be used to override templates from notebook.templates. +# Default: [] +# c.ExtensionApp.template_paths = [] + +#------------------------------------------------------------------------------ +# LabServerApp(ExtensionApp) configuration +#------------------------------------------------------------------------------ +## A Lab Server Application that runs out-of-the-box + +## "A list of comma-separated URIs to get the allowed extensions list +# +# .. versionchanged:: 2.0.0 +# `LabServerApp.whitetlist_uris` renamed to `allowed_extensions_uris` +# Default: '' +# c.LabServerApp.allowed_extensions_uris = '' + +## Answer yes to any prompts. +# See also: JupyterApp.answer_yes +# c.LabServerApp.answer_yes = False + +## Deprecated, use `LabServerApp.blocked_extensions_uris` +# Default: '' +# c.LabServerApp.blacklist_uris = '' + +## A list of comma-separated URIs to get the blocked extensions list +# +# .. versionchanged:: 2.0.0 +# `LabServerApp.blacklist_uris` renamed to `blocked_extensions_uris` +# Default: '' +# c.LabServerApp.blocked_extensions_uris = '' + +## Full path of a config file. +# See also: JupyterApp.config_file +# c.LabServerApp.config_file = '' + +## Specify a config file to load. +# See also: JupyterApp.config_file_name +# c.LabServerApp.config_file_name = '' + +## Generate default config file. +# See also: JupyterApp.generate_config +# c.LabServerApp.generate_config = False + +## Handlers appended to the server. +# See also: ExtensionApp.handlers +# c.LabServerApp.handlers = [] + +## Options to pass to the jinja2 environment for this +# Default: {} +# c.LabServerApp.jinja2_options = {} + +## The interval delay in seconds to refresh the lists +# Default: 3600 +# c.LabServerApp.listings_refresh_seconds = 3600 + +## The optional kwargs to use for the listings HTTP requests as +# described on https://2.python-requests.org/en/v2.7.0/api/#requests.request +# Default: {} +# c.LabServerApp.listings_request_options = {} + +## The date format used by logging formatters for %(asctime)s +# See also: Application.log_datefmt +# c.LabServerApp.log_datefmt = '%Y-%m-%d %H:%M:%S' + +## The Logging format template +# See also: Application.log_format +# c.LabServerApp.log_format = '[%(name)s]%(highlevel)s %(message)s' + +## Set the log level by value or name. +# See also: Application.log_level +# c.LabServerApp.log_level = 30 + +## Whether to open in a browser after starting. +# See also: ExtensionApp.open_browser +# c.LabServerApp.open_browser = False + +## Settings that will passed to the server. +# See also: ExtensionApp.settings +# c.LabServerApp.settings = {} + +## Instead of starting the Application, dump configuration to stdout +# See also: Application.show_config +# c.LabServerApp.show_config = False + +## Instead of starting the Application, dump configuration to stdout (as JSON) +# See also: Application.show_config_json +# c.LabServerApp.show_config_json = False + +## paths to search for serving static files. +# See also: ExtensionApp.static_paths +# c.LabServerApp.static_paths = [] + +## Url where the static assets for the extension are served. +# See also: ExtensionApp.static_url_prefix +# c.LabServerApp.static_url_prefix = '' + +## Paths to search for serving jinja templates. +# See also: ExtensionApp.template_paths +# c.LabServerApp.template_paths = [] + +## Deprecated, use `LabServerApp.allowed_extensions_uris` +# Default: '' +# c.LabServerApp.whitelist_uris = '' + +#------------------------------------------------------------------------------ +# LabApp(LabServerApp) configuration +#------------------------------------------------------------------------------ +## +# See also: LabServerApp.allowed_extensions_uris +# c.LabApp.allowed_extensions_uris = '' + +## Answer yes to any prompts. +# See also: JupyterApp.answer_yes +# c.LabApp.answer_yes = False + +## The app directory to launch JupyterLab from. +# Default: None +# c.LabApp.app_dir = None + +## Deprecated, use `LabServerApp.blocked_extensions_uris` +# See also: LabServerApp.blacklist_uris +# c.LabApp.blacklist_uris = '' + +## +# See also: LabServerApp.blocked_extensions_uris +# c.LabApp.blocked_extensions_uris = '' + +## Full path of a config file. +# See also: JupyterApp.config_file +# c.LabApp.config_file = '' + +## Specify a config file to load. +# See also: JupyterApp.config_file_name +# c.LabApp.config_file_name = '' + +## Whether to start the app in core mode. In this mode, JupyterLab will run using +# the JavaScript assets that are within the installed JupyterLab Python package. +# In core mode, third party extensions are disabled. The `--dev-mode` flag is an +# alias to this to be used when the Python package itself is installed in +# development mode (`pip install -e .`). +# Default: False +# c.LabApp.core_mode = False + +## The default URL to redirect to from `/` +# Default: '/lab' +# c.LabApp.default_url = '/lab' + +## Whether to start the app in dev mode. Uses the unpublished local JavaScript +# packages in the `dev_mode` folder. In this case JupyterLab will show a red +# stripe at the top of the page. It can only be used if JupyterLab is installed +# as `pip install -e .`. +# Default: False +# c.LabApp.dev_mode = False + +## Whether to expose the global app instance to browser via window.jupyterlab +# Default: False +# c.LabApp.expose_app_in_browser = False + +## Whether to load prebuilt extensions in dev mode. This may be useful to run and +# test prebuilt extensions in development installs of JupyterLab. APIs in a +# JupyterLab development install may be incompatible with published packages, so +# prebuilt extensions compiled against published packages may not work +# correctly. +# Default: False +# c.LabApp.extensions_in_dev_mode = False + +## Generate default config file. +# See also: JupyterApp.generate_config +# c.LabApp.generate_config = False + +## Handlers appended to the server. +# See also: ExtensionApp.handlers +# c.LabApp.handlers = [] + +## Options to pass to the jinja2 environment for this +# Default: {} +# c.LabApp.jinja2_options = {} + +## The interval delay in seconds to refresh the lists +# See also: LabServerApp.listings_refresh_seconds +# c.LabApp.listings_refresh_seconds = 3600 + +## The optional kwargs to use for the listings HTTP requests as +# described on https://2.python-requests.org/en/v2.7.0/api/#requests.request +# See also: LabServerApp.listings_request_options +# c.LabApp.listings_request_options = {} + +## The date format used by logging formatters for %(asctime)s +# See also: Application.log_datefmt +# c.LabApp.log_datefmt = '%Y-%m-%d %H:%M:%S' + +## The Logging format template +# See also: Application.log_format +# c.LabApp.log_format = '[%(name)s]%(highlevel)s %(message)s' + +## Set the log level by value or name. +# See also: Application.log_level +# c.LabApp.log_level = 30 + +## Whether to open in a browser after starting. +# See also: ExtensionApp.open_browser +# c.LabApp.open_browser = False + +## The override url for static lab assets, typically a CDN. +# Default: '' +# c.LabApp.override_static_url = '' + +## The override url for static lab theme assets, typically a CDN. +# Default: '' +# c.LabApp.override_theme_url = '' + +## Settings that will passed to the server. +# See also: ExtensionApp.settings +# c.LabApp.settings = {} + +## Instead of starting the Application, dump configuration to stdout +# See also: Application.show_config +# c.LabApp.show_config = False + +## Instead of starting the Application, dump configuration to stdout (as JSON) +# See also: Application.show_config_json +# c.LabApp.show_config_json = False + +## paths to search for serving static files. +# See also: ExtensionApp.static_paths +# c.LabApp.static_paths = [] + +## Url where the static assets for the extension are served. +# See also: ExtensionApp.static_url_prefix +# c.LabApp.static_url_prefix = '' + +## Paths to search for serving jinja templates. +# See also: ExtensionApp.template_paths +# c.LabApp.template_paths = [] + +## The directory for user settings. +# Default: '/home/jovyan/.jupyter/lab/user-settings' +# c.LabApp.user_settings_dir = '/home/jovyan/.jupyter/lab/user-settings' + +## Whether to serve the app in watch mode +# Default: False +# c.LabApp.watch = False + +## Deprecated, use `LabServerApp.allowed_extensions_uris` +# See also: LabServerApp.whitelist_uris +# c.LabApp.whitelist_uris = '' + +## The directory for workspaces +# Default: '/home/jovyan/.jupyter/lab/workspaces' +# c.LabApp.workspaces_dir = '/home/jovyan/.jupyter/lab/workspaces' + +#------------------------------------------------------------------------------ +# ServerApp(JupyterApp) configuration +#------------------------------------------------------------------------------ +## Set the Access-Control-Allow-Credentials: true header +# Default: False +# c.ServerApp.allow_credentials = False + +## Set the Access-Control-Allow-Origin header +# +# Use '*' to allow any origin to access your server. +# +# Takes precedence over allow_origin_pat. +# Default: '' +# c.ServerApp.allow_origin = '' + +## Use a regular expression for the Access-Control-Allow-Origin header +# +# Requests from an origin matching the expression will get replies with: +# +# Access-Control-Allow-Origin: origin +# +# where `origin` is the origin of the request. +# +# Ignored if allow_origin is set. +# Default: '' +# c.ServerApp.allow_origin_pat = '' + +## Allow password to be changed at login for the Jupyter server. +# +# While loggin in with a token, the Jupyter server UI will give the opportunity +# to the user to enter a new password at the same time that will replace the +# token login mechanism. +# +# This can be set to false to prevent changing password from the UI/API. +# Default: True +# c.ServerApp.allow_password_change = True + +## Allow requests where the Host header doesn't point to a local server +# +# By default, requests get a 403 forbidden response if the 'Host' header shows +# that the browser thinks it's on a non-local domain. Setting this option to +# True disables this check. +# +# This protects against 'DNS rebinding' attacks, where a remote web server +# serves you a page and then changes its DNS to send later requests to a local +# IP, bypassing same-origin checks. +# +# Local IP addresses (such as 127.0.0.1 and ::1) are allowed as local, along +# with hostnames configured in local_hostnames. +# Default: False +# c.ServerApp.allow_remote_access = False + +## Whether to allow the user to run the server as root. +# Default: False +# c.ServerApp.allow_root = False + +## Answer yes to any prompts. +# See also: JupyterApp.answer_yes +# c.ServerApp.answer_yes = False + +## " Require authentication to access prometheus metrics. +# Default: True +# c.ServerApp.authenticate_prometheus = True + +## Reload the webapp when changes are made to any Python src files. +# Default: False +# c.ServerApp.autoreload = False + +## The base URL for the Jupyter server. +# +# Leading and trailing slashes can be omitted, and will automatically be added. +# Default: '/' +# c.ServerApp.base_url = '/' + +## Specify what command to use to invoke a web browser when starting the server. +# If not specified, the default browser will be determined by the `webbrowser` +# standard library module, which allows setting of the BROWSER environment +# variable to override it. +# Default: '' +# c.ServerApp.browser = '' + +## The full path to an SSL/TLS certificate file. +# Default: '' +# c.ServerApp.certfile = '' + +## The full path to a certificate authority certificate for SSL/TLS client +# authentication. +# Default: '' +# c.ServerApp.client_ca = '' + +## Full path of a config file. +# See also: JupyterApp.config_file +# c.ServerApp.config_file = '' + +## Specify a config file to load. +# See also: JupyterApp.config_file_name +# c.ServerApp.config_file_name = '' + +## The config manager class to use +# Default: 'jupyter_server.services.config.manager.ConfigManager' +# c.ServerApp.config_manager_class = 'jupyter_server.services.config.manager.ConfigManager' + +## The content manager class to use. +# Default: 'jupyter_server.services.contents.largefilemanager.LargeFileManager' +# c.ServerApp.contents_manager_class = 'jupyter_server.services.contents.largefilemanager.LargeFileManager' + +## Extra keyword arguments to pass to `set_secure_cookie`. See tornado's +# set_secure_cookie docs for details. +# Default: {} +# c.ServerApp.cookie_options = {} + +## The random bytes used to secure cookies. By default this is a new random +# number every time you start the server. Set it to a value in a config file to +# enable logins to persist across server sessions. +# +# Note: Cookie secrets should be kept private, do not share config files with +# cookie_secret stored in plaintext (you can read the value from a file). +# Default: b'' +# c.ServerApp.cookie_secret = b'' + +## The file where the cookie secret is stored. +# Default: '' +# c.ServerApp.cookie_secret_file = '' + +## Override URL shown to users. +# +# Replace actual URL, including protocol, address, port and base URL, with the +# given value when displaying URL to the users. Do not change the actual +# connection URL. If authentication token is enabled, the token is added to the +# custom URL automatically. +# +# This option is intended to be used when the URL to display to the user cannot +# be determined reliably by the Jupyter server (proxified or containerized +# setups for example). +# Default: '' +# c.ServerApp.custom_display_url = '' + +## The default URL to redirect to from `/` +# Default: '/' +# c.ServerApp.default_url = '/' + +## Disable cross-site-request-forgery protection +# +# Jupyter notebook 4.3.1 introduces protection from cross-site request +# forgeries, requiring API requests to either: +# +# - originate from pages served by this server (validated with XSRF cookie and +# token), or - authenticate with a token +# +# Some anonymous compute resources still desire the ability to run code, +# completely without authentication. These services can disable all +# authentication and security checks, with the full knowledge of what that +# implies. +# Default: False +# c.ServerApp.disable_check_xsrf = False + +## handlers that should be loaded at higher priority than the default services +# Default: [] +# c.ServerApp.extra_services = [] + +## Extra paths to search for serving static files. +# +# This allows adding javascript/css to be available from the Jupyter server +# machine, or overriding individual files in the IPython +# Default: [] +# c.ServerApp.extra_static_paths = [] + +## Extra paths to search for serving jinja templates. +# +# Can be used to override templates from jupyter_server.templates. +# Default: [] +# c.ServerApp.extra_template_paths = [] + +## Open the named file when the application is launched. +# Default: '' +# c.ServerApp.file_to_run = '' + +## The URL prefix where files are opened directly. +# Default: 'notebooks' +# c.ServerApp.file_url_prefix = 'notebooks' + +## Generate default config file. +# See also: JupyterApp.generate_config +# c.ServerApp.generate_config = False + +## Extra keyword arguments to pass to `get_secure_cookie`. See tornado's +# get_secure_cookie docs for details. +# Default: {} +# c.ServerApp.get_secure_cookie_kwargs = {} + +## (bytes/sec) Maximum rate at which stream output can be sent on iopub before +# they are limited. +# Default: 1000000 +# c.ServerApp.iopub_data_rate_limit = 1000000 + +## (msgs/sec) Maximum rate at which messages can be sent on iopub before they are +# limited. +# Default: 1000 +# c.ServerApp.iopub_msg_rate_limit = 1000 + +## The IP address the Jupyter server will listen on. +# Default: 'localhost' +# c.ServerApp.ip = 'localhost' + +## Supply extra arguments that will be passed to Jinja environment. +# Default: {} +# c.ServerApp.jinja_environment_options = {} + +## Extra variables to supply to jinja templates when rendering. +# Default: {} +# c.ServerApp.jinja_template_vars = {} + +## Dict of Python modules to load as notebook server extensions.Entry values can +# be used to enable and disable the loading ofthe extensions. The extensions +# will be loaded in alphabetical order. +# Default: {} +# c.ServerApp.jpserver_extensions = {} + +## The kernel manager class to use. +# Default: 'jupyter_server.services.kernels.kernelmanager.AsyncMappingKernelManager' +# c.ServerApp.kernel_manager_class = 'jupyter_server.services.kernels.kernelmanager.AsyncMappingKernelManager' + +## The kernel spec manager class to use. Should be a subclass of +# `jupyter_client.kernelspec.KernelSpecManager`. +# +# The Api of KernelSpecManager is provisional and might change without warning +# between this version of Jupyter and the next stable one. +# Default: 'jupyter_client.kernelspec.KernelSpecManager' +# c.ServerApp.kernel_spec_manager_class = 'jupyter_client.kernelspec.KernelSpecManager' + +## The full path to a private key file for usage with SSL/TLS. +# Default: '' +# c.ServerApp.keyfile = '' + +## Hostnames to allow as local when allow_remote_access is False. +# +# Local IP addresses (such as 127.0.0.1 and ::1) are automatically accepted as +# local as well. +# Default: ['localhost'] +# c.ServerApp.local_hostnames = ['localhost'] + +## The date format used by logging formatters for %(asctime)s +# See also: Application.log_datefmt +# c.ServerApp.log_datefmt = '%Y-%m-%d %H:%M:%S' + +## The Logging format template +# See also: Application.log_format +# c.ServerApp.log_format = '[%(name)s]%(highlevel)s %(message)s' + +## Set the log level by value or name. +# See also: Application.log_level +# c.ServerApp.log_level = 30 + +## The login handler class to use. +# Default: 'jupyter_server.auth.login.LoginHandler' +# c.ServerApp.login_handler_class = 'jupyter_server.auth.login.LoginHandler' + +## The logout handler class to use. +# Default: 'jupyter_server.auth.logout.LogoutHandler' +# c.ServerApp.logout_handler_class = 'jupyter_server.auth.logout.LogoutHandler' + +## Sets the maximum allowed size of the client request body, specified in the +# Content-Length request header field. If the size in a request exceeds the +# configured value, a malformed HTTP message is returned to the client. +# +# Note: max_body_size is applied even in streaming mode. +# Default: 536870912 +# c.ServerApp.max_body_size = 536870912 + +## Gets or sets the maximum amount of memory, in bytes, that is allocated for use +# by the buffer manager. +# Default: 536870912 +# c.ServerApp.max_buffer_size = 536870912 + +## Gets or sets a lower bound on the open file handles process resource limit. +# This may need to be increased if you run into an OSError: [Errno 24] Too many +# open files. This is not applicable when running on Windows. +# Default: 0 +# c.ServerApp.min_open_files_limit = 0 + +## DEPRECATED, use root_dir. +# Default: '' +# c.ServerApp.notebook_dir = '' + +## Whether to open in a browser after starting. The specific browser used is +# platform dependent and determined by the python standard library `webbrowser` +# module, unless it is overridden using the --browser (ServerApp.browser) +# configuration option. +# Default: False +# c.ServerApp.open_browser = False + +## Hashed password to use for web authentication. +# +# To generate, type in a python/IPython shell: +# +# from jupyter_server.auth import passwd; passwd() +# +# The string should be of the form type:salt:hashed-password. +# Default: '' +# c.ServerApp.password = '' + +## Forces users to use a password for the Jupyter server. This is useful in a +# multi user environment, for instance when everybody in the LAN can access each +# other's machine through ssh. +# +# In such a case, serving on localhost is not secure since any user can connect +# to the Jupyter server via ssh. +# Default: False +# c.ServerApp.password_required = False + +## The port the server will listen on (env: JUPYTER_PORT). +# Default: 8888 +# c.ServerApp.port = 8888 + +## The number of additional ports to try if the specified port is not available +# (env: JUPYTER_PORT_RETRIES). +# Default: 50 +# c.ServerApp.port_retries = 50 + +## DISABLED: use %pylab or %matplotlib in the notebook to enable matplotlib. +# Default: 'disabled' +# c.ServerApp.pylab = 'disabled' + +## If True, display controls to shut down the Jupyter server, such as menu items +# or buttons. +# Default: True +# c.ServerApp.quit_button = True + +## (sec) Time window used to check the message and data rate limits. +# Default: 3 +# c.ServerApp.rate_limit_window = 3 + +## Reraise exceptions encountered loading server extensions? +# Default: False +# c.ServerApp.reraise_server_extension_failures = False + +## The directory to use for notebooks and kernels. +# Default: '' +# c.ServerApp.root_dir = '' + +## The session manager class to use. +# Default: 'jupyter_server.services.sessions.sessionmanager.SessionManager' +# c.ServerApp.session_manager_class = 'jupyter_server.services.sessions.sessionmanager.SessionManager' + +## Instead of starting the Application, dump configuration to stdout +# See also: Application.show_config +# c.ServerApp.show_config = False + +## Instead of starting the Application, dump configuration to stdout (as JSON) +# See also: Application.show_config_json +# c.ServerApp.show_config_json = False + +## Shut down the server after N seconds with no kernels or terminals running and +# no activity. This can be used together with culling idle kernels +# (MappingKernelManager.cull_idle_timeout) to shutdown the Jupyter server when +# it's not in use. This is not precisely timed: it may shut down up to a minute +# later. 0 (the default) disables this automatic shutdown. +# Default: 0 +# c.ServerApp.shutdown_no_activity_timeout = 0 + +## Supply SSL options for the tornado HTTPServer. See the tornado docs for +# details. +# Default: {} +# c.ServerApp.ssl_options = {} + +## Supply overrides for terminado. Currently only supports "shell_command". +# Default: {} +# c.ServerApp.terminado_settings = {} + +## Set to False to disable terminals. +# +# This does *not* make the server more secure by itself. Anything the user can +# in a terminal, they can also do in a notebook. +# +# Terminals may also be automatically disabled if the terminado package is not +# available. +# Default: True +# c.ServerApp.terminals_enabled = True + +## Token used for authenticating first-time connections to the server. +# +# The token can be read from the file referenced by JUPYTER_TOKEN_FILE or set +# directly with the JUPYTER_TOKEN environment variable. +# +# When no password is enabled, the default is to generate a new, random token. +# +# Setting to an empty string disables authentication altogether, which is NOT +# RECOMMENDED. +# Default: '' +# c.ServerApp.token = '' + +## Supply overrides for the tornado.web.Application that the Jupyter server uses. +# Default: {} +# c.ServerApp.tornado_settings = {} + +## Whether to trust or not X-Scheme/X-Forwarded-Proto and X-Real-Ip/X-Forwarded- +# For headerssent by the upstream reverse proxy. Necessary if the proxy handles +# SSL +# Default: False +# c.ServerApp.trust_xheaders = False + +## Disable launching browser by redirect file For versions of notebook > 5.7.2, a +# security feature measure was added that prevented the authentication token +# used to launch the browser from being visible. This feature makes it difficult +# for other users on a multi-user system from running code in your Jupyter +# session as you. However, some environments (like Windows Subsystem for Linux +# (WSL) and Chromebooks), launching a browser using a redirect file can lead the +# browser failing to load. This is because of the difference in file +# structures/paths between the runtime and the browser. +# +# Disabling this setting to False will disable this behavior, allowing the +# browser to launch by using a URL and visible token (as before). +# Default: True +# c.ServerApp.use_redirect_file = True + +## Specify where to open the server on startup. This is the `new` argument passed +# to the standard library method `webbrowser.open`. The behaviour is not +# guaranteed, but depends on browser support. Valid values are: +# +# - 2 opens a new tab, +# - 1 opens a new window, +# - 0 opens in an existing window. +# +# See the `webbrowser.open` documentation for details. +# Default: 2 +# c.ServerApp.webbrowser_open_new = 2 + +## Set the tornado compression options for websocket connections. +# +# This value will be returned from +# :meth:`WebSocketHandler.get_compression_options`. None (default) will disable +# compression. A dict (even an empty one) will enable compression. +# +# See the tornado docs for WebSocketHandler.get_compression_options for details. +# Default: None +# c.ServerApp.websocket_compression_options = None + +## The base URL for websockets, if it differs from the HTTP server (hint: it +# almost certainly doesn't). +# +# Should be in the form of an HTTP origin: ws[s]://hostname[:port] +# Default: '' +# c.ServerApp.websocket_url = '' \ No newline at end of file diff --git a/scripts/jupyter_notebook_config.py b/scripts/jupyter_notebook_config.py deleted file mode 100644 index 19b5e8b..0000000 --- a/scripts/jupyter_notebook_config.py +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -from jupyter_core.paths import jupyter_data_dir -import subprocess -import os -import errno -import stat - -c = get_config() # noqa: F821 -c.NotebookApp.ip = '0.0.0.0' -c.NotebookApp.port = 8888 -c.NotebookApp.open_browser = False - -# https://github.com/jupyter/notebook/issues/3130 -c.FileContentsManager.delete_to_trash = False - -# Generate a self-signed certificate -if 'GEN_CERT' in os.environ: - dir_name = jupyter_data_dir() - pem_file = os.path.join(dir_name, 'notebook.pem') - try: - os.makedirs(dir_name) - except OSError as exc: # Python >2.5 - if exc.errno == errno.EEXIST and os.path.isdir(dir_name): - pass - else: - raise - - # Generate an openssl.cnf file to set the distinguished name - cnf_file = os.path.join(os.getenv('CONDA_DIR', '/usr/lib'), 'ssl', 'openssl.cnf') - if not os.path.isfile(cnf_file): - with open(cnf_file, 'w') as fh: - fh.write('''\ -[req] -distinguished_name = req_distinguished_name -[req_distinguished_name] -''') - - # Generate a certificate if one doesn't exist on disk - subprocess.check_call(['openssl', 'req', '-new', - '-newkey', 'rsa:2048', - '-days', '365', - '-nodes', '-x509', - '-subj', '/C=XX/ST=XX/L=XX/O=generated/CN=generated', - '-keyout', pem_file, - '-out', pem_file]) - # Restrict access to the file - os.chmod(pem_file, stat.S_IRUSR | stat.S_IWUSR) - c.NotebookApp.certfile = pem_file - -# Change default umask for all subprocesses of the notebook server if set in -# the environment -if 'NB_UMASK' in os.environ: - os.umask(int(os.environ['NB_UMASK'], 8)) diff --git a/scripts/start-notebook.sh b/scripts/start-notebook.sh index ffadb75..f893af1 100755 --- a/scripts/start-notebook.sh +++ b/scripts/start-notebook.sh @@ -13,7 +13,7 @@ if [[ ! -z "${JUPYTERHUB_API_TOKEN}" ]]; then # launched by JupyterHub, use single-user entrypoint exec /usr/local/bin/start-singleuser.sh "$@" elif [[ ! -z "${JUPYTER_ENABLE_LAB}" ]]; then - . /usr/local/bin/start.sh $wrapper jupyter lab --NotebookApp.token='' --NotebookApp.password='' "$@" + . /usr/local/bin/start.sh $wrapper jupyter lab "$@" else - . /usr/local/bin/start.sh $wrapper jupyter notebook --NotebookApp.token='' --NotebookApp.password='' "$@" + . /usr/local/bin/start.sh $wrapper jupyter notebook "$@" fi -- GitLab From 943a208a57ccba0e15dd69c3da4e1c04d9a56dda Mon Sep 17 00:00:00 2001 From: Komnick Date: Wed, 28 Apr 2021 09:41:00 -0400 Subject: [PATCH 25/36] added virtual env --- Dockerfile | 136 ++---- scripts/fix-permissions | 28 -- scripts/jupyter_lab_config.py | 848 ---------------------------------- scripts/start-notebook.sh | 19 - scripts/start-singleuser.sh | 39 -- scripts/start.sh | 147 ------ tini | Bin 24064 -> 0 bytes 7 files changed, 32 insertions(+), 1185 deletions(-) delete mode 100644 scripts/fix-permissions delete mode 100644 scripts/jupyter_lab_config.py delete mode 100755 scripts/start-notebook.sh delete mode 100644 scripts/start-singleuser.sh delete mode 100644 scripts/start.sh delete mode 100644 tini diff --git a/Dockerfile b/Dockerfile index d86a77e..703b372 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,117 +1,45 @@ #ARG BASE_REGISTRY=registry1.dso.mil -#ARG BASE_IMAGE=ironbank/opensource/python/python38 +#ARG BASE_IMAGE=ironbank/carnegie-mellon/python-ai/python38-ai #ARG BASE_TAG=3.8 -#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS multi-stage -FROM python38-ai:latest +FROM python38-ai:latest AS multi-stage -ARG NB_USER="jovyan" -# NB_UID == 1001 b/c the default user in the ironbank python36 image is uid 1001 -ARG NB_UID="1000" -ARG NB_GID="0" +FROM python:3.7-slim AS build-image +COPY --from=multi-stage /tmp/python /tmp/python -# Fix DL4006 -SHELL ["/bin/bash", "-o", "pipefail", "-c"] +# Make sure the packages are accessable +ENV PATH=/tmp/python:$PATH -USER root +FROM jupyterlab:latest -# nodejs typically installed here to check the status of jlab -# we've removed it due to cve's -# we have also removed bzip2 install as its provided by the python36 base image -# we have also removed the lang pack installations due to cve's -RUN yum update -y -q \ - && yum install -y -q \ - git \ - procps \ - wget \ - ca-certificates \ - && yum clean all +# The jovyan account is needed for Jupyter Lab +USER jovyan -# Configure environment -ENV SHELL=/bin/bash \ - NB_USER=$NB_USER \ - NB_UID=$NB_UID \ - NB_GID=$NB_GID \ - LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 -ENV HOME=/home/$NB_USER - -# Copy a script that we will use to correct permissions after running certain commands -# fix-permissions: https://repo1.dsop.io/dsop/redhat/python/python36/-/blob/development/scripts/usr/bin/fix-permissions -COPY scripts/fix-permissions /usr/local/bin/fix-permissions -RUN chmod a+rx /usr/local/bin/fix-permissions - -# Enable prompt color in the skeleton .bashrc before creating the default NB_USER -# hadolint ignore=SC2016 -RUN sed -i 's/^#force_color_prompt=yes/force_color_prompt=yes/' /etc/skel/.bashrc - -# Create NB_USER with name jovyan user with UID=1000 and in the 'users' group -# and make sure these dirs are writable by the `users` group. -RUN useradd -m -s /bin/bash -N -u $NB_UID -g $NB_GID $NB_USER \ - && fix-permissions $HOME -P \ - && fix-permissions /opt/app-root -P - -# Install Tini -COPY tini /usr/bin/tini -RUN chmod +x /usr/bin/tini - -USER $NB_UID - -ARG PYTHON_VERSION=default - -# add python3.6 -m pip directory to the path -ENV PATH=/home/jovyan/.local/bin:$PATH -# suppress pip version warning -ENV PIP_DISABLE_PIP_VERSION_CHECK=1 - -# Setup work directory for backward-compatibility -RUN mkdir /home/$NB_USER/work - -WORKDIR /tmp - -# dev -# COPY repo . - -# ib pipeline -COPY *.whl . -COPY *.tar.gz . - -RUN python3.8 -m pip install --no-index --find-links . \ - pip \ - jupyterlab +WORKDIR $HOME EXPOSE 8888 -# critical env variable to enable jupyter lab GUI (default is the old interface) -ENV JUPYTER_ENABLE_LAB=1 -# Configure container startup -ENTRYPOINT ["tini", "-g", "--"] -CMD ["start-notebook.sh"] - -# Copy local files as late as possible to avoid cache busting -COPY scripts/start.sh scripts/start-notebook.sh scripts/start-singleuser.sh /usr/local/bin/ -COPY scripts/jupyter_lab_config.py /etc/jupyter/ - -# Fix permissions on /etc/jupyter and /usr/libexec/openssh/ssh-keysign -USER root -RUN fix-permissions /etc/jupyter && \ - fix-permissions /usr/libexec/openssh/ssh-keysign -RUN yum remove perl -y - -# cleanup installed packages -RUN rm -rf \ - /tmp/repo \ - /tmp/openssl-1.1.1j - -# remove IB flagged 'secrets' -RUN rm -rf \ - /usr/share/doc/perl-IO-Socket-SSL \ - /usr/share/doc/perl-Net-SSLeay \ - /home/jovyan/.local/lib/python3.8/site-packages/tornado/test/test.key - -# Switch back to jovyan to avoid accidental container runs as root -USER $NB_UID - HEALTHCHECK CMD pgrep "jupyter" > /dev/null || exit 1 -WORKDIR $HOME +################# +# Test Commands # +################# +# import sqlite3 +# import plotly +# import pandas +# import matplot +# import seaborn +# import numba +# import numpy +# import scipy +# import sklearn +# import tqdm +# import urllib3 +# import requests +# from bs4 import BeautifulSoup +# from wordcloud import WordCloud +# import statsmodels +# import prophet +# import django +# import flask diff --git a/scripts/fix-permissions b/scripts/fix-permissions deleted file mode 100644 index 827eeb5..0000000 --- a/scripts/fix-permissions +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -# Allow this script to fail without failing a build -set +e - -SYMLINK_OPT=${2:--L} - -# Fix permissions on the given directory or file to allow group read/write of -# regular files and execute of directories. - -[ $(id -u) -ne 0 ] && CHECK_OWNER=" -uid $(id -u)" - -# If argument does not exist, script will still exit with 0, -# but at least we'll see something went wrong in the log -if ! [ -e "$1" ] ; then - echo "ERROR: File or directory $1 does not exist." >&2 - # We still want to end successfully - exit 0 -fi - -find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -gid 0 -exec chgrp 0 {} + -find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -perm -g+rw -exec chmod g+rw {} + -find $SYMLINK_OPT "$1" ${CHECK_OWNER} -perm /u+x -a \! -perm /g+x -exec chmod g+x {} + -find $SYMLINK_OPT "$1" ${CHECK_OWNER} -type d \! -perm /g+x -exec chmod g+x {} + - -# Always end successfully -exit 0 - diff --git a/scripts/jupyter_lab_config.py b/scripts/jupyter_lab_config.py deleted file mode 100644 index 0bb5c2b..0000000 --- a/scripts/jupyter_lab_config.py +++ /dev/null @@ -1,848 +0,0 @@ -# Configuration file for lab. - -#------------------------------------------------------------------------------ -# Application(SingletonConfigurable) configuration -#------------------------------------------------------------------------------ -c.ServerApp.ip = '0.0.0.0' -c.ServerApp.port = 8888 -c.ServerApp.token = '' -c.ServerApp.password = '' - -## This is an application. - -## The date format used by logging formatters for %(asctime)s -# Default: '%Y-%m-%d %H:%M:%S' -# c.Application.log_datefmt = '%Y-%m-%d %H:%M:%S' - -## The Logging format template -# Default: '[%(name)s]%(highlevel)s %(message)s' -# c.Application.log_format = '[%(name)s]%(highlevel)s %(message)s' - -## Set the log level by value or name. -# Choices: any of [0, 10, 20, 30, 40, 50, 'DEBUG', 'INFO', 'WARN', 'ERROR', 'CRITICAL'] -# Default: 30 -# c.Application.log_level = 30 - -## Instead of starting the Application, dump configuration to stdout -# Default: False -# c.Application.show_config = False - -## Instead of starting the Application, dump configuration to stdout (as JSON) -# Default: False -# c.Application.show_config_json = False - -#------------------------------------------------------------------------------ -# JupyterApp(Application) configuration -#------------------------------------------------------------------------------ -## Base class for Jupyter applications - -## Answer yes to any prompts. -# Default: False -# c.JupyterApp.answer_yes = False - -## Full path of a config file. -# Default: '' -# c.JupyterApp.config_file = '' - -## Specify a config file to load. -# Default: '' -# c.JupyterApp.config_file_name = '' - -## Generate default config file. -# Default: False -# c.JupyterApp.generate_config = False - -## The date format used by logging formatters for %(asctime)s -# See also: Application.log_datefmt -# c.JupyterApp.log_datefmt = '%Y-%m-%d %H:%M:%S' - -## The Logging format template -# See also: Application.log_format -# c.JupyterApp.log_format = '[%(name)s]%(highlevel)s %(message)s' - -## Set the log level by value or name. -# See also: Application.log_level -# c.JupyterApp.log_level = 30 - -## Instead of starting the Application, dump configuration to stdout -# See also: Application.show_config -# c.JupyterApp.show_config = False - -## Instead of starting the Application, dump configuration to stdout (as JSON) -# See also: Application.show_config_json -# c.JupyterApp.show_config_json = False - -#------------------------------------------------------------------------------ -# ExtensionApp(JupyterApp) configuration -#------------------------------------------------------------------------------ -## Base class for configurable Jupyter Server Extension Applications. -# -# ExtensionApp subclasses can be initialized two ways: -# 1. Extension is listed as a jpserver_extension, and ServerApp calls -# its load_jupyter_server_extension classmethod. This is the -# classic way of loading a server extension. -# 2. Extension is launched directly by calling its `launch_instance` -# class method. This method can be set as a entry_point in -# the extensions setup.py - -## Answer yes to any prompts. -# See also: JupyterApp.answer_yes -# c.ExtensionApp.answer_yes = False - -## Full path of a config file. -# See also: JupyterApp.config_file -# c.ExtensionApp.config_file = '' - -## Specify a config file to load. -# See also: JupyterApp.config_file_name -# c.ExtensionApp.config_file_name = '' - -# Default: '' -# c.ExtensionApp.default_url = '' - -## Generate default config file. -# See also: JupyterApp.generate_config -# c.ExtensionApp.generate_config = False - -## Handlers appended to the server. -# Default: [] -# c.ExtensionApp.handlers = [] - -## The date format used by logging formatters for %(asctime)s -# See also: Application.log_datefmt -# c.ExtensionApp.log_datefmt = '%Y-%m-%d %H:%M:%S' - -## The Logging format template -# See also: Application.log_format -# c.ExtensionApp.log_format = '[%(name)s]%(highlevel)s %(message)s' - -## Set the log level by value or name. -# See also: Application.log_level -# c.ExtensionApp.log_level = 30 - -## Whether to open in a browser after starting. The specific browser used is -# platform dependent and determined by the python standard library `webbrowser` -# module, unless it is overridden using the --browser (ServerApp.browser) -# configuration option. -# Default: False -# c.ExtensionApp.open_browser = False - -## Settings that will passed to the server. -# Default: {} -# c.ExtensionApp.settings = {} - -## Instead of starting the Application, dump configuration to stdout -# See also: Application.show_config -# c.ExtensionApp.show_config = False - -## Instead of starting the Application, dump configuration to stdout (as JSON) -# See also: Application.show_config_json -# c.ExtensionApp.show_config_json = False - -## paths to search for serving static files. -# -# This allows adding javascript/css to be available from the notebook server -# machine, or overriding individual files in the IPython -# Default: [] -# c.ExtensionApp.static_paths = [] - -## Url where the static assets for the extension are served. -# Default: '' -# c.ExtensionApp.static_url_prefix = '' - -## Paths to search for serving jinja templates. -# -# Can be used to override templates from notebook.templates. -# Default: [] -# c.ExtensionApp.template_paths = [] - -#------------------------------------------------------------------------------ -# LabServerApp(ExtensionApp) configuration -#------------------------------------------------------------------------------ -## A Lab Server Application that runs out-of-the-box - -## "A list of comma-separated URIs to get the allowed extensions list -# -# .. versionchanged:: 2.0.0 -# `LabServerApp.whitetlist_uris` renamed to `allowed_extensions_uris` -# Default: '' -# c.LabServerApp.allowed_extensions_uris = '' - -## Answer yes to any prompts. -# See also: JupyterApp.answer_yes -# c.LabServerApp.answer_yes = False - -## Deprecated, use `LabServerApp.blocked_extensions_uris` -# Default: '' -# c.LabServerApp.blacklist_uris = '' - -## A list of comma-separated URIs to get the blocked extensions list -# -# .. versionchanged:: 2.0.0 -# `LabServerApp.blacklist_uris` renamed to `blocked_extensions_uris` -# Default: '' -# c.LabServerApp.blocked_extensions_uris = '' - -## Full path of a config file. -# See also: JupyterApp.config_file -# c.LabServerApp.config_file = '' - -## Specify a config file to load. -# See also: JupyterApp.config_file_name -# c.LabServerApp.config_file_name = '' - -## Generate default config file. -# See also: JupyterApp.generate_config -# c.LabServerApp.generate_config = False - -## Handlers appended to the server. -# See also: ExtensionApp.handlers -# c.LabServerApp.handlers = [] - -## Options to pass to the jinja2 environment for this -# Default: {} -# c.LabServerApp.jinja2_options = {} - -## The interval delay in seconds to refresh the lists -# Default: 3600 -# c.LabServerApp.listings_refresh_seconds = 3600 - -## The optional kwargs to use for the listings HTTP requests as -# described on https://2.python-requests.org/en/v2.7.0/api/#requests.request -# Default: {} -# c.LabServerApp.listings_request_options = {} - -## The date format used by logging formatters for %(asctime)s -# See also: Application.log_datefmt -# c.LabServerApp.log_datefmt = '%Y-%m-%d %H:%M:%S' - -## The Logging format template -# See also: Application.log_format -# c.LabServerApp.log_format = '[%(name)s]%(highlevel)s %(message)s' - -## Set the log level by value or name. -# See also: Application.log_level -# c.LabServerApp.log_level = 30 - -## Whether to open in a browser after starting. -# See also: ExtensionApp.open_browser -# c.LabServerApp.open_browser = False - -## Settings that will passed to the server. -# See also: ExtensionApp.settings -# c.LabServerApp.settings = {} - -## Instead of starting the Application, dump configuration to stdout -# See also: Application.show_config -# c.LabServerApp.show_config = False - -## Instead of starting the Application, dump configuration to stdout (as JSON) -# See also: Application.show_config_json -# c.LabServerApp.show_config_json = False - -## paths to search for serving static files. -# See also: ExtensionApp.static_paths -# c.LabServerApp.static_paths = [] - -## Url where the static assets for the extension are served. -# See also: ExtensionApp.static_url_prefix -# c.LabServerApp.static_url_prefix = '' - -## Paths to search for serving jinja templates. -# See also: ExtensionApp.template_paths -# c.LabServerApp.template_paths = [] - -## Deprecated, use `LabServerApp.allowed_extensions_uris` -# Default: '' -# c.LabServerApp.whitelist_uris = '' - -#------------------------------------------------------------------------------ -# LabApp(LabServerApp) configuration -#------------------------------------------------------------------------------ -## -# See also: LabServerApp.allowed_extensions_uris -# c.LabApp.allowed_extensions_uris = '' - -## Answer yes to any prompts. -# See also: JupyterApp.answer_yes -# c.LabApp.answer_yes = False - -## The app directory to launch JupyterLab from. -# Default: None -# c.LabApp.app_dir = None - -## Deprecated, use `LabServerApp.blocked_extensions_uris` -# See also: LabServerApp.blacklist_uris -# c.LabApp.blacklist_uris = '' - -## -# See also: LabServerApp.blocked_extensions_uris -# c.LabApp.blocked_extensions_uris = '' - -## Full path of a config file. -# See also: JupyterApp.config_file -# c.LabApp.config_file = '' - -## Specify a config file to load. -# See also: JupyterApp.config_file_name -# c.LabApp.config_file_name = '' - -## Whether to start the app in core mode. In this mode, JupyterLab will run using -# the JavaScript assets that are within the installed JupyterLab Python package. -# In core mode, third party extensions are disabled. The `--dev-mode` flag is an -# alias to this to be used when the Python package itself is installed in -# development mode (`pip install -e .`). -# Default: False -# c.LabApp.core_mode = False - -## The default URL to redirect to from `/` -# Default: '/lab' -# c.LabApp.default_url = '/lab' - -## Whether to start the app in dev mode. Uses the unpublished local JavaScript -# packages in the `dev_mode` folder. In this case JupyterLab will show a red -# stripe at the top of the page. It can only be used if JupyterLab is installed -# as `pip install -e .`. -# Default: False -# c.LabApp.dev_mode = False - -## Whether to expose the global app instance to browser via window.jupyterlab -# Default: False -# c.LabApp.expose_app_in_browser = False - -## Whether to load prebuilt extensions in dev mode. This may be useful to run and -# test prebuilt extensions in development installs of JupyterLab. APIs in a -# JupyterLab development install may be incompatible with published packages, so -# prebuilt extensions compiled against published packages may not work -# correctly. -# Default: False -# c.LabApp.extensions_in_dev_mode = False - -## Generate default config file. -# See also: JupyterApp.generate_config -# c.LabApp.generate_config = False - -## Handlers appended to the server. -# See also: ExtensionApp.handlers -# c.LabApp.handlers = [] - -## Options to pass to the jinja2 environment for this -# Default: {} -# c.LabApp.jinja2_options = {} - -## The interval delay in seconds to refresh the lists -# See also: LabServerApp.listings_refresh_seconds -# c.LabApp.listings_refresh_seconds = 3600 - -## The optional kwargs to use for the listings HTTP requests as -# described on https://2.python-requests.org/en/v2.7.0/api/#requests.request -# See also: LabServerApp.listings_request_options -# c.LabApp.listings_request_options = {} - -## The date format used by logging formatters for %(asctime)s -# See also: Application.log_datefmt -# c.LabApp.log_datefmt = '%Y-%m-%d %H:%M:%S' - -## The Logging format template -# See also: Application.log_format -# c.LabApp.log_format = '[%(name)s]%(highlevel)s %(message)s' - -## Set the log level by value or name. -# See also: Application.log_level -# c.LabApp.log_level = 30 - -## Whether to open in a browser after starting. -# See also: ExtensionApp.open_browser -# c.LabApp.open_browser = False - -## The override url for static lab assets, typically a CDN. -# Default: '' -# c.LabApp.override_static_url = '' - -## The override url for static lab theme assets, typically a CDN. -# Default: '' -# c.LabApp.override_theme_url = '' - -## Settings that will passed to the server. -# See also: ExtensionApp.settings -# c.LabApp.settings = {} - -## Instead of starting the Application, dump configuration to stdout -# See also: Application.show_config -# c.LabApp.show_config = False - -## Instead of starting the Application, dump configuration to stdout (as JSON) -# See also: Application.show_config_json -# c.LabApp.show_config_json = False - -## paths to search for serving static files. -# See also: ExtensionApp.static_paths -# c.LabApp.static_paths = [] - -## Url where the static assets for the extension are served. -# See also: ExtensionApp.static_url_prefix -# c.LabApp.static_url_prefix = '' - -## Paths to search for serving jinja templates. -# See also: ExtensionApp.template_paths -# c.LabApp.template_paths = [] - -## The directory for user settings. -# Default: '/home/jovyan/.jupyter/lab/user-settings' -# c.LabApp.user_settings_dir = '/home/jovyan/.jupyter/lab/user-settings' - -## Whether to serve the app in watch mode -# Default: False -# c.LabApp.watch = False - -## Deprecated, use `LabServerApp.allowed_extensions_uris` -# See also: LabServerApp.whitelist_uris -# c.LabApp.whitelist_uris = '' - -## The directory for workspaces -# Default: '/home/jovyan/.jupyter/lab/workspaces' -# c.LabApp.workspaces_dir = '/home/jovyan/.jupyter/lab/workspaces' - -#------------------------------------------------------------------------------ -# ServerApp(JupyterApp) configuration -#------------------------------------------------------------------------------ -## Set the Access-Control-Allow-Credentials: true header -# Default: False -# c.ServerApp.allow_credentials = False - -## Set the Access-Control-Allow-Origin header -# -# Use '*' to allow any origin to access your server. -# -# Takes precedence over allow_origin_pat. -# Default: '' -# c.ServerApp.allow_origin = '' - -## Use a regular expression for the Access-Control-Allow-Origin header -# -# Requests from an origin matching the expression will get replies with: -# -# Access-Control-Allow-Origin: origin -# -# where `origin` is the origin of the request. -# -# Ignored if allow_origin is set. -# Default: '' -# c.ServerApp.allow_origin_pat = '' - -## Allow password to be changed at login for the Jupyter server. -# -# While loggin in with a token, the Jupyter server UI will give the opportunity -# to the user to enter a new password at the same time that will replace the -# token login mechanism. -# -# This can be set to false to prevent changing password from the UI/API. -# Default: True -# c.ServerApp.allow_password_change = True - -## Allow requests where the Host header doesn't point to a local server -# -# By default, requests get a 403 forbidden response if the 'Host' header shows -# that the browser thinks it's on a non-local domain. Setting this option to -# True disables this check. -# -# This protects against 'DNS rebinding' attacks, where a remote web server -# serves you a page and then changes its DNS to send later requests to a local -# IP, bypassing same-origin checks. -# -# Local IP addresses (such as 127.0.0.1 and ::1) are allowed as local, along -# with hostnames configured in local_hostnames. -# Default: False -# c.ServerApp.allow_remote_access = False - -## Whether to allow the user to run the server as root. -# Default: False -# c.ServerApp.allow_root = False - -## Answer yes to any prompts. -# See also: JupyterApp.answer_yes -# c.ServerApp.answer_yes = False - -## " Require authentication to access prometheus metrics. -# Default: True -# c.ServerApp.authenticate_prometheus = True - -## Reload the webapp when changes are made to any Python src files. -# Default: False -# c.ServerApp.autoreload = False - -## The base URL for the Jupyter server. -# -# Leading and trailing slashes can be omitted, and will automatically be added. -# Default: '/' -# c.ServerApp.base_url = '/' - -## Specify what command to use to invoke a web browser when starting the server. -# If not specified, the default browser will be determined by the `webbrowser` -# standard library module, which allows setting of the BROWSER environment -# variable to override it. -# Default: '' -# c.ServerApp.browser = '' - -## The full path to an SSL/TLS certificate file. -# Default: '' -# c.ServerApp.certfile = '' - -## The full path to a certificate authority certificate for SSL/TLS client -# authentication. -# Default: '' -# c.ServerApp.client_ca = '' - -## Full path of a config file. -# See also: JupyterApp.config_file -# c.ServerApp.config_file = '' - -## Specify a config file to load. -# See also: JupyterApp.config_file_name -# c.ServerApp.config_file_name = '' - -## The config manager class to use -# Default: 'jupyter_server.services.config.manager.ConfigManager' -# c.ServerApp.config_manager_class = 'jupyter_server.services.config.manager.ConfigManager' - -## The content manager class to use. -# Default: 'jupyter_server.services.contents.largefilemanager.LargeFileManager' -# c.ServerApp.contents_manager_class = 'jupyter_server.services.contents.largefilemanager.LargeFileManager' - -## Extra keyword arguments to pass to `set_secure_cookie`. See tornado's -# set_secure_cookie docs for details. -# Default: {} -# c.ServerApp.cookie_options = {} - -## The random bytes used to secure cookies. By default this is a new random -# number every time you start the server. Set it to a value in a config file to -# enable logins to persist across server sessions. -# -# Note: Cookie secrets should be kept private, do not share config files with -# cookie_secret stored in plaintext (you can read the value from a file). -# Default: b'' -# c.ServerApp.cookie_secret = b'' - -## The file where the cookie secret is stored. -# Default: '' -# c.ServerApp.cookie_secret_file = '' - -## Override URL shown to users. -# -# Replace actual URL, including protocol, address, port and base URL, with the -# given value when displaying URL to the users. Do not change the actual -# connection URL. If authentication token is enabled, the token is added to the -# custom URL automatically. -# -# This option is intended to be used when the URL to display to the user cannot -# be determined reliably by the Jupyter server (proxified or containerized -# setups for example). -# Default: '' -# c.ServerApp.custom_display_url = '' - -## The default URL to redirect to from `/` -# Default: '/' -# c.ServerApp.default_url = '/' - -## Disable cross-site-request-forgery protection -# -# Jupyter notebook 4.3.1 introduces protection from cross-site request -# forgeries, requiring API requests to either: -# -# - originate from pages served by this server (validated with XSRF cookie and -# token), or - authenticate with a token -# -# Some anonymous compute resources still desire the ability to run code, -# completely without authentication. These services can disable all -# authentication and security checks, with the full knowledge of what that -# implies. -# Default: False -# c.ServerApp.disable_check_xsrf = False - -## handlers that should be loaded at higher priority than the default services -# Default: [] -# c.ServerApp.extra_services = [] - -## Extra paths to search for serving static files. -# -# This allows adding javascript/css to be available from the Jupyter server -# machine, or overriding individual files in the IPython -# Default: [] -# c.ServerApp.extra_static_paths = [] - -## Extra paths to search for serving jinja templates. -# -# Can be used to override templates from jupyter_server.templates. -# Default: [] -# c.ServerApp.extra_template_paths = [] - -## Open the named file when the application is launched. -# Default: '' -# c.ServerApp.file_to_run = '' - -## The URL prefix where files are opened directly. -# Default: 'notebooks' -# c.ServerApp.file_url_prefix = 'notebooks' - -## Generate default config file. -# See also: JupyterApp.generate_config -# c.ServerApp.generate_config = False - -## Extra keyword arguments to pass to `get_secure_cookie`. See tornado's -# get_secure_cookie docs for details. -# Default: {} -# c.ServerApp.get_secure_cookie_kwargs = {} - -## (bytes/sec) Maximum rate at which stream output can be sent on iopub before -# they are limited. -# Default: 1000000 -# c.ServerApp.iopub_data_rate_limit = 1000000 - -## (msgs/sec) Maximum rate at which messages can be sent on iopub before they are -# limited. -# Default: 1000 -# c.ServerApp.iopub_msg_rate_limit = 1000 - -## The IP address the Jupyter server will listen on. -# Default: 'localhost' -# c.ServerApp.ip = 'localhost' - -## Supply extra arguments that will be passed to Jinja environment. -# Default: {} -# c.ServerApp.jinja_environment_options = {} - -## Extra variables to supply to jinja templates when rendering. -# Default: {} -# c.ServerApp.jinja_template_vars = {} - -## Dict of Python modules to load as notebook server extensions.Entry values can -# be used to enable and disable the loading ofthe extensions. The extensions -# will be loaded in alphabetical order. -# Default: {} -# c.ServerApp.jpserver_extensions = {} - -## The kernel manager class to use. -# Default: 'jupyter_server.services.kernels.kernelmanager.AsyncMappingKernelManager' -# c.ServerApp.kernel_manager_class = 'jupyter_server.services.kernels.kernelmanager.AsyncMappingKernelManager' - -## The kernel spec manager class to use. Should be a subclass of -# `jupyter_client.kernelspec.KernelSpecManager`. -# -# The Api of KernelSpecManager is provisional and might change without warning -# between this version of Jupyter and the next stable one. -# Default: 'jupyter_client.kernelspec.KernelSpecManager' -# c.ServerApp.kernel_spec_manager_class = 'jupyter_client.kernelspec.KernelSpecManager' - -## The full path to a private key file for usage with SSL/TLS. -# Default: '' -# c.ServerApp.keyfile = '' - -## Hostnames to allow as local when allow_remote_access is False. -# -# Local IP addresses (such as 127.0.0.1 and ::1) are automatically accepted as -# local as well. -# Default: ['localhost'] -# c.ServerApp.local_hostnames = ['localhost'] - -## The date format used by logging formatters for %(asctime)s -# See also: Application.log_datefmt -# c.ServerApp.log_datefmt = '%Y-%m-%d %H:%M:%S' - -## The Logging format template -# See also: Application.log_format -# c.ServerApp.log_format = '[%(name)s]%(highlevel)s %(message)s' - -## Set the log level by value or name. -# See also: Application.log_level -# c.ServerApp.log_level = 30 - -## The login handler class to use. -# Default: 'jupyter_server.auth.login.LoginHandler' -# c.ServerApp.login_handler_class = 'jupyter_server.auth.login.LoginHandler' - -## The logout handler class to use. -# Default: 'jupyter_server.auth.logout.LogoutHandler' -# c.ServerApp.logout_handler_class = 'jupyter_server.auth.logout.LogoutHandler' - -## Sets the maximum allowed size of the client request body, specified in the -# Content-Length request header field. If the size in a request exceeds the -# configured value, a malformed HTTP message is returned to the client. -# -# Note: max_body_size is applied even in streaming mode. -# Default: 536870912 -# c.ServerApp.max_body_size = 536870912 - -## Gets or sets the maximum amount of memory, in bytes, that is allocated for use -# by the buffer manager. -# Default: 536870912 -# c.ServerApp.max_buffer_size = 536870912 - -## Gets or sets a lower bound on the open file handles process resource limit. -# This may need to be increased if you run into an OSError: [Errno 24] Too many -# open files. This is not applicable when running on Windows. -# Default: 0 -# c.ServerApp.min_open_files_limit = 0 - -## DEPRECATED, use root_dir. -# Default: '' -# c.ServerApp.notebook_dir = '' - -## Whether to open in a browser after starting. The specific browser used is -# platform dependent and determined by the python standard library `webbrowser` -# module, unless it is overridden using the --browser (ServerApp.browser) -# configuration option. -# Default: False -# c.ServerApp.open_browser = False - -## Hashed password to use for web authentication. -# -# To generate, type in a python/IPython shell: -# -# from jupyter_server.auth import passwd; passwd() -# -# The string should be of the form type:salt:hashed-password. -# Default: '' -# c.ServerApp.password = '' - -## Forces users to use a password for the Jupyter server. This is useful in a -# multi user environment, for instance when everybody in the LAN can access each -# other's machine through ssh. -# -# In such a case, serving on localhost is not secure since any user can connect -# to the Jupyter server via ssh. -# Default: False -# c.ServerApp.password_required = False - -## The port the server will listen on (env: JUPYTER_PORT). -# Default: 8888 -# c.ServerApp.port = 8888 - -## The number of additional ports to try if the specified port is not available -# (env: JUPYTER_PORT_RETRIES). -# Default: 50 -# c.ServerApp.port_retries = 50 - -## DISABLED: use %pylab or %matplotlib in the notebook to enable matplotlib. -# Default: 'disabled' -# c.ServerApp.pylab = 'disabled' - -## If True, display controls to shut down the Jupyter server, such as menu items -# or buttons. -# Default: True -# c.ServerApp.quit_button = True - -## (sec) Time window used to check the message and data rate limits. -# Default: 3 -# c.ServerApp.rate_limit_window = 3 - -## Reraise exceptions encountered loading server extensions? -# Default: False -# c.ServerApp.reraise_server_extension_failures = False - -## The directory to use for notebooks and kernels. -# Default: '' -# c.ServerApp.root_dir = '' - -## The session manager class to use. -# Default: 'jupyter_server.services.sessions.sessionmanager.SessionManager' -# c.ServerApp.session_manager_class = 'jupyter_server.services.sessions.sessionmanager.SessionManager' - -## Instead of starting the Application, dump configuration to stdout -# See also: Application.show_config -# c.ServerApp.show_config = False - -## Instead of starting the Application, dump configuration to stdout (as JSON) -# See also: Application.show_config_json -# c.ServerApp.show_config_json = False - -## Shut down the server after N seconds with no kernels or terminals running and -# no activity. This can be used together with culling idle kernels -# (MappingKernelManager.cull_idle_timeout) to shutdown the Jupyter server when -# it's not in use. This is not precisely timed: it may shut down up to a minute -# later. 0 (the default) disables this automatic shutdown. -# Default: 0 -# c.ServerApp.shutdown_no_activity_timeout = 0 - -## Supply SSL options for the tornado HTTPServer. See the tornado docs for -# details. -# Default: {} -# c.ServerApp.ssl_options = {} - -## Supply overrides for terminado. Currently only supports "shell_command". -# Default: {} -# c.ServerApp.terminado_settings = {} - -## Set to False to disable terminals. -# -# This does *not* make the server more secure by itself. Anything the user can -# in a terminal, they can also do in a notebook. -# -# Terminals may also be automatically disabled if the terminado package is not -# available. -# Default: True -# c.ServerApp.terminals_enabled = True - -## Token used for authenticating first-time connections to the server. -# -# The token can be read from the file referenced by JUPYTER_TOKEN_FILE or set -# directly with the JUPYTER_TOKEN environment variable. -# -# When no password is enabled, the default is to generate a new, random token. -# -# Setting to an empty string disables authentication altogether, which is NOT -# RECOMMENDED. -# Default: '' -# c.ServerApp.token = '' - -## Supply overrides for the tornado.web.Application that the Jupyter server uses. -# Default: {} -# c.ServerApp.tornado_settings = {} - -## Whether to trust or not X-Scheme/X-Forwarded-Proto and X-Real-Ip/X-Forwarded- -# For headerssent by the upstream reverse proxy. Necessary if the proxy handles -# SSL -# Default: False -# c.ServerApp.trust_xheaders = False - -## Disable launching browser by redirect file For versions of notebook > 5.7.2, a -# security feature measure was added that prevented the authentication token -# used to launch the browser from being visible. This feature makes it difficult -# for other users on a multi-user system from running code in your Jupyter -# session as you. However, some environments (like Windows Subsystem for Linux -# (WSL) and Chromebooks), launching a browser using a redirect file can lead the -# browser failing to load. This is because of the difference in file -# structures/paths between the runtime and the browser. -# -# Disabling this setting to False will disable this behavior, allowing the -# browser to launch by using a URL and visible token (as before). -# Default: True -# c.ServerApp.use_redirect_file = True - -## Specify where to open the server on startup. This is the `new` argument passed -# to the standard library method `webbrowser.open`. The behaviour is not -# guaranteed, but depends on browser support. Valid values are: -# -# - 2 opens a new tab, -# - 1 opens a new window, -# - 0 opens in an existing window. -# -# See the `webbrowser.open` documentation for details. -# Default: 2 -# c.ServerApp.webbrowser_open_new = 2 - -## Set the tornado compression options for websocket connections. -# -# This value will be returned from -# :meth:`WebSocketHandler.get_compression_options`. None (default) will disable -# compression. A dict (even an empty one) will enable compression. -# -# See the tornado docs for WebSocketHandler.get_compression_options for details. -# Default: None -# c.ServerApp.websocket_compression_options = None - -## The base URL for websockets, if it differs from the HTTP server (hint: it -# almost certainly doesn't). -# -# Should be in the form of an HTTP origin: ws[s]://hostname[:port] -# Default: '' -# c.ServerApp.websocket_url = '' \ No newline at end of file diff --git a/scripts/start-notebook.sh b/scripts/start-notebook.sh deleted file mode 100755 index f893af1..0000000 --- a/scripts/start-notebook.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -wrapper="" -if [[ "${RESTARTABLE}" == "yes" ]]; then - wrapper="run-one-constantly" -fi - -if [[ ! -z "${JUPYTERHUB_API_TOKEN}" ]]; then - # launched by JupyterHub, use single-user entrypoint - exec /usr/local/bin/start-singleuser.sh "$@" -elif [[ ! -z "${JUPYTER_ENABLE_LAB}" ]]; then - . /usr/local/bin/start.sh $wrapper jupyter lab "$@" -else - . /usr/local/bin/start.sh $wrapper jupyter notebook "$@" -fi diff --git a/scripts/start-singleuser.sh b/scripts/start-singleuser.sh deleted file mode 100644 index 0c8f7ad..0000000 --- a/scripts/start-singleuser.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -# set default ip to 0.0.0.0 -if [[ "$NOTEBOOK_ARGS $@" != *"--ip="* ]]; then - NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS" -fi - -# handle some deprecated environment variables -# from DockerSpawner < 0.8. -# These won't be passed from DockerSpawner 0.9, -# so avoid specifying --arg=empty-string -if [ ! -z "$NOTEBOOK_DIR" ]; then - NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_PORT" ]; then - NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_USER" ]; then - NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_COOKIE_NAME" ]; then - NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_BASE_URL" ]; then - NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_HUB_PREFIX" ]; then - NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS" -fi -if [ ! -z "$JPY_HUB_API_URL" ]; then - NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS" -fi -NOTEBOOK_BIN="jupyterhub-singleuser" - -. /usr/local/bin/start.sh $NOTEBOOK_BIN $NOTEBOOK_ARGS "$@" diff --git a/scripts/start.sh b/scripts/start.sh deleted file mode 100644 index 0dd02ee..0000000 --- a/scripts/start.sh +++ /dev/null @@ -1,147 +0,0 @@ -#!/bin/bash -# Copyright (c) Jupyter Development Team. -# Distributed under the terms of the Modified BSD License. - -set -e - -# Exec the specified command or fall back on bash -if [ $# -eq 0 ]; then - cmd=( "bash" ) -else - cmd=( "$@" ) -fi - -run-hooks () { - # Source scripts or run executable files in a directory - if [[ ! -d "$1" ]] ; then - return - fi - echo "$0: running hooks in $1" - for f in "$1/"*; do - case "$f" in - *.sh) - echo "$0: running $f" - source "$f" - ;; - *) - if [[ -x "$f" ]] ; then - echo "$0: running $f" - "$f" - else - echo "$0: ignoring $f" - fi - ;; - esac - done - echo "$0: done running hooks in $1" -} - -run-hooks /usr/local/bin/start-notebook.d - -# Handle special flags if we're root -if [ $(id -u) == 0 ] ; then - - # Only attempt to change the jovyan username if it exists - if id jovyan &> /dev/null ; then - echo "Set username to: $NB_USER" - usermod -d /home/$NB_USER -l $NB_USER jovyan - fi - - # Handle case where provisioned storage does not have the correct permissions by default - # Ex: default NFS/EFS (no auto-uid/gid) - if [[ "$CHOWN_HOME" == "1" || "$CHOWN_HOME" == 'yes' ]]; then - echo "Changing ownership of /home/$NB_USER to $NB_UID:$NB_GID with options '${CHOWN_HOME_OPTS}'" - chown $CHOWN_HOME_OPTS $NB_UID:$NB_GID /home/$NB_USER - fi - if [ ! -z "$CHOWN_EXTRA" ]; then - for extra_dir in $(echo $CHOWN_EXTRA | tr ',' ' '); do - echo "Changing ownership of ${extra_dir} to $NB_UID:$NB_GID with options '${CHOWN_EXTRA_OPTS}'" - chown $CHOWN_EXTRA_OPTS $NB_UID:$NB_GID $extra_dir - done - fi - - # handle home and working directory if the username changed - if [[ "$NB_USER" != "jovyan" ]]; then - # changing username, make sure homedir exists - # (it could be mounted, and we shouldn't create it if it already exists) - if [[ ! -e "/home/$NB_USER" ]]; then - echo "Relocating home dir to /home/$NB_USER" - mv /home/jovyan "/home/$NB_USER" || ln -s /home/jovyan "/home/$NB_USER" - fi - # if workdir is in /home/jovyan, cd to /home/$NB_USER - if [[ "$PWD/" == "/home/jovyan/"* ]]; then - newcwd="/home/$NB_USER/${PWD:13}" - echo "Setting CWD to $newcwd" - cd "$newcwd" - fi - fi - - # Change UID:GID of NB_USER to NB_UID:NB_GID if it does not match - if [ "$NB_UID" != $(id -u $NB_USER) ] || [ "$NB_GID" != $(id -g $NB_USER) ]; then - echo "Set user $NB_USER UID:GID to: $NB_UID:$NB_GID" - if [ "$NB_GID" != $(id -g $NB_USER) ]; then - groupadd -f -g $NB_GID -o ${NB_GROUP:-${NB_USER}} - fi - userdel $NB_USER - useradd --home /home/$NB_USER -u $NB_UID -g $NB_GID -G 100 -l $NB_USER - fi - - # Enable sudo if requested - if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then - echo "Granting $NB_USER sudo access and appending $CONDA_DIR/bin to sudo PATH" - echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook - fi - - # Add $CONDA_DIR/bin to sudo secure_path - sed -r "s#Defaults\s+secure_path\s*=\s*\"?([^\"]+)\"?#Defaults secure_path=\"\1:$CONDA_DIR/bin\"#" /etc/sudoers | grep secure_path > /etc/sudoers.d/path - - # Exec the command as NB_USER with the PATH and the rest of - # the environment preserved - run-hooks /usr/local/bin/before-notebook.d - echo "Executing the command: ${cmd[@]}" - exec sudo -E -H -u $NB_USER PATH=$PATH XDG_CACHE_HOME=/home/$NB_USER/.cache PYTHONPATH=${PYTHONPATH:-} "${cmd[@]}" -else - if [[ "$NB_UID" == "$(id -u jovyan 2>/dev/null)" && "$NB_GID" == "$(id -g jovyan 2>/dev/null)" ]]; then - # User is not attempting to override user/group via environment - # variables, but they could still have overridden the uid/gid that - # container runs as. Check that the user has an entry in the passwd - # file and if not add an entry. - STATUS=0 && whoami &> /dev/null || STATUS=$? && true - if [[ "$STATUS" != "0" ]]; then - if [[ -w /etc/passwd ]]; then - echo "Adding passwd file entry for $(id -u)" - cat /etc/passwd | sed -e "s/^jovyan:/nayvoj:/" > /tmp/passwd - echo "jovyan:x:$(id -u):$(id -g):,,,:/home/jovyan:/bin/bash" >> /tmp/passwd - cat /tmp/passwd > /etc/passwd - rm /tmp/passwd - else - echo 'Container must be run with group "root" to update passwd file' - fi - fi - - # Warn if the user isn't going to be able to write files to $HOME. - if [[ ! -w /home/jovyan ]]; then - echo 'Container must be run with group "users" to update files' - fi - else - # Warn if looks like user want to override uid/gid but hasn't - # run the container as root. - if [[ ! -z "$NB_UID" && "$NB_UID" != "$(id -u)" ]]; then - echo 'Container must be run as root to set $NB_UID' - fi - if [[ ! -z "$NB_GID" && "$NB_GID" != "$(id -g)" ]]; then - echo 'Container must be run as root to set $NB_GID' - fi - fi - - # Warn if looks like user want to run in sudo mode but hasn't run - # the container as root. - if [[ "$GRANT_SUDO" == "1" || "$GRANT_SUDO" == 'yes' ]]; then - echo 'Container must be run as root to grant sudo permissions' - fi - - # Execute the command - run-hooks /usr/local/bin/before-notebook.d - echo "Executing the command: ${cmd[@]}" - exec "${cmd[@]}" -fi diff --git a/tini b/tini deleted file mode 100644 index 86cb766c6b8af2564ac9201df913fe079acae3d1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24064 zcmeHvdw3hwweQ%m^KcT`2?-cT%O=MG2W(*{c5ng)$+nykIJU9n@JNF#Te2;%B_oaO zgmR0i5*k&wbz3Nu)58fZrLS`jv=kZyB@O|SL)&u$Txdd|gh%O!@JI;_DHL>nYd_?P z5`U-nJKz1|eqRRUJ?p*p+H0@bGqW={yP6tvb8<9wPL0hCv2PPjs2d7Xg&QyC;s#fhx$u|vc9)2~s0#TFe;3ukGB+#%R4&@=WWN-3t z$WzfaTq;1-Y8vARk|SS>nmLHJi=U|W%QGZiIVk1GJ(4Sxa-~vEwR=c04%I4g>Kpw$ zvVWdj2OxqS)MyR-?_^87bhQ4-@X`6!RUAa?;3ulRPoOo`D!D5lM}GdJN0DS~llG>H z%OTl6)k;viU?9-FqUwSHU->{F7~N35p=L$-iYj{~WM9VnP5Oy1P5JDpX|oH4&4ml5w0{7UgV55IE!D)FPE8owI+D5SOcU4mcsL22{-Z3|O-KfCS9 za|<{B(>pJGVAEfy9=rbLyKh?d)W`E59s7&zmyccb;))-Z$M)TD)uP=u#CQMOnN=YxvPIqwlWr@F# z>nYT3KVRTE5r1ZZf1Y-_=D4DZqb{d{gk!$6J3imR;b*0ug@ER1XJ|j^=;C*IXGVZ*&y{CI!oYb9@25A#CI)r5U3>~PscfEi=aOt^$V<~T`u{@rJi+?@Coqq zAhA{UOZjuQ)Wg9|4a$?n%rrQHV?IXK@7kf-C<_)(lEWE|)kK}WgdAD8`= z?AnO5+j_Qx^A$+D3A8l6RnmVIpLvp>Nj-iprD@Mg{c3$g*BUw=#E<-WFw39+1V1}L ze7-LEw`TF1Qh%%L@0Fw+$9m;Yv4g|E03Sba9qysa?g}kpgd>5zpm#tE4HG$VP>(hg?lFK1^!W#ejE%(G z+3635gP~4Py+$AuBw?5UzIP}b2pYYeJ^fH__(D-b>m7<3J(|%2!J)qJkj7hBf{Z^n zOs;vueZ&l%WX0#_{`fcedxnR!-jQ&?@DtwK!%dBN1Kd$yjKHAZM=&|uGYHj27)nB6 zI6_hAj6k)~Ip_@pwQg_3AM_6Tc|XaG-mu@V_tB1h%RD~{K$mP&hAJ=Dh~T2M#$nAdEa?sXs|or zhnF;-h-QyJ7{M?Mc}Id;=Vim4Z88+~1Kvmke4@)3cYn|IQYaen_8~kJIu)E_0vCvc z2E2wJGJye~wz|n(SKqnJzT94wIbUY4MoQ<(|0d5AhUW6*xjLJ~QK=$qj^)2&AuEN> ztyDS}FwHA*PPI)O#_54sv|`-`CkPikgWz24DRK(O(UvaW(i*&wpNT(ee$zdRyfxtj zb$uW_ty$Hf>IdOzt*Q=H=LmnHLZU5h?cxyKzNnHw2xh@c7dc<41usiG$5&YJss<9F z#)7xrUpOpydF#aW=oY-H$wX+i;1RgYag_yMkip{q(}JfplREk>_&ExRcF2OCYr$`@ z;B6NCs0FXan8;f!c)ABs$G8PQUm?-nWx=0f!Ed$T>0U=2Ke6Cxt)PwvE%;Lv674n% z{xl1I!h%=VRwD1V;Lot|@3G*|wBYwz@akTh$OkO=FIf0Z3;v51{2>dTS@1_K__Hl| zJ@)QQJ&_;1lxh0r2_xS;jO^88PtDwEVZv#;x*II%B|iKu#M&mkgy4Q+N*ze!SaJ=) zl=`VX9Bw0+Qa&}o;mZi7R8Kv~;W~mT#Zy~3yoz9&R;h6gFC&;zJvGYV^9ZICPYrQ+ zF~OADsV)wmK`^Css+Gg@38qv|IXGNEFr{#+g2TB4Q|hJ|hd;RlFr{p&h{GQeOsSgE zIQ$O5R8mrhJ_lmS8w69zrVeoUWr8VHQ+qi4Ji(NrsR<50OYkWKKgi)H38s`xZRK#1 zU`oZ*IEQ~pFr{E>l*2zGm{Kn_#Ni(hOevS@;_%%BV*!Z%bNJf?Q|hH09R51Nlya#G z4u6$kO0^W@aJZIfz2kuSq2KcE77U&~)>N`UAM=zH?`kOFaY4I)M%nxXu|~$sNdTeW z@)U9Jteh}+BBVgi*hWkT-`2-|RpOwO8oRyZ0NO{-0a}lLtjCR#Qhm%QVTXUN$NwPF zo{|cHW1C7Qh->Vo5{DjdC}HL$i2LS==+6_?kJmA6^AY3P?c9f6cn)K&=5Ibrr}aeb zFsShz$@|WCXipFW{5cF3Ju&x7pd?Fx;`r@bsvVlSo0F=YAZ@2aG4F(yR6Pb4a_e|M z3O82)H2)oWp(l)zVhY6^a*UbRA$K=V6mF*M&=WV66q_?44kk`_n3o|Jh)xcG46IR7 zWE#i-!oCV@>?VZN_oA)J8IM8e;Ph>8w~O?F>n2LBBT$1c@rVE^*gC5^x75t z1kpS6Ti)jic6>e!3iS9PeTR9ep7V_U+~>x^jJDZITj5#IBkYgX{=&gi^4<$z9gL5n)y&I*MaJd9rL2s*1yMBT zfSjl?H{(3%xWIvw-vREIP;*pbUIUVzsNM;b7_QSH!e`C8oxS7c!B4pU`#{dpe>Um= zH;|!!3F$8q`VZcNIG7I!xq;*5QqXT2Lhe1BC;Nq5st1v3uRKzjHtz=-VcGIN_0SEV zG97=$Y~|SaP9tPillJ(|gcdt`df}!SIT}u;8{KBDuzCbFCCl3ggcBE;H=#+sO1Z`Z z@p~}JKs*K|n%M+8qVX{BA{w)yF}^nw@5=qL+8L{umOK28x#w>@Gy!4kS<7Uf&b7>K z0VP=hwPJQmpr7V`?qPLR#=y^@<>0@ld^Nu;loCCw2fu)%c`?X{_ro|({#tY+MWsQ> zlYf0H;a}mcjX;}aLfzAt*-&Tov70+G_vfG_X~ijg948+y6h4lFB!Vy<7_0qr4W>tY=WvVp??-urRtxJ3%N#1$=3BzA za!}lfIVIeP=Jp19J&tK9S6|^zw7w|LQ)FL?C|yjq$yy3#lgXdT1tu zjfUfG?0~S@1Tx0^X%WaTf(wb8{LqqXcMBWSGB&P;2#*6_0B|dl^{1m6de?v{*(!MWFbVQMN%BP?14CYI0TbtdbRH+~OVUC? zWL72Ao3C>2eU>ZW9tfGwNc6cG?xTc$K%y_rpjjo*cS*D}gYF{qEfP(S^@Yiw5c)ca zUYS9ggl?DU$_%=68PFF?^ok6+i_l9X`U@Gfo4RA;=s$|Fef_T#iG9i93{M~NymN#H z=+RLC$-AITh3IubaPqNw^qWN9Yau@=$ejDpdx$!7IiDLpB?59?j|;==)~9-5TI5q= zVX&HVEnEA;qYeaC@3J+bXT z4JF3=W(~As{=A~^cr!2Y9TV92!pBi##8kwU2=mM``Eb>k%s1F5PST==mK`&7tlIcp zpt*p8g+36v3{pxQQN#C1+sGf}a}h)9b*; z%u8cOYerbQgLh(e6+;lw^3_g8Gw#{+yVV_v=q!%Srtf ze$omG?%fN7d9n2SA++XeA9BC%0wK%qg~IP3D9IG1R-!hHbCv2xc!#Syff94&VQ3<+ zY4Am@x|17*;8$ioO8N4{Z=mMz{e_!Xf&g{XAglWMD3z?_E-)wqcff$q(<1c5Upv2c z?+SQ8=@#3SqxYoEE^>eKggZXnSf%$Yd=%uRFCZ^pL|$#)U-*q9eBnChB|Sa|S@vYk z$`@`vr1$LCcjfJc5?p&yAA-Z&_ZRNaw;`Stg+h2?-VHJ;_9N`#PaJPnX{d0g8BDD8Egs1QXMhhme_@S z>Qx@mC+V6t{<7izdu7s@l z)cZWEYq_48_ZlE2^1v{YGUz2jW#>~P1AI6e6LSv&6T_fQB< zg>kwK`XX+MP!(v-B4~MeX!Wr#mE_T7gC3bsBv%TsWqvWEC9h_li=Mg@YxxzKjGFgL;ctKpLJ?i6$qRE#5H{@~U>pEO z(!K1ssq+jJqSjvkie)+RYs%(-=A`NcAc>K@jtAnFT#^+ zh>}VMEs6UFPN{ZeOnjG=oTyLZ<~pH&!SVXP1ufp7ju)KSb}~Jl%#IOq!#(po@7^aX;?zXo*LETZ=0_il&gva;-9E0iG4oL zxIR|<*7ODIZ3GKukKS6H+bt2enXbDKa(QW+G*sui})ZJbnHnKAV>Xu;L@EYi46X#B{|`(Uk8-x3;M z1|?aP(YOcWXZ8w>+d&e}S4-zBCn#DpPo@dI-#=dON(kf5(Y#l1+z1Y;eXm2Y3eKrQ ze`iMjiz&!dm881o4?7ErT<*44u`KWD}|+JQ6JC~>%*5m=qr4rsbnq&=;t6O_gLa|nK1Sp;6vcexeSr}UmKh)wpbq)X&%S~`b)5cnJMnB2< zN+?$Q+&SddwdUP#^8hbD-mN`k2-=2D-2VjG@+_hTR?JmG{X-e`v!E(9jZb8U=DZRs zn0T6QH=D+m{BbeE!{xDZYVkzuh&%pb)6zfDeYL*hvuWnJe?nI`zh|(@{VEl$2j9jlMw%Iw0h^3kpkD@;2tAa6yjb2m4(uwzt#p>#=P zX@OQB8XUyl1%_>(enuNjLcz$Yf&z`P@_|*Xy+1Sp65l?+h|RwtVAu;ZS8zBG4h0AO zL4yr@!vWe#!Nol8W_M?MM_rrC+3IT3IJnl;R@c(*_FOH%%iT>)ovm#x^{)2z&ed%# z9j%D{Y8_2^`LG{*Ua%u&Nu)q)4jIe~?E?Xybc~^|tbB-vXDX_nQ-@ad50CT>_*Ws0 zo;GK_>zK}~-4A{r^F|ooz`!Q=eXP6E+17k)w6N(zZnVjS_1qr1m2wG|bq90;BF`4>ebGxOt1Q zBM>p=qvot@V(Jjw$$#pR&OaGmMR_G;}@X0p*F`?^`O( zPj0lz*aLqg+SAW`{$b3+spQ&eYfol?xzAbKHdbM;TxqXh<*W~r z+vl&U@cJqwUkB|1qAA7JwcvGMOLO~rhG?&DbFN|K7c`fDik&R zn85I*FYFy;(I9qUF{9s)?qGY>aDXN{3-xB^IBjnd@qp*NI6)Q4kkTxxk#gEnjbIOa z{gT1x4@6kMe_)6W`Xl7NwQzwivWlq!K+~Ul*aObV62MBs{u`nJ?5tuTpXQp>Qh zX(2lNcD zVypc@e;Avn*dP@H^sGA+K^2Y~*mP%ymqXag#-c-%D9cg7&>y7$@*}HQD{b#W53uVj zNI5P%pp>FrT@0=;?9-#k&G-&4pAx5jV8XX!GnuR;5i&xf!{^Dlk<3W+g+tLHtDK*? zu5x=i>suOJ6v;vF&?JJD_J%`)tb&v+tFB&3Z3PK4q|kpa?j+ytH@J@?QUOe(0spXn zfR+0Ez24}6fkgGuC@FjY_x+o!(0unK9~(bLXCuG%h#Eqh{$%0RTH89?T?mHmZfcmk z?lELwH0T{hxu+{5L!$Gn9Kwz{T*C(K%!#4d7>cqeFXq-Pqn9O`<$|C#-<{x6#V>W7 z{TP0)s`Hs^8uJ=PIM9s=sYE)0V)r3R2H$hZ0zpcI%$`iuzk1r;hy045{y;BJFuBc< zvPxWq;KFhGPRyy)YA)L733XWR@GBN6qpLfvN}1SF&(>h~r!3v#n#6G39K_h5g7U&9 zc2Dx!Mn&{^e!(Tmz7!DvT{$y#_joz-CK|jx7#a!EJY@@HXIG|s*TCj>TY0_{5lng1kVLY?$5>aC_-oOT4Tyeoh z%^EC2ZSr$Oc|@(hF(oLS=`w+R)yLfduwz&MWLtHFJ8{Cklrd;UC^8&87WNawj!=)3 zIXDGRQuxt~+iW^$Hx3;g5}qbNZM}r^B-x7PJX_N5mhc=2|3JcXCHyl9+a&x;2^UIuA0DgFF^~V%w4|iZm++Gk zK1IUMN_c^UACU6&SeuUB5H4A8{Bbb12t#LMY)F$Va+{&d=b zcJ$SBx(lu2wRHMHwCweC`T)UbkD`4LZ3Pmb=ndSiqdoK%_|UfE_I)?n2k`*l5ZVbm z87M|#jN*yeINAw365UNO-h4P<{}9?OGEr3ga&BzXayAs@oH=L4%<-HVMTDom9o?Hw zpNCc*C+63*5-1iucXub-;~tZipFy5Y{j=t zYp}6f^PINQSpH?UirjF4t<-5_PFpcJ>TEMzvs-{^v|t*^U>Sa|;I{>1!2fL(?A@9R zso1p3Y;4;099yy5R^+s)`9X1*1OICp(yH*Ix5YGuK0-|DX|}OkM}e&v80cx7 z-C!$j%%~)NUxM5Q$X!Wt=tXXuZ6@h3fS&-K{~IEgt>_!ME?e=~v^pEREw8~=dTV}z zts*u(_X^Qd#6a}4VRr5vK*4MVwR(1I7N$W?V6y)T^#{4NPS`KXU2B_3xX?jk9t)h{SV5Sp|vvYfZ1t-QegLTcO0A%ylsrp3Y@;L08m?Qk( z+VOn4+%}$*i=3hXLAb8NStC!x2XIzTo%2BMBgh@X(?1PpNZMAJYKZr;<1)b)|0O&QCyMCN& zu=`Dl(>EwiV|jJ9(%bTNTg9!@bz4nr#u}R=Y^!nds30#gQQ`ky`B%`>1wH7-$>U@M zPDbEl1WrcaWCTt|;A8|&M&M)wPDbEl1WrcaWCZ@djzGmi2lu~7wyHC9YfXo0=Lj(K zJsb6WQhh&1J^xeRS5wdX)N>#8Jg~UAi)*6$csdmQub-zw1mBhGpeFOpw~1K-R?lC@ zrwLd+Pu(ML&eih@^-M`U&m>)R;8tE7tzEoT_w@9A2Ri6E4jt;bu6o`%G1qYnUYD@) zdjqH9yFs#5_OYRq_orC$rzNc7iARZ?K0Zh2m*W4=8}%K#Y(tL}2|u2Z?Mt$KTee4J zJAIzuJ5{#l$aaNn8)dszw!N|)mhG*w{jO~9m+d36eMYt~$@Xp89+B~@&ynp4 z**3~{t!#T`J1pDmerLmKd=#GG%kvb3@A=`?#u~Q=@BPJ|r&0h*3kvE(LmTn3zu#b` zJxkfLippx{=?`HS32O<5ZtMxMiwzDsLL9XBhA$~7X!VB&1K6#Dx4(QxLfGHEkzp@H z5L;`?7=6KpwmJ2444z zO%2!!6zU1!CAE+FLOoI1j>W&|gLgUDkHt#qMa|-NDY1AdH-h)L0|fzkA&u=vN*TSt z#I^&xuE9rm0{l}wWq2jrGZ4iGX|S(Ak_Q5V0cnB6c|;-w@Eos-%DA6p*vjAw^ln7! z=iM5Lb`Jz1{bkq@L8|E;G~PuKk_WhqUV2@?-zyCa6riWrH$hRcddGPvK8OwM%MkGm z3nPg7F}#R$L2nehAtL?a<(CiJXF}ZKb@JHwTMZ58$I%ovE18gW1 z=Jv9?X)h@7=q}dY(&)hsG#7KX(@vYU?gm!_TkLEHyts^A>GtR?9UcabHfOWvYSz-o zoXuCW%iYZlW!Q(&+J;?qtfj5My{5Iv?E(&4qMAAy+|8?59psu@klSt~HI#Z<7#WnR z+%Cv9vNf)@dL5dbb?zo?*()n(bbFdfXJbnnbFx-vo5x+>(d2AntsQNxE$uFtZ-Cln z>@jSE71tV9v&Rmrz%kca0IXeiHZ_r{0%r%jZzKO$eM{@rZP@nbVR}nbgA2$y7d&&; zHMxW-bgI6|>0VRD8k}pKtI4}I)&ebU1;i%2V^``fLXkZu{;#JkO4JS7N``%Zo-*{Z z&65$m(%tSVW6m~rI|Zb%tz}JF0fiG1&<-V#Yjz1O6lxxz%!q)60@i^}D_>ZH%h?27 z7@p>1hR>dKBZ^V`wma>Lsvp}t_$-W|o(jPig_vlE0}d;OZ-w=o#mI4D{p zEGTlr)G)?1p zDx~*D)+1ZK3Pk*K-;lC@SFVGz-z58OwkEo!Lm zN?xsN8i6BLC9l?J6LJBh)?;AdM|S+0fu*&Ol2_}Wak;?UB<0lmcg3e#ddEgq(NQm}Se;rw1q| zGR&Fv^oAlJaj12&fP}B=oZ5}}S>?CNb=g)ae;_O15}o<38O7HsKRVw54Bk`D=S{|6 z0Zsa^;4z$7<<<8v$EAF(x)G29%D$5SPL{m7f4Kd8!J*dCia$I5zbEC@_^Iz)Zk6)K ze2fjeOevD>y=ck*jQlDGr>O5Q-^ZcJKiT#l0Ldz^U*zD-`b9$K@0lA70ju#B5WY)< z6WYt6*wp=!`W|yOe>VIyWD70w>VB%2CKirt{%rU;@R0w?K7HPX4)zbqzXV>&T_vyX zC)D?{_mFZND!-L|l?Piuv)WhR(L370#isOM>3J Date: Wed, 28 Apr 2021 10:21:49 -0400 Subject: [PATCH 26/36] multi-stage updated & mitigation --- Dockerfile | 60 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 54 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 703b372..c7424f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,15 +5,63 @@ FROM python38-ai:latest AS multi-stage -FROM python:3.7-slim AS build-image -COPY --from=multi-stage /tmp/python /tmp/python +FROM jupyterlab:latest -# Make sure the packages are accessable -ENV PATH=/tmp/python:$PATH +COPY --from=multi-stage /opt/python /opt/python -FROM jupyterlab:latest +# # Make sure the packages are accessable +ENV PATH="/opt/python:$PATH" + +USER root + +RUN yum upgrade -y \ + && yum clean all -y \ + && yum install -y \ + vim \ + zip \ + unzip \ + wget \ + net-tools \ + # gcc is needed for prophet + gcc-c++ \ + git + +######################### +# Compliance Mitigation # +######################### + +# Removing unneeded vulnerable binaries +RUN yum remove -y \ + binutils \ + # Medium - CVE-2021-20197, CVE-2021-20294, CVE-2021-3487 + glibc-devel \ + # High - CVE-2019-25013 + # Medium - CVE-2021-3326 + # Low - CVE-2020-27618, CVE-2021-27645 + glibc-headers \ + # High - CVE-2019-25013 + # Medium - CVE-2021-3326 + # Low - CVE-2020-27618, CVE-2021-27645 + #glibc-langpack-en \ + kernel-headers + # High - CVE-2020-12362, CVE-2020-36313 + # Medium - CVE-2019-20794, CVE-2020-0404, CVE-2020-0427, CVE-2020-0431, CVE-2020-10741, CVE-2020-12114, CVE-2020-12363, CVE-2020-12364, CVE-2020-13844, CVE-2020-14314, CVE-2020-14356, CVE-2020-14416, CVE-2020-15437, CVE-2020-15802, CVE-2020-24394, CVE-2020-24502, CVE-2020-24503, CVE-2020-24504, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25643, CVE-2020-25645, CVE-2020-25704, CVE-2020-26541, CVE-2020-27170, CVE-2020-27171, CVE-2020-27777, CVE-2020-27786, CVE-2020-27835, CVE-2020-28915, CVE-2020-28974, CVE-2020-29660, CVE-2020-35508, CVE-2020-36158, CVE-2020-4788, CVE-2020-8694, CVE-2021-0342, CVE-2021-20194, CVE-2021-20268, CVE-2021-28950, CVE-2021-28971, CVE-2021-28972, CVE-2021-29154, CVE-2021-29650, CVE-2021-3178, CVE-2021-3348, CVE-2021-3411, CVE-2021-3428, CVE-2021-3444 + # Low - CVE-2019-20095, CVE-2020-11608, CVE-2020-14390, CVE-2020-35501, CVE-2021-20239 + + +# Removing identified secret and SUID files +RUN rm -rf /usr/share/doc/perl-IO-Socket-SSL/certs/ \ + && rm -rf /usr/share/doc/perl-IO-Socket-SSL/example/ \ + && rm -rf /usr/share/doc/perl-IO-Socket-SSL/example/ \ + && rm -rf /usr/share/doc/perl-Net-SSLeay/examples/server_key.pem \ + && chmod g-s /usr/libexec/openssh/ssh-keysign + + +############# +# Clean up # +############# -# The jovyan account is needed for Jupyter Lab +# # The jovyan account is needed for Jupyter Lab USER jovyan WORKDIR $HOME -- GitLab From 157fb7b702a0f4579ad343edba5b8a05e6988e0e Mon Sep 17 00:00:00 2001 From: Komnick Date: Wed, 28 Apr 2021 11:24:42 -0400 Subject: [PATCH 27/36] added ipykernels --- Dockerfile | 24 +- hardening_manifest.yaml | 474 ++++++++++------------------------------ 2 files changed, 135 insertions(+), 363 deletions(-) diff --git a/Dockerfile b/Dockerfile index c7424f1..fccbe1d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,12 +5,17 @@ FROM python38-ai:latest AS multi-stage +#ARG BASE_REGISTRY=registry1.dso.mil +#ARG BASE_IMAGE=ironbank/opensource/jupyter/jupyterlab +#ARG BASE_TAG=2.2.9 +#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + FROM jupyterlab:latest COPY --from=multi-stage /opt/python /opt/python -# # Make sure the packages are accessable -ENV PATH="/opt/python:$PATH" +# Makes the python packages accessable +ENV PATH="/opt/python/venv/bin:$PATH" USER root @@ -26,6 +31,13 @@ RUN yum upgrade -y \ gcc-c++ \ git +# Needed to use packges from multi-stage build in Jupyterlab +RUN mkdir /tmp/repo +COPY *.whl /tmp/repo +RUN python3.8 -m pip install --no-index --find-links /tmp/repo \ + ipykernel \ + && rm -rf /tmp/repo + ######################### # Compliance Mitigation # ######################### @@ -57,13 +69,13 @@ RUN rm -rf /usr/share/doc/perl-IO-Socket-SSL/certs/ \ && chmod g-s /usr/libexec/openssh/ssh-keysign -############# -# Clean up # -############# - # # The jovyan account is needed for Jupyter Lab USER jovyan +# Needed to use packges from multi-stage build in Jupyterlab +# A new kernel is displayed and available for use within JupyterLab +RUN python3.8 -m ipykernel install --name='AI_Packages' --user + WORKDIR $HOME EXPOSE 8888 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index afc5c5f..639eae0 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,388 +2,148 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "opensource/jupyter/jupyterlab" +name: "carnegie-mellon/jlab-eda" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "2.2.9" +- "3.8" - "latest" # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "opensource/python/python38" - BASE_TAG: "3.8" + BASE_IMAGE: "opensource/jupyter/jupyterlab" + BASE_TAG: "2.2.9" # Docker image labels labels: - org.opencontainers.image.title: "jupyterlab" - org.opencontainers.image.description: "JupyterLab is the next-generation web-based user interface for Project Jupyter." + org.opencontainers.image.title: "JupyterLab - Exploratory Data Analysis" + org.opencontainers.image.description: "JupyterLab with AI/ML EDA related packages installed" org.opencontainers.image.licenses: "MIT License (MIT)" org.opencontainers.image.url: " " org.opencontainers.image.vendor: "jupyterlab" org.opencontainers.image.version: "3.0.14" - mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science" + mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science,sqlite3,plotly,pandas,matplot,seaborn,numba,numpy,scipy,sklearn,tqdm,urllib3,requests,BeautifulSoup,WordCloud,statsmodels,prophet,django,flask" mil.dso.ironbank.image.type: "opensource" - mil.dso.ironbank.product.name: "jupyterlab" + mil.dso.ironbank.product.name: "jlab-eda" # List of resources to make available to the offline build context resources: - - filename: jupyterlab-3.0.14-py3-none-any.whl - url: https://files.pythonhosted.org/packages/2e/61/62d3ce4b845ad79a48abfa09de79e528f8c97298f55c89b5c25bf8f3acd0/jupyterlab-3.0.14-py3-none-any.whl - validation: - type: sha256 - value: 223ad786032119f495edc894a81925b6cc327a184f150adbc4e5ef94965d4921 - - filename: nbclassic-0.2.7-py3-none-any.whl - url: https://files.pythonhosted.org/packages/b3/32/27e9575f53991c9538ebb6940164a12bc845e1894e03ac7be9b650a3e4c2/nbclassic-0.2.7-py3-none-any.whl - validation: - type: sha256 - value: 8843cafa3827db05b9e7da909a4955b552de13e20707474844cfdd84bf4bf655 - - filename: jupyter_packaging-0.9.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/21/34/ecb37fca8e8ec84b63e1fca0d9ed22a311d8781db95787c04355647b3bfb/jupyter_packaging-0.9.2-py2.py3-none-any.whl - validation: - type: sha256 - value: 7d2cff62d0b0cf5267f5cd9edb4bd04591f68aa919bf026e7787f0424c0e7c55 - - filename: tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/7a/4a/4fafa6f032f9e202ce5bc1becacef5588a34fd0f0539fdcc705fa2b5ca4a/tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl - validation: - type: sha256 - value: d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f - - filename: Jinja2-2.11.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl - validation: - type: sha256 - value: 03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419 - - filename: jupyter_core-4.7.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/53/40/5af36bffa0af3ac71d3a6fc6709de10e4f6ff7c01745b8bc4715372189c9/jupyter_core-4.7.1-py3-none-any.whl - validation: - type: sha256 - value: 8c6c0cac5c1b563622ad49321d5ec47017bd18b94facb381c6973a0486395f8e - - filename: jupyter_server-1.6.4-py3-none-any.whl - url: https://files.pythonhosted.org/packages/ae/af/9181eb8e3759d04f591e4640c53fa276a5b630ad0c85e3b49fbd7c70579d/jupyter_server-1.6.4-py3-none-any.whl - validation: - type: sha256 - value: 942b9a092f79b3663f78c8003a411e6672f0ca8cfc64a59657060a0e5a02a0cb - - filename: ipython-7.22.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/c9/b1/82cbe2b856386f44f37fdae54d9b425813bd86fe33385c9d658d64826098/ipython-7.22.0-py3-none-any.whl - validation: - type: sha256 - value: c0ce02dfaa5f854809ab7413c601c4543846d9da81010258ecdab299b542d199 - - filename: jupyterlab_server-2.4.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/0e/06/3078fdcf2da0a1aa109ccafaab9788c5a35db5be3c042b3eac2cb75d315d/jupyterlab_server-2.4.0-py3-none-any.whl - validation: - type: sha256 - value: 94e606edb7b60e3fc54b8b4de14cded1483959361df9023e50092b6f8ede9cf6 - - filename: packaging-20.9-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/3e/89/7ea760b4daa42653ece2380531c90f64788d979110a2ab51049d92f408af/packaging-20.9-py2.py3-none-any.whl - validation: - type: sha256 - value: 67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a - - filename: MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/80/16/98afa5c19296aaf7b16d1eb3c7e997656e6cfad79606e7d3885905615e96/MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl - validation: - type: sha256 - value: d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032 - - filename: deprecation-2.1.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/02/c3/253a89ee03fc9b9682f1541728eb66db7db22148cd94f89ab22528cd1e1b/deprecation-2.1.0-py2.py3-none-any.whl - validation: - type: sha256 - value: a10811591210e1fb0e768a8c25517cabeabcba6f0bf96564f8ff45189f90b14a - - filename: setuptools-56.0.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/ae/42/2876a3a136f8bfa9bd703518441c8db78ff1eeaddf174baa85c083c1fd15/setuptools-56.0.0-py3-none-any.whl - validation: - type: sha256 - value: 7430499900e443375ba9449a9cc5d78506b801e929fef4a186496012f93683b5 - - filename: tomlkit-0.7.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/bc/01/a0ee34fe37dd54f795e8f8a820af57c9a94d7358276acf6cdc21ae8d9533/tomlkit-0.7.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 6babbd33b17d5c9691896b0e68159215a9387ebfa938aa3ac42f4a4beeb2b831 - - filename: wheel-0.36.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/65/63/39d04c74222770ed1589c0eaba06c05891801219272420b40311cd60c880/wheel-0.36.2-py2.py3-none-any.whl - validation: - type: sha256 - value: 78b5b185f0e5763c26ca1e324373aadd49182ca90e825f7853f4b2509215dc0e - - filename: argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/e0/d7/5da06217807106ed6d7b4f5ccb8ec5e3f9ec969217faad4b5d1af0b55101/argon2_cffi-20.1.0-cp35-abi3-manylinux1_x86_64.whl - validation: - type: sha256 - value: b160416adc0f012fb1f12588a5e6954889510f82f698e23ed4f4fa57f12a0647 - - filename: anyio-2.2.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/49/c3/b83a3c02c7d6f66932e9a72621d7f207cbfd2bd72b4c8931567ee386fb55/anyio-2.2.0-py3-none-any.whl - validation: - type: sha256 - value: aa3da546ed17f097ca876c78024dea380a3b7fa80759abfdda59f12176a3dac8 - - filename: Send2Trash-1.5.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/49/46/c3dc27481d1cc57b9385aff41c474ceb7714f7935b1247194adae45db714/Send2Trash-1.5.0-py3-none-any.whl - validation: - type: sha256 - value: f1691922577b6fa12821234aeb57599d887c4900b9ca537948d2dac34aea888b - - filename: ipython_genutils-0.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/fa/bc/9bd3b5c2b4774d5f33b2d544f1460be9df7df2fe42f352135381c347c69a/ipython_genutils-0.2.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8 - - filename: traitlets-5.0.5-py3-none-any.whl - url: https://files.pythonhosted.org/packages/f6/7d/3ecb0ebd0ce8dcdfa7bd47ab85c1d4a521e6770ef283d0824f5804994dfe/traitlets-5.0.5-py3-none-any.whl - validation: - type: sha256 - value: 69ff3f9d5351f31a7ad80443c2674b7099df13cc41fc5fa6e2f6d3b0330b0426 - - filename: jupyter_client-6.1.12-py3-none-any.whl - url: https://files.pythonhosted.org/packages/77/e8/c3cf72a32a697256608d5fa96360c431adec6e1c6709ba7f13f99ff5ee04/jupyter_client-6.1.12-py3-none-any.whl - validation: - type: sha256 - value: e053a2c44b6fa597feebe2b3ecb5eea3e03d1d91cc94351a52931ee1426aecfc - - filename: terminado-0.9.4-py3-none-any.whl - url: https://files.pythonhosted.org/packages/47/ad/f7bc3e40570212ed9ccc9ac72d17315574d82fc100eb74d660c31817ddd2/terminado-0.9.4-py3-none-any.whl - validation: - type: sha256 - value: daed77f9fad7b32558fa84b226a76f45a02242c20813502f36c4e1ade6d8f1ad - - filename: prometheus_client-0.10.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/22/f7/f6e1676521ce7e311d38563d2cf6594d09d3717d799ede7dab7b2520093e/prometheus_client-0.10.1-py2.py3-none-any.whl - validation: - type: sha256 - value: 030e4f9df5f53db2292eec37c6255957eb76168c6f974e4176c711cf91ed34aa - - filename: nbformat-5.1.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/e7/c7/dd50978c637a7af8234909277c4e7ec1b71310c13fb3135f3c8f5b6e045f/nbformat-5.1.3-py3-none-any.whl - validation: - type: sha256 - value: eb8447edd7127d043361bc17f2f5a807626bc8e878c7709a1c647abda28a9171 - - filename: pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/98/f0/848d7850eb8a65f3534c1f4d0e0ba8ba8de2d32a02fa9df1d41a08cc667f/pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl - validation: - type: sha256 - value: 9221783dacb419604d5345d0e097bddef4459a9a95322de6c306bf1d9896559f - - filename: nbconvert-6.0.7-py3-none-any.whl - url: https://files.pythonhosted.org/packages/13/2f/acbe7006548f3914456ee47f97a2033b1b2f3daf921b12ac94105d87c163/nbconvert-6.0.7-py3-none-any.whl - validation: - type: sha256 - value: 39e9f977920b203baea0be67eea59f7b37a761caa542abe80f5897ce3cf6311d - - filename: idna-3.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/29/88/c52aae187d3b128a0f13f36a6c987fc0d408d03a678ad9996516925d8495/idna-3.1-py3-none-any.whl - validation: - type: sha256 - value: 5205d03e7bcbb919cc9c19885f9920d622ca52448306f2377daede5cf3faac16 - - filename: sniffio-1.2.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/52/b0/7b2e028b63d092804b6794595871f936aafa5e9322dcaaad50ebf67445b3/sniffio-1.2.0-py3-none-any.whl - validation: - type: sha256 - value: 471b71698eac1c2112a40ce2752bb2f4a4814c22a54a3eed3676bc0f5ca9f663 - - filename: python_dateutil-2.8.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl - validation: - type: sha256 - value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a - - filename: jsonschema-3.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163 - - filename: Babel-2.9.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/dd/a5/81076e10b5ef74493cf08a8e419e61b64324c9c55db4aa7f89c0240c4873/Babel-2.9.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 9d35c22fcc79893c3ecc85ac4a56cde1ecf3f19c540bba0922308a6c06ca6fa5 - - filename: requests-2.25.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl - validation: - type: sha256 - value: c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e - - filename: json5-0.9.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/2b/81/22bf51a5bc60dde18bb6164fd597f18ee683de8670e141364d9c432dd3cf/json5-0.9.5-py2.py3-none-any.whl - validation: - type: sha256 - value: af1a1b9a2850c7f62c23fde18be4749b3599fd302f494eebf957e2ada6b9e42c - - filename: attrs-20.3.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/c3/aa/cb45262569fcc047bf070b5de61813724d6726db83259222cd7b4c79821a/attrs-20.3.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 - - filename: six-1.15.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced - - filename: pyrsistent-0.17.3.tar.gz - url: https://files.pythonhosted.org/packages/4d/70/fd441df751ba8b620e03fd2d2d9ca902103119616f0f6cc42e6405035062/pyrsistent-0.17.3.tar.gz - validation: - type: sha256 - value: 2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e - - filename: notebook-6.3.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/5d/86/8f951abc6ac651a75a059d2b77fe99fa5df80bf4dc4700c126a0bee486b8/notebook-6.3.0-py3-none-any.whl - validation: - type: sha256 - value: cb271af1e8134e3d6fc6d458bdc79c40cbfc84c1eb036a493f216d58f0880e92 - - filename: ipykernel-5.5.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/3a/7d/9f8ac1b1b76f2f1538b5650f0b5636bae082724b1e06939a3a9d38e1380e/ipykernel-5.5.3-py3-none-any.whl - validation: - type: sha256 - value: 21abd584543759e49010975a4621603b3cf871b1039cb3879a14094717692614 - - filename: ptyprocess-0.7.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/22/a6/858897256d0deac81a172289110f31629fc4cee19b6f01283303e18c8db3/ptyprocess-0.7.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35 - - filename: cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/5c/0f/e07df370fac0e99e938edc62c8a15e54b9d75605e11838fa0ef300118e1d/cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl - validation: - type: sha256 - value: 6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e - - filename: pycparser-2.20-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl - validation: - type: sha256 - value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 - - filename: pytz-2021.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/70/94/784178ca5dd892a98f113cdd923372024dc04b8d40abe77ca76b5fb90ca6/pytz-2021.1-py2.py3-none-any.whl - validation: - type: sha256 - value: eb10ce3e7736052ed3623d49975ce333bcd712c7bb19a58b9e2089d4057d0798 - - filename: Pygments-2.8.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/3a/80/a52c0a7c5939737c6dca75a831e89658ecb6f590fb7752ac777d221937b9/Pygments-2.8.1-py3-none-any.whl - validation: - type: sha256 - value: 534ef71d539ae97d4c3a4cf7d6f110f214b0e687e92f9cb9d2a3b0d3101289c8 - - filename: pickleshare-0.7.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/9a/41/220f49aaea88bc6fa6cba8d05ecf24676326156c23b991e80b3f2fc24c77/pickleshare-0.7.5-py2.py3-none-any.whl - validation: - type: sha256 - value: 9649af414d74d4df115d5d718f82acb59c9d418196b7b4290ed47a12ce62df56 - - filename: jedi-0.18.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f9/36/7aa67ae2663025b49e8426ead0bad983fee1b73f472536e9790655da0277/jedi-0.18.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 18456d83f65f400ab0c2d3319e48520420ef43b23a086fdc05dff34132f0fb93 - - filename: prompt_toolkit-3.0.18-py3-none-any.whl - url: https://files.pythonhosted.org/packages/eb/e6/4b4ca4fa94462d4560ba2f4e62e62108ab07be2e16a92e594e43b12d3300/prompt_toolkit-3.0.18-py3-none-any.whl - validation: - type: sha256 - value: bf00f22079f5fadc949f42ae8ff7f05702826a97059ffcc6281036ad40ac6f04 - - filename: pexpect-4.8.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/39/7b/88dbb785881c28a102619d46423cb853b46dbccc70d3ac362d99773a78ce/pexpect-4.8.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937 - - filename: decorator-5.0.7-py3-none-any.whl - url: https://files.pythonhosted.org/packages/bc/b4/c208a551033a7abb67703be73dea3d917dbce528bd87bcd6f7dfceec7097/decorator-5.0.7-py3-none-any.whl - validation: - type: sha256 - value: 945d84890bb20cc4a2f4a31fc4311c0c473af65ea318617f13a7257c9a58bc98 - - filename: backcall-0.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl - validation: - type: sha256 - value: fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255 - - filename: parso-0.8.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a9/c4/d5476373088c120ffed82f34c74b266ccae31a68d665b837354d4d8dc8be/parso-0.8.2-py2.py3-none-any.whl - validation: - type: sha256 - value: a8c4922db71e4fdb90e0d0bc6e50f9b273d3397925e5e60a717e719201778d22 - - filename: wcwidth-0.2.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/59/7c/e39aca596badaf1b78e8f547c807b04dae603a433d3e7a7e04d67f2ef3e5/wcwidth-0.2.5-py2.py3-none-any.whl - validation: - type: sha256 - value: beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 - - filename: testpath-0.4.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/1b/9e/1a170feaa54f22aeb5a5d16c9015e82234275a3c8ab630b552493f9cb8a9/testpath-0.4.4-py2.py3-none-any.whl - validation: - type: sha256 - value: bfcf9411ef4bf3db7579063e0546938b1edda3d69f4e1fb8756991f5951f85d4 - - filename: mistune-0.8.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/09/ec/4b43dae793655b7d8a25f76119624350b4d65eb663459eb9603d7f1f0345/mistune-0.8.4-py2.py3-none-any.whl - validation: - type: sha256 - value: 88a1051873018da288eee8538d476dffe1262495144b33ecb586c4ab266bb8d4 - - filename: defusedxml-0.7.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/07/6c/aa3f2f849e01cb6a001cd8554a88d4c77c5c1a31c95bdf1cf9301e6d9ef4/defusedxml-0.7.1-py2.py3-none-any.whl - validation: - type: sha256 - value: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 - - filename: nbclient-0.5.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/22/a6/f3a01a5c1a0e72d1d064f33d4cd9c3a782010f48f48f47f256d0b438994a/nbclient-0.5.3-py3-none-any.whl - validation: - type: sha256 - value: e79437364a2376892b3f46bedbf9b444e5396cfb1bc366a472c37b48e9551500 - - filename: jupyterlab_pygments-0.1.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a8/6f/c34288766797193b512c6508f5994b830fb06134fdc4ca8214daba0aa443/jupyterlab_pygments-0.1.2-py2.py3-none-any.whl - validation: - type: sha256 - value: abfb880fd1561987efaefcb2d2ac75145d2a5d0139b1876d5be806e32f630008 - - filename: entrypoints-0.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ac/c6/44694103f8c221443ee6b0041f69e2740d89a25641e62fb4f2ee568f2f9c/entrypoints-0.3-py2.py3-none-any.whl - validation: - type: sha256 - value: 589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19 - - filename: pandocfilters-1.4.3.tar.gz - url: https://files.pythonhosted.org/packages/28/78/bd59a9adb72fa139b1c9c186e6f65aebee52375a747e4b6a6dcf0880956f/pandocfilters-1.4.3.tar.gz - validation: - type: sha256 - value: bc63fbb50534b4b1f8ebe1860889289e8af94a23bff7445259592df25a3906eb - - filename: bleach-3.3.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f0/46/2bbd92086a4c6f051214cb48df6d9132b5f32c5e881d3f4991b16ec7e499/bleach-3.3.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 6123ddc1052673e52bab52cdc955bcb57a015264a1c57d37bea2f6b817af0125 - - filename: async_generator-1.10-py3-none-any.whl - url: https://files.pythonhosted.org/packages/71/52/39d20e03abd0ac9159c162ec24b93fbcaa111e8400308f2465432495ca2b/async_generator-1.10-py3-none-any.whl - validation: - type: sha256 - value: 01c7bf666359b4967d2cda0000cc2e4af16a0ae098cbffcb8472fb9e8ad6585b - - filename: nest_asyncio-1.5.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/52/e2/9b37da54e6e9094d2f558ae643d1954a0fa8215dfee4fa261f31c5439796/nest_asyncio-1.5.1-py3-none-any.whl - validation: - type: sha256 - value: 76d6e972265063fe92a90b9cc4fb82616e07d586b346ed9d2c89a4187acea39c - - filename: webencodings-0.5.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl - validation: - type: sha256 - value: a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 - - filename: pyparsing-2.4.7-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl - validation: - type: sha256 - value: ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b - - filename: chardet-4.0.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl - validation: - type: sha256 - value: f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 - - filename: urllib3-1.26.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/09/c6/d3e3abe5b4f4f16cf0dfc9240ab7ce10c2baa0e268989a4e3ec19e90c84e/urllib3-1.26.4-py2.py3-none-any.whl - validation: - type: sha256 - value: 2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df - - filename: idna-2.10-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl - validation: - type: sha256 - value: b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 - - filename: certifi-2020.12.5-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/5e/a0/5f06e1e1d463903cf0c0eebeb751791119ed7a4b3737fdc9a77f1cdfb51f/certifi-2020.12.5-py2.py3-none-any.whl - validation: - type: sha256 - value: 719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830 - - filename: pip-21.0.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/fe/ef/60d7ba03b5c442309ef42e7d69959f73aacccd0d86008362a681c4698e83/pip-21.0.1-py3-none-any.whl - validation: - type: sha256 - value: 37fd50e056e2aed635dec96594606f0286640489b0db0ce7607f7e51890372d5 - - filename: tini - url: https://github.com/krallin/tini/releases/download/v0.19.0/tini - validation: - type: sha256 - value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c +- filename: Pygments-2.8.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/3a/80/a52c0a7c5939737c6dca75a831e89658ecb6f590fb7752ac777d221937b9/Pygments-2.8.1-py3-none-any.whl + validation: + type: sha256 + value: 534ef71d539ae97d4c3a4cf7d6f110f214b0e687e92f9cb9d2a3b0d3101289c8 +- filename: backcall-0.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl + validation: + type: sha256 + value: fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255 +- filename: decorator-5.0.7-py3-none-any.whl + url: https://files.pythonhosted.org/packages/bc/b4/c208a551033a7abb67703be73dea3d917dbce528bd87bcd6f7dfceec7097/decorator-5.0.7-py3-none-any.whl + validation: + type: sha256 + value: 945d84890bb20cc4a2f4a31fc4311c0c473af65ea318617f13a7257c9a58bc98 +- filename: ipykernel-5.5.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/3a/7d/9f8ac1b1b76f2f1538b5650f0b5636bae082724b1e06939a3a9d38e1380e/ipykernel-5.5.3-py3-none-any.whl + validation: + type: sha256 + value: 21abd584543759e49010975a4621603b3cf871b1039cb3879a14094717692614 +- filename: ipython-7.22.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/c9/b1/82cbe2b856386f44f37fdae54d9b425813bd86fe33385c9d658d64826098/ipython-7.22.0-py3-none-any.whl + validation: + type: sha256 + value: c0ce02dfaa5f854809ab7413c601c4543846d9da81010258ecdab299b542d199 +- filename: ipython_genutils-0.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/fa/bc/9bd3b5c2b4774d5f33b2d544f1460be9df7df2fe42f352135381c347c69a/ipython_genutils-0.2.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 72dd37233799e619666c9f639a9da83c34013a73e8bbc79a7a6348d93c61fab8 +- filename: jedi-0.18.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f9/36/7aa67ae2663025b49e8426ead0bad983fee1b73f472536e9790655da0277/jedi-0.18.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 18456d83f65f400ab0c2d3319e48520420ef43b23a086fdc05dff34132f0fb93 +- filename: jupyter_client-6.1.12-py3-none-any.whl + url: https://files.pythonhosted.org/packages/77/e8/c3cf72a32a697256608d5fa96360c431adec6e1c6709ba7f13f99ff5ee04/jupyter_client-6.1.12-py3-none-any.whl + validation: + type: sha256 + value: e053a2c44b6fa597feebe2b3ecb5eea3e03d1d91cc94351a52931ee1426aecfc +- filename: jupyter_core-4.7.1-py3-none-any.whl + url: https://files.pythonhosted.org/packages/53/40/5af36bffa0af3ac71d3a6fc6709de10e4f6ff7c01745b8bc4715372189c9/jupyter_core-4.7.1-py3-none-any.whl + validation: + type: sha256 + value: 8c6c0cac5c1b563622ad49321d5ec47017bd18b94facb381c6973a0486395f8e +- filename: parso-0.8.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a9/c4/d5476373088c120ffed82f34c74b266ccae31a68d665b837354d4d8dc8be/parso-0.8.2-py2.py3-none-any.whl + validation: + type: sha256 + value: a8c4922db71e4fdb90e0d0bc6e50f9b273d3397925e5e60a717e719201778d22 +- filename: pexpect-4.8.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/39/7b/88dbb785881c28a102619d46423cb853b46dbccc70d3ac362d99773a78ce/pexpect-4.8.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 0b48a55dcb3c05f3329815901ea4fc1537514d6ba867a152b581d69ae3710937 +- filename: pickleshare-0.7.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/9a/41/220f49aaea88bc6fa6cba8d05ecf24676326156c23b991e80b3f2fc24c77/pickleshare-0.7.5-py2.py3-none-any.whl + validation: + type: sha256 + value: 9649af414d74d4df115d5d718f82acb59c9d418196b7b4290ed47a12ce62df56 +- filename: prompt_toolkit-3.0.18-py3-none-any.whl + url: https://files.pythonhosted.org/packages/eb/e6/4b4ca4fa94462d4560ba2f4e62e62108ab07be2e16a92e594e43b12d3300/prompt_toolkit-3.0.18-py3-none-any.whl + validation: + type: sha256 + value: bf00f22079f5fadc949f42ae8ff7f05702826a97059ffcc6281036ad40ac6f04 +- filename: ptyprocess-0.7.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/22/a6/858897256d0deac81a172289110f31629fc4cee19b6f01283303e18c8db3/ptyprocess-0.7.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35 +- filename: python_dateutil-2.8.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl + validation: + type: sha256 + value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a +- filename: pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/98/f0/848d7850eb8a65f3534c1f4d0e0ba8ba8de2d32a02fa9df1d41a08cc667f/pyzmq-22.0.3-cp38-cp38-manylinux2010_x86_64.whl + validation: + type: sha256 + value: 9221783dacb419604d5345d0e097bddef4459a9a95322de6c306bf1d9896559f +- filename: setuptools-56.0.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/ae/42/2876a3a136f8bfa9bd703518441c8db78ff1eeaddf174baa85c083c1fd15/setuptools-56.0.0-py3-none-any.whl + validation: + type: sha256 + value: 7430499900e443375ba9449a9cc5d78506b801e929fef4a186496012f93683b5 +- filename: six-1.15.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl + validation: + type: sha256 + value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced +- filename: tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/7a/4a/4fafa6f032f9e202ce5bc1becacef5588a34fd0f0539fdcc705fa2b5ca4a/tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl + validation: + type: sha256 + value: d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f +- filename: traitlets-5.0.5-py3-none-any.whl + url: https://files.pythonhosted.org/packages/f6/7d/3ecb0ebd0ce8dcdfa7bd47ab85c1d4a521e6770ef283d0824f5804994dfe/traitlets-5.0.5-py3-none-any.whl + validation: + type: sha256 + value: 69ff3f9d5351f31a7ad80443c2674b7099df13cc41fc5fa6e2f6d3b0330b0426 +- filename: wcwidth-0.2.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/59/7c/e39aca596badaf1b78e8f547c807b04dae603a433d3e7a7e04d67f2ef3e5/wcwidth-0.2.5-py2.py3-none-any.whl + validation: + type: sha256 + value: beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 # List of project maintainers maintainers: -- email: "remccarthy@sei.cmu.edu" - name: "Rob McCarthy" - username: "remccarthy" - cht_member: false - email: "daniel.komnick@gmail.com" name: "Daniel Komnick" username: "dkomnick" cht_member: false +- email: "remccarthy@sei.cmu.edu" + name: "Rob McCarthy" + username: "remccarthy" + cht_member: false -- GitLab From be1bcebde1f4acdad075efe4c14ea6af4cc8adee Mon Sep 17 00:00:00 2001 From: Komnick Date: Wed, 28 Apr 2021 17:28:57 -0400 Subject: [PATCH 28/36] updated README.md --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index 16636c1..086f736 100644 --- a/README.md +++ b/README.md @@ -4,4 +4,25 @@ A minimal jupyterlab notebook container implementing the jupyterlab interface (with left-navigation tabs etc.), Python3.8 (Iron Bank python36 base image) and pip version 21.0.1. +The following packages are included: plotly, pandas, matplot, seaborn, numba, numpy, scipy, scikit-learn, tqdm, urllib3, requests, beautifulsoup4, wordcloud, statsmodels, prophet, django, flask. + +Below are examples how how to import the packages: + 1. import plotly + 2. import pandas + 3. import matplot + 4. import seaborn + 5. import numba + 6. import numpy + 7. import scipy + 8. import sklearn + 9. import tqdm + 10. import urllib3 + 11. import requests + 12. from bs4 import BeautifulSoup + 13. from wordcloud import WordCloud + 14. import statsmodels + 15. import prophet + 16. import django + 17. import flask + This image is an UBI 8 refactor of the opensource Dockerfile here: https://github.com/jupyter/docker-stacks/tree/master/base-notebook. -- GitLab From 2333aa7618e11b4da719ef1d77839bdc00c2f4db Mon Sep 17 00:00:00 2001 From: Komnick Date: Wed, 28 Apr 2021 17:30:49 -0400 Subject: [PATCH 29/36] updated README.md --- README.md | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/README.md b/README.md index 086f736..d18657c 100644 --- a/README.md +++ b/README.md @@ -4,25 +4,6 @@ A minimal jupyterlab notebook container implementing the jupyterlab interface (with left-navigation tabs etc.), Python3.8 (Iron Bank python36 base image) and pip version 21.0.1. -The following packages are included: plotly, pandas, matplot, seaborn, numba, numpy, scipy, scikit-learn, tqdm, urllib3, requests, beautifulsoup4, wordcloud, statsmodels, prophet, django, flask. - -Below are examples how how to import the packages: - 1. import plotly - 2. import pandas - 3. import matplot - 4. import seaborn - 5. import numba - 6. import numpy - 7. import scipy - 8. import sklearn - 9. import tqdm - 10. import urllib3 - 11. import requests - 12. from bs4 import BeautifulSoup - 13. from wordcloud import WordCloud - 14. import statsmodels - 15. import prophet - 16. import django - 17. import flask +This image is also inherits all the AI/ML packages from the python38-ai image. This image is an UBI 8 refactor of the opensource Dockerfile here: https://github.com/jupyter/docker-stacks/tree/master/base-notebook. -- GitLab From 5c374635b822afa4637b5d423b751c58e5d7437d Mon Sep 17 00:00:00 2001 From: komnick Date: Fri, 14 May 2021 14:03:44 -0400 Subject: [PATCH 30/36] USER default --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index fccbe1d..fb766b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -69,8 +69,8 @@ RUN rm -rf /usr/share/doc/perl-IO-Socket-SSL/certs/ \ && chmod g-s /usr/libexec/openssh/ssh-keysign -# # The jovyan account is needed for Jupyter Lab -USER jovyan +#USER jovyan +USER default # Needed to use packges from multi-stage build in Jupyterlab # A new kernel is displayed and available for use within JupyterLab -- GitLab From 6240fe855333fb531d61bfc2799d7841660e839c Mon Sep 17 00:00:00 2001 From: cspicer Date: Mon, 17 May 2021 15:53:36 -0400 Subject: [PATCH 31/36] testing FROM statements --- Dockerfile | 18 +++++++++--------- hardening_manifest.yaml | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index fb766b5..05df505 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,16 @@ -#ARG BASE_REGISTRY=registry1.dso.mil -#ARG BASE_IMAGE=ironbank/carnegie-mellon/python-ai/python38-ai -#ARG BASE_TAG=3.8 -#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS multi-stage +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=ironbank/carnegie-mellon/python-ai/python38-ai +ARG BASE_TAG=3.8 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS multi-stage -FROM python38-ai:latest AS multi-stage +#FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai:3.8 AS multi-stage -#ARG BASE_REGISTRY=registry1.dso.mil -#ARG BASE_IMAGE=ironbank/opensource/jupyter/jupyterlab -#ARG BASE_TAG=2.2.9 +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=ironbank/opensource/jupyter/jupyterlab +ARG BASE_TAG=latest #FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -FROM jupyterlab:latest +FROM registry1.dso.mil/ironbank/opensource/jupyter/jupyterlab:latest COPY --from=multi-stage /opt/python /opt/python diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 639eae0..3f09c78 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "carnegie-mellon/jlab-eda" +name: "aiml/jupyter/jlab-eda" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/jupyter/jupyterlab" - BASE_TAG: "2.2.9" + BASE_TAG: "3.0.14" # Docker image labels labels: -- GitLab From 79f3dd95f573eb91ef0d3b43324dc82b90fafa99 Mon Sep 17 00:00:00 2001 From: cspicer Date: Mon, 17 May 2021 16:20:59 -0400 Subject: [PATCH 32/36] testing from statements --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 05df505..70b5e9f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,16 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/carnegie-mellon/python-ai/python38-ai ARG BASE_TAG=3.8 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS multi-stage +#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS multi-stage -#FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai:3.8 AS multi-stage +FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai:3.8 AS multi-stage ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/opensource/jupyter/jupyterlab ARG BASE_TAG=latest -#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -FROM registry1.dso.mil/ironbank/opensource/jupyter/jupyterlab:latest +#FROM registry1.dso.mil/ironbank/opensource/jupyter/jupyterlab:latest COPY --from=multi-stage /opt/python /opt/python -- GitLab From db35ca810c33d23cf03dcea54d70e0a8b47383d8 Mon Sep 17 00:00:00 2001 From: cspicer Date: Tue, 18 May 2021 09:17:21 -0400 Subject: [PATCH 33/36] restored jovyan user --- Dockerfile | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 70b5e9f..81ec98f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,16 @@ -ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=ironbank/carnegie-mellon/python-ai/python38-ai -ARG BASE_TAG=3.8 +#ARG BASE_REGISTRY=registry1.dso.mil +#ARG BASE_IMAGE=ironbank/carnegie-mellon/python-ai/python38-ai +#ARG BASE_TAG=3.8 #FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS multi-stage FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai:3.8 AS multi-stage -ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=ironbank/opensource/jupyter/jupyterlab -ARG BASE_TAG=latest -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +ARG BASE_REGISTRY="registry1.dso.mil" +ARG BASE_IMAGE="ironbank/opensource/jupyter/jupyterlab" +ARG BASE_TAG="latest" +#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -#FROM registry1.dso.mil/ironbank/opensource/jupyter/jupyterlab:latest +FROM registry1.dso.mil/ironbank/opensource/jupyter/jupyterlab:latest COPY --from=multi-stage /opt/python /opt/python @@ -69,8 +69,7 @@ RUN rm -rf /usr/share/doc/perl-IO-Socket-SSL/certs/ \ && chmod g-s /usr/libexec/openssh/ssh-keysign -#USER jovyan -USER default +USER jovyan # Needed to use packges from multi-stage build in Jupyterlab # A new kernel is displayed and available for use within JupyterLab -- GitLab From cf2688e4028d728a40aa94b2e0e0c0eb4e94d613 Mon Sep 17 00:00:00 2001 From: cspicer Date: Tue, 18 May 2021 18:38:05 -0400 Subject: [PATCH 34/36] corrected FROM statements --- Dockerfile | 21 ++++++++------------- hardening_manifest.yaml | 2 ++ 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 81ec98f..ca0f92b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,11 @@ -#ARG BASE_REGISTRY=registry1.dso.mil -#ARG BASE_IMAGE=ironbank/carnegie-mellon/python-ai/python38-ai -#ARG BASE_TAG=3.8 -#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS multi-stage - -FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai:3.8 AS multi-stage - -ARG BASE_REGISTRY="registry1.dso.mil" -ARG BASE_IMAGE="ironbank/opensource/jupyter/jupyterlab" -ARG BASE_TAG="latest" -#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -FROM registry1.dso.mil/ironbank/opensource/jupyter/jupyterlab:latest +ARG STAGE_REGISTRY=registry1.dso.mil +ARG STAGE_IMAGE=ironbank/carnegie-mellon/python-ai/python38-ai +ARG STAGE_TAG=3.8 +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=ironbank/opensource/jupyter/jupyterlab +ARG BASE_TAG=3.0.14 +FROM ${STAGE_REGISTRY}/${STAGE_IMAGE}:${STAGE_TAG} AS multi-stage +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} COPY --from=multi-stage /opt/python /opt/python diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 3f09c78..8711954 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -13,6 +13,8 @@ tags: # Build args passed to Dockerfile ARGs args: + STAGE_IMAGE: "ironbank/carnegie-mellon/python-ai/python38-ai" + STAGE_TAG: "3.8" BASE_IMAGE: "opensource/jupyter/jupyterlab" BASE_TAG: "3.0.14" -- GitLab From f9ff9e86eee2d683703de22149e615f4f9456996 Mon Sep 17 00:00:00 2001 From: cspicer Date: Tue, 25 May 2021 14:19:01 -0400 Subject: [PATCH 35/36] fix yum perl conflict --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ca0f92b..faaf13d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,8 @@ COPY --from=multi-stage /opt/python /opt/python ENV PATH="/opt/python/venv/bin:$PATH" USER root - +#Workaround for perl issue preventing yum upgrade +RUN yum remove -y perl-threads RUN yum upgrade -y \ && yum clean all -y \ && yum install -y \ @@ -61,6 +62,7 @@ RUN rm -rf /usr/share/doc/perl-IO-Socket-SSL/certs/ \ && rm -rf /usr/share/doc/perl-IO-Socket-SSL/example/ \ && rm -rf /usr/share/doc/perl-IO-Socket-SSL/example/ \ && rm -rf /usr/share/doc/perl-Net-SSLeay/examples/server_key.pem \ + && rm -rf /opt/python/venv/lib/python3.8/site-packages/tornado/test/test.key \ && chmod g-s /usr/libexec/openssh/ssh-keysign -- GitLab From 23ff93d895d18088cf48d15b10e216b1ea20cfc6 Mon Sep 17 00:00:00 2001 From: cspicer Date: Tue, 25 May 2021 16:26:06 -0400 Subject: [PATCH 36/36] removed wget --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index faaf13d..bf8123c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,7 +21,6 @@ RUN yum upgrade -y \ vim \ zip \ unzip \ - wget \ net-tools \ # gcc is needed for prophet gcc-c++ \ -- GitLab