From a1908ea10cae99cc7a64a792fdbb04658ddbc323 Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Fri, 4 Jun 2021 11:17:44 -0400
Subject: [PATCH 01/21] init commit

---
 Dockerfile              | 23 +++++++++++++++++++++++
 LICENSE                 |  0
 hardening_manifest.yaml | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 LICENSE
 create mode 100644 hardening_manifest.yaml

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..48524be
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,23 @@
+FROM registry1.dso.mil/ironbank/opensource/r/r-studio as base
+
+FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as final
+
+COPY --from=base /etc/init.d/ /etc/init.d/
+COPY --from=base /etc/rstudio/ /etc/rstudio/
+COPY --from=base /opt/R/ /opt/R/
+COPY --from=base /usr/lib/ /usr/lib
+COPY --from=base /usr/lib64/ /usr/lib64
+COPY --from=base /usr/local/bin/ /usr/local/bin/
+COPY --from=base /var/lib/rstudio-server/ /var/lib/rstudio-server/
+COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/
+
+USER root
+
+RUN chown -R python3 /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
+    chmod -R g=u /var/lib/rstudio-server && \
+    chmod -R g=u /etc/rstudio && \
+    chmod +t /var/run/rstudio-server
+    #chkconfig rstudio-server off
+
+USER 1001
+RUN env
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..e69de29
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
new file mode 100644
index 0000000..9d6fcda
--- /dev/null
+++ b/hardening_manifest.yaml
@@ -0,0 +1,40 @@
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "aiml/r/rstudio"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "1.4.1106"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "carnegie-mellon/python-ai/python38-ai"
+  BASE_TAG: "latest"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "rstudio"
+  org.opencontainers.image.description: "JupyterLab is the next-generation web-based user interface for Project Jupyter."
+  org.opencontainers.image.licenses: "MIT License (MIT)"
+  org.opencontainers.image.url: " "
+  org.opencontainers.image.vendor: "rstudio"
+  org.opencontainers.image.version: "1.4.1106"
+  mil.dso.ironbank.image.keywords: "jupyter,notebook,terminal,text editor,datascience,ui,data,science"
+  mil.dso.ironbank.image.type: "opensource"
+  mil.dso.ironbank.product.name: "jupyterlab"
+
+# List of project maintainers
+maintainers:
+- email: "remccarthy@sei.cmu.edu"
+  name: "Rob McCarthy"
+  username: "remccarthy"
+  cht_member: false
+- email: "daniel.komnick@gmail.com"
+  name: "Daniel Komnick"
+  username: "dkomnick"
+  cht_member: false
-- 
GitLab


From 7cfe27da526a5f688f5ce3f2c7d2641840437fd0 Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Fri, 4 Jun 2021 11:30:18 -0400
Subject: [PATCH 02/21] python3 -> python user

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 48524be..53407ce 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,7 +13,7 @@ COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/
 
 USER root
 
-RUN chown -R python3 /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
+RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
     chmod -R g=u /var/lib/rstudio-server && \
     chmod -R g=u /etc/rstudio && \
     chmod +t /var/run/rstudio-server
-- 
GitLab


From 5d58d924779f0bba643edc782ea2522b378139f9 Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Wed, 9 Jun 2021 17:13:22 +0000
Subject: [PATCH 03/21] Add HEALTHCHECK

---
 Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 53407ce..dd9be9f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,5 +19,7 @@ RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
     chmod +t /var/run/rstudio-server
     #chkconfig rstudio-server off
 
+HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
+
 USER 1001
 RUN env
-- 
GitLab


From 4adc6b8427fa3821155f4d3df5973b5a9827224e Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Wed, 9 Jun 2021 17:14:14 +0000
Subject: [PATCH 04/21] add ENTRYPOINT

---
 Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index dd9be9f..f1803e9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,4 +22,7 @@ RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
 HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
 
 USER 1001
-RUN env
+EXPOSE 8787
+
+ENTRYPOINT ["rstudio-server", "start"]
+
-- 
GitLab


From 8fb3037c6a7f25f534186f66e0fdb779c6542e7d Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Wed, 9 Jun 2021 15:57:59 -0400
Subject: [PATCH 05/21] restructure base image (TODO: add tini?)

---
 Dockerfile | 21 ++++-----------------
 1 file changed, 4 insertions(+), 17 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f1803e9..280b77c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,23 +1,10 @@
-FROM registry1.dso.mil/ironbank/opensource/r/r-studio as base
+FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as base 
 
-FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as final
+FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final
 
-COPY --from=base /etc/init.d/ /etc/init.d/
-COPY --from=base /etc/rstudio/ /etc/rstudio/
-COPY --from=base /opt/R/ /opt/R/
-COPY --from=base /usr/lib/ /usr/lib
-COPY --from=base /usr/lib64/ /usr/lib64
 COPY --from=base /usr/local/bin/ /usr/local/bin/
-COPY --from=base /var/lib/rstudio-server/ /var/lib/rstudio-server/
-COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/
-
-USER root
-
-RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
-    chmod -R g=u /var/lib/rstudio-server && \
-    chmod -R g=u /etc/rstudio && \
-    chmod +t /var/run/rstudio-server
-    #chkconfig rstudio-server off
+COPY --from=base /usr/local/lib/ /usr/local/lib/
+COPY --from=base /opt/python/ /opt/python/
 
 HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
 
-- 
GitLab


From 07c122a43e1892682666f1c927fc9934ec5b651a Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Thu, 10 Jun 2021 16:11:51 -0400
Subject: [PATCH 06/21] add dumb-init

---
 Dockerfile              | 8 +++++++-
 hardening_manifest.yaml | 7 +++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 280b77c..6c9891f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,14 +2,20 @@ FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as base
 
 FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final
 
+USER root 
+
 COPY --from=base /usr/local/bin/ /usr/local/bin/
 COPY --from=base /usr/local/lib/ /usr/local/lib/
 COPY --from=base /opt/python/ /opt/python/
 
+COPY dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init
+RUN chmod +x /usr/local/bin/dumb-init
+
 HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
 
 USER 1001
 EXPOSE 8787
 
-ENTRYPOINT ["rstudio-server", "start"]
+ENTRYPOINT ["dumb-init", "--"]
+CMD ["rstudio-server", "start"]
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 9d6fcda..c902478 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -28,6 +28,13 @@ labels:
   mil.dso.ironbank.image.type: "opensource"
   mil.dso.ironbank.product.name: "jupyterlab"
 
+resources:
+  - filename: dumb-init_1.2.5_x86_64
+    url: https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64
+    validation:
+      type: sha256
+      value: e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df 
+
 # List of project maintainers
 maintainers:
 - email: "remccarthy@sei.cmu.edu"
-- 
GitLab


From b1038936861baccd9f43a8d553c79b335a22f96d Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Thu, 10 Jun 2021 16:14:12 -0400
Subject: [PATCH 07/21] switch to tini

---
 Dockerfile              | 6 +++---
 hardening_manifest.yaml | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6c9891f..f6f53b8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,14 +8,14 @@ COPY --from=base /usr/local/bin/ /usr/local/bin/
 COPY --from=base /usr/local/lib/ /usr/local/lib/
 COPY --from=base /opt/python/ /opt/python/
 
-COPY dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init
-RUN chmod +x /usr/local/bin/dumb-init
+COPY tini /usr/local/bin/tini
+RUN chmod +x /usr/local/bin/tini
 
 HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
 
 USER 1001
 EXPOSE 8787
 
-ENTRYPOINT ["dumb-init", "--"]
+ENTRYPOINT ["tini", "-g", "--"]
 CMD ["rstudio-server", "start"]
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index c902478..c8503fc 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -29,11 +29,11 @@ labels:
   mil.dso.ironbank.product.name: "jupyterlab"
 
 resources:
-  - filename: dumb-init_1.2.5_x86_64
-    url: https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64
+  - filename: tini 
+    url: https://github.com/krallin/tini/releases/download/v0.19.0/tini 
     validation:
       type: sha256
-      value: e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df 
+      value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c 
 
 # List of project maintainers
 maintainers:
-- 
GitLab


From 240bf0e2865570b06226700826c0c80f4a0d75a3 Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Tue, 10 Aug 2021 13:40:45 -0400
Subject: [PATCH 08/21] update hm with compat-openssl resource

---
 Dockerfile                    | 28 ++++++++++++++++++++--------
 hardening_manifest.yaml       | 15 ++++++++++-----
 scripts/builder/Dockerfile    | 19 +++++++++++++++++++
 scripts/builder/entrypoint.sh |  6 ++++++
 4 files changed, 55 insertions(+), 13 deletions(-)
 create mode 100644 scripts/builder/Dockerfile
 create mode 100644 scripts/builder/entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index f6f53b8..3bd0935 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,33 @@
-FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as base 
+FROM registry1.dso.mil/ironbank/opensource/r/r-studio as base
 
-FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final
-
-USER root 
+FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as final
 
+COPY --from=base /etc/init.d/ /etc/init.d/
+COPY --from=base /etc/rstudio/ /etc/rstudio/
+COPY --from=base /opt/R/ /opt/R/
+COPY --from=base /usr/lib/ /usr/lib
+COPY --from=base /usr/lib64/ /usr/lib64
 COPY --from=base /usr/local/bin/ /usr/local/bin/
-COPY --from=base /usr/local/lib/ /usr/local/lib/
-COPY --from=base /opt/python/ /opt/python/
+COPY --from=base /var/lib/rstudio-server/ /var/lib/rstudio-server/
+COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/
+
+USER root
 
 COPY tini /usr/local/bin/tini
 RUN chmod +x /usr/local/bin/tini
 
-HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
+RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
+    chmod -R g=u /var/lib/rstudio-server && \
+    chmod -R g=u /etc/rstudio && \
+    chmod +t /var/run/rstudio-server
+
+WORKDIR /tmp/repo
+COPY compat-openssl10.tar.gz .
+RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
+RUN yum install -y /tmp/repo/*
 
 USER 1001
 EXPOSE 8787
 
 ENTRYPOINT ["tini", "-g", "--"]
 CMD ["rstudio-server", "start"]
-
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index c8503fc..f362951 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -29,11 +29,16 @@ labels:
   mil.dso.ironbank.product.name: "jupyterlab"
 
 resources:
-  - filename: tini 
-    url: https://github.com/krallin/tini/releases/download/v0.19.0/tini 
-    validation:
-      type: sha256
-      value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c 
+- filename: tini 
+  url: https://github.com/krallin/tini/releases/download/v0.19.0/tini 
+  validation:
+    type: sha256
+    value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c 
+- filename: compat-openssl10.tar.gz
+  url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz
+  validation:
+    type: sha256sum
+    value: fdb79c098b4b9fdc16f4a05470a939156a03ae49c876d1e5e8fce507594e5c58
 
 # List of project maintainers
 maintainers:
diff --git a/scripts/builder/Dockerfile b/scripts/builder/Dockerfile
new file mode 100644
index 0000000..9a32274
--- /dev/null
+++ b/scripts/builder/Dockerfile
@@ -0,0 +1,19 @@
+FROM registry1.dso.mil/ironbank/redhat/ubi/ubi8:latest
+
+# usage
+# build the container:
+# docker build --build-arg RHEL_USERNAME='username' --build-arg RHEL_PASSWORD='password' -t rstudio:builder .
+# run the container
+# docker run -v $(pwd):/outdir
+# see tarball in cwd
+
+ARG RHEL_USERNAME
+ARG RHEL_PASSWORD
+
+RUN subscription-manager register --auto-attach --username $RHEL_USERNAME --password $RHEL_PASSWORD
+
+RUN subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms --enable codeready-builder-for-rhel-8-x86_64-rpms
+
+COPY entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/scripts/builder/entrypoint.sh b/scripts/builder/entrypoint.sh
new file mode 100644
index 0000000..f2e2aee
--- /dev/null
+++ b/scripts/builder/entrypoint.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+yum install -y --downloadonly --downloaddir=/tmp/repo compat-openssl10
+tar cvf compat-openssl10.tar.gz -C /tmp/repo .
+mv compat-openssl10.tar.gz /outdir/
+
-- 
GitLab


From 39f3f2b34783a7078c0dc1649e45ce9499b5c065 Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Tue, 10 Aug 2021 13:34:30 -0400
Subject: [PATCH 09/21] update hm with compat-openssl resource

---
 Dockerfile                    | 6 ++++++
 hardening_manifest.yaml       | 2 +-
 scripts/builder/Dockerfile    | 1 +
 scripts/builder/entrypoint.sh | 1 +
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 3bd0935..4e823ac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,6 +26,12 @@ COPY compat-openssl10.tar.gz .
 RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
 RUN yum install -y /tmp/repo/*
 
+WORKDIR /tmp/repo
+COPY compat-openssl10.tar.gz .
+RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
+RUN yum install -y /tmp/repo/*
+
+
 USER 1001
 EXPOSE 8787
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index f362951..77c25d2 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -38,7 +38,7 @@ resources:
   url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz
   validation:
     type: sha256sum
-    value: fdb79c098b4b9fdc16f4a05470a939156a03ae49c876d1e5e8fce507594e5c58
+    value: b7ce2eb6b599b4a396d196fbd90854f09fe1c81298c910e2f19d25692bfc6393 
 
 # List of project maintainers
 maintainers:
diff --git a/scripts/builder/Dockerfile b/scripts/builder/Dockerfile
index 9a32274..bdb571c 100644
--- a/scripts/builder/Dockerfile
+++ b/scripts/builder/Dockerfile
@@ -13,6 +13,7 @@ ARG RHEL_PASSWORD
 RUN subscription-manager register --auto-attach --username $RHEL_USERNAME --password $RHEL_PASSWORD
 
 RUN subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms --enable codeready-builder-for-rhel-8-x86_64-rpms
+RUN yum install -y createrepo
 
 COPY entrypoint.sh /
 RUN chmod +x /entrypoint.sh
diff --git a/scripts/builder/entrypoint.sh b/scripts/builder/entrypoint.sh
index f2e2aee..789913a 100644
--- a/scripts/builder/entrypoint.sh
+++ b/scripts/builder/entrypoint.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 yum install -y --downloadonly --downloaddir=/tmp/repo compat-openssl10
+createrepo /tmp/repo
 tar cvf compat-openssl10.tar.gz -C /tmp/repo .
 mv compat-openssl10.tar.gz /outdir/
 
-- 
GitLab


From 68aeab6c3d388827a40486c7d6b6908f42918052 Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Tue, 10 Aug 2021 13:41:38 -0400
Subject: [PATCH 10/21] update hm with compat-openssl resource

---
 Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 4e823ac..db52d4d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,7 +31,6 @@ COPY compat-openssl10.tar.gz .
 RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
 RUN yum install -y /tmp/repo/*
 
-
 USER 1001
 EXPOSE 8787
 
-- 
GitLab


From 41a40e856b8ee7e11aee0ebf1540166ba4d69f3d Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Tue, 10 Aug 2021 13:43:47 -0400
Subject: [PATCH 11/21] sha256sum -> sha256

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 77c25d2..cbb0158 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -37,7 +37,7 @@ resources:
 - filename: compat-openssl10.tar.gz
   url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz
   validation:
-    type: sha256sum
+    type: sha256
     value: b7ce2eb6b599b4a396d196fbd90854f09fe1c81298c910e2f19d25692bfc6393 
 
 # List of project maintainers
-- 
GitLab


From d89f533228384e8af9d994c22fd76f932ede8308 Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Tue, 10 Aug 2021 13:59:43 -0400
Subject: [PATCH 12/21] fix repodata not recognized

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index db52d4d..7322d01 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -29,7 +29,7 @@ RUN yum install -y /tmp/repo/*
 WORKDIR /tmp/repo
 COPY compat-openssl10.tar.gz .
 RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
-RUN yum install -y /tmp/repo/*
+RUN yum install -y /tmp/repo/*.rpm
 
 USER 1001
 EXPOSE 8787
-- 
GitLab


From a5417f9aab0d3cce15968317653d8caa47364a9f Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Tue, 10 Aug 2021 14:34:07 -0400
Subject: [PATCH 13/21] fix repodata not recognized

---
 Dockerfile | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7322d01..982f1c8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,11 +21,6 @@ RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
     chmod -R g=u /etc/rstudio && \
     chmod +t /var/run/rstudio-server
 
-WORKDIR /tmp/repo
-COPY compat-openssl10.tar.gz .
-RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
-RUN yum install -y /tmp/repo/*
-
 WORKDIR /tmp/repo
 COPY compat-openssl10.tar.gz .
 RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
-- 
GitLab


From e0a0a91e138c370368d2e8175e2bc1884671dbaf Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Tue, 10 Aug 2021 15:47:39 -0400
Subject: [PATCH 14/21] refactor to build with rstudio as final rather than
 base

---
 Dockerfile | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 982f1c8..b9e0244 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,22 +1,16 @@
-FROM registry1.dso.mil/ironbank/opensource/r/r-studio as base
+FROM registry1.dso.mil/ironbank/aiml/python/python-r-ai as base
+FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final
 
-FROM registry1.dso.mil/ironbank/carnegie-mellon/python-ai/python38-ai as final
-
-COPY --from=base /etc/init.d/ /etc/init.d/
-COPY --from=base /etc/rstudio/ /etc/rstudio/
-COPY --from=base /opt/R/ /opt/R/
-COPY --from=base /usr/lib/ /usr/lib
-COPY --from=base /usr/lib64/ /usr/lib64
 COPY --from=base /usr/local/bin/ /usr/local/bin/
-COPY --from=base /var/lib/rstudio-server/ /var/lib/rstudio-server/
-COPY --from=base /var/run/rstudio-server/ /var/run/rstudio-server/
+COPY --from=base /usr/local/lib/ /usr/local/lib/
+COPY --from=base /opt/python/ /opt/python/
 
 USER root
 
 COPY tini /usr/local/bin/tini
 RUN chmod +x /usr/local/bin/tini
 
-RUN chown -R python /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
+RUN chown -R default /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && \
     chmod -R g=u /var/lib/rstudio-server && \
     chmod -R g=u /etc/rstudio && \
     chmod +t /var/run/rstudio-server
-- 
GitLab


From 9b4bd106147285590cbd4678fcbbb0d5cd574e26 Mon Sep 17 00:00:00 2001
From: Rob McCarthy <remccarthy@sei.cmu.edu>
Date: Wed, 11 Aug 2021 15:25:14 -0400
Subject: [PATCH 15/21] add HEALTHCHECK

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index b9e0244..1890d27 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,6 +22,7 @@ RUN yum install -y /tmp/repo/*.rpm
 
 USER 1001
 EXPOSE 8787
+HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
 
 ENTRYPOINT ["tini", "-g", "--"]
 CMD ["rstudio-server", "start"]
-- 
GitLab


From 2af6b3a66da505aef81f3c944577a6d7983d1dea Mon Sep 17 00:00:00 2001
From: Al Fontaine <alan.fontaine@centauricorp.com>
Date: Thu, 19 Aug 2021 13:30:36 +0000
Subject: [PATCH 16/21] Update hardening_manifest.yaml

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index cbb0158..8aef531 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -14,7 +14,7 @@ tags:
 # Build args passed to Dockerfile ARGs
 args:
   BASE_IMAGE: "carnegie-mellon/python-ai/python38-ai"
-  BASE_TAG: "latest"
+  BASE_TAG: "3.8"
 
 # Docker image labels
 labels:
-- 
GitLab


From dc55ca241a634c4fd327e3ff029ad55d3265c6d2 Mon Sep 17 00:00:00 2001
From: Al Fontaine <alan.fontaine@centauricorp.com>
Date: Thu, 19 Aug 2021 16:10:08 +0000
Subject: [PATCH 17/21] Update hardening_manifest.yaml

---
 hardening_manifest.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 8aef531..34553d8 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -13,8 +13,8 @@ tags:
 
 # Build args passed to Dockerfile ARGs
 args:
-  BASE_IMAGE: "carnegie-mellon/python-ai/python38-ai"
-  BASE_TAG: "3.8"
+  BASE_IMAGE: "opensource/r/r-studio"
+  BASE_TAG: "1.4.1717"
 
 # Docker image labels
 labels:
-- 
GitLab


From 17f38c505e01a37afd9c368222b676cfd6e9a043 Mon Sep 17 00:00:00 2001
From: Al Fontaine <alan.fontaine@centauricorp.com>
Date: Thu, 19 Aug 2021 16:11:54 +0000
Subject: [PATCH 18/21] Update Dockerfile

---
 Dockerfile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 1890d27..70ded08 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,10 @@
+ARG BASE_REGISTRY=registry1.dso.mil
+ARG BASE_IMAGE=ironbank/opensource/r/r-studio
+ARG BASE_TAG=latest
+
 FROM registry1.dso.mil/ironbank/aiml/python/python-r-ai as base
-FROM registry1.dso.mil/ironbank/opensource/r/r-studio as final
+
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
 COPY --from=base /usr/local/bin/ /usr/local/bin/
 COPY --from=base /usr/local/lib/ /usr/local/lib/
-- 
GitLab


From 6acac1e8461e1b5c55e4bc7241e3693d22bc0da0 Mon Sep 17 00:00:00 2001
From: "jose.morales" <jose.a.morales294.ctr@mail.mil>
Date: Tue, 24 Aug 2021 14:42:40 +0000
Subject: [PATCH 19/21] Update README.md

---
 README.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5dc6fa6..0e65d87 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,14 @@
 # <application name>
+RStudio
 
-Project template for all Iron Bank container repositories.
\ No newline at end of file
+RStudio is an integrated development environment (IDE) for the R programming language. Some of its features include:
+
+Customizable workbench with all of the tools required to work with R in one place (console, source, plots, workspace, help, history, etc.).
+Syntax highlighting editor with code completion.
+Execute code directly from the source editor (line, selection, or file).
+Full support for authoring Sweave and TeX documents.
+Runs on Windows, Mac, and Linux, and has a community-maintained FreeBSD port.
+Can also be run as a server, enabling multiple users to access the RStudio IDE using a web browser.
+For more information on RStudio please visit the project website.
+
+This artificial intelligenc enhanced version contains relevant AI and machine learning languages inherited from  Python-r-A a robust upstream image housing packages, libraries, and tools for AI/ML for both R and Python languages, you can learn more here: https://repo1.dso.mil/dsop/aiml/python/python-r-ai/-/tree/master
-- 
GitLab


From 45b51404e872e01c06ab2adb5cfdc012fbd5a3c6 Mon Sep 17 00:00:00 2001
From: Doug Reynolds <djreynolds@sei.cmu.edu>
Date: Tue, 24 Aug 2021 15:04:04 -0400
Subject: [PATCH 20/21] Updated rpm to use CentoOS-sourced compat-openssl10

---
 .gitignore                            |  2 ++
 Dockerfile                            | 12 +++++++----
 hardening_manifest.yaml               |  6 +++---
 signatures/RPM-GPG-KEY-centosofficial | 30 +++++++++++++++++++++++++++
 4 files changed, 43 insertions(+), 7 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 signatures/RPM-GPG-KEY-centosofficial

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..db1c809
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/tini
+/compat-openssl10.tar.*
diff --git a/Dockerfile b/Dockerfile
index 70ded08..39f8173 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,10 +20,14 @@ RUN chown -R default /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ &&
     chmod -R g=u /etc/rstudio && \
     chmod +t /var/run/rstudio-server
 
-WORKDIR /tmp/repo
-COPY compat-openssl10.tar.gz .
-RUN tar xvf /tmp/repo/compat-openssl10.tar.gz
-RUN yum install -y /tmp/repo/*.rpm
+
+RUN mkdir -p /tmp/repo
+COPY signatures/RPM-GPG-KEY-centosofficial /tmp/repo
+ADD compat-openssl10.tar.xz /tmp/repo
+RUN rpm --import /tmp/repo/RPM-GPG-KEY-centosofficial && \
+    dnf install -y /tmp/repo/packages/*.rpm && \
+    rm -frv /tmp/repo && \
+    dnf clean all -y
 
 USER 1001
 EXPOSE 8787
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 34553d8..e52ed9f 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -34,11 +34,11 @@ resources:
   validation:
     type: sha256
     value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c 
-- filename: compat-openssl10.tar.gz
-  url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz
+- filename: compat-openssl10.tar.xz
+  url: https://coeusblobstorage.z13.web.core.windows.net/centos/8/compat-openssl10.tar.xz
   validation:
     type: sha256
-    value: b7ce2eb6b599b4a396d196fbd90854f09fe1c81298c910e2f19d25692bfc6393 
+    value: 0ee7a2a2d59c2f71f42e753d8882de8de91725fa7c3b40f5bb36f8a4f6b637a2
 
 # List of project maintainers
 maintainers:
diff --git a/signatures/RPM-GPG-KEY-centosofficial b/signatures/RPM-GPG-KEY-centosofficial
new file mode 100644
index 0000000..30235a8
--- /dev/null
+++ b/signatures/RPM-GPG-KEY-centosofficial
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQINBFzMWxkBEADHrskpBgN9OphmhRkc7P/YrsAGSvvl7kfu+e9KAaU6f5MeAVyn
+rIoM43syyGkgFyWgjZM8/rur7EMPY2yt+2q/1ZfLVCRn9856JqTIq0XRpDUe4nKQ
+8BlA7wDVZoSDxUZkSuTIyExbDf0cpw89Tcf62Mxmi8jh74vRlPy1PgjWL5494b3X
+5fxDidH4bqPZyxTBqPrUFuo+EfUVEqiGF94Ppq6ZUvrBGOVo1V1+Ifm9CGEK597c
+aevcGc1RFlgxIgN84UpuDjPR9/zSndwJ7XsXYvZ6HXcKGagRKsfYDWGPkA5cOL/e
+f+yObOnC43yPUvpggQ4KaNJ6+SMTZOKikM8yciyBwLqwrjo8FlJgkv8Vfag/2UR7
+JINbyqHHoLUhQ2m6HXSwK4YjtwidF9EUkaBZWrrskYR3IRZLXlWqeOi/+ezYOW0m
+vufrkcvsh+TKlVVnuwmEPjJ8mwUSpsLdfPJo1DHsd8FS03SCKPaXFdD7ePfEjiYk
+nHpQaKE01aWVSLUiygn7F7rYemGqV9Vt7tBw5pz0vqSC72a5E3zFzIIuHx6aANry
+Gat3aqU3qtBXOrA/dPkX9cWE+UR5wo/A2UdKJZLlGhM2WRJ3ltmGT48V9CeS6N9Y
+m4CKdzvg7EWjlTlFrd/8WJ2KoqOE9leDPeXRPncubJfJ6LLIHyG09h9kKQARAQAB
+tDpDZW50T1MgKENlbnRPUyBPZmZpY2lhbCBTaWduaW5nIEtleSkgPHNlY3VyaXR5
+QGNlbnRvcy5vcmc+iQI3BBMBAgAhBQJczFsZAhsDBgsJCAcDAgYVCAIJCgsDFgIB
+Ah4BAheAAAoJEAW1VbOEg8ZdjOsP/2ygSxH9jqffOU9SKyJDlraL2gIutqZ3B8pl
+Gy/Qnb9QD1EJVb4ZxOEhcY2W9VJfIpnf3yBuAto7zvKe/G1nxH4Bt6WTJQCkUjcs
+N3qPWsx1VslsAEz7bXGiHym6Ay4xF28bQ9XYIokIQXd0T2rD3/lNGxNtORZ2bKjD
+vOzYzvh2idUIY1DgGWJ11gtHFIA9CvHcW+SMPEhkcKZJAO51ayFBqTSSpiorVwTq
+a0cB+cgmCQOI4/MY+kIvzoexfG7xhkUqe0wxmph9RQQxlTbNQDCdaxSgwbF2T+gw
+byaDvkS4xtR6Soj7BKjKAmcnf5fn4C5Or0KLUqMzBtDMbfQQihn62iZJN6ZZ/4dg
+q4HTqyVpyuzMXsFpJ9L/FqH2DJ4exGGpBv00ba/Zauy7GsqOc5PnNBsYaHCply0X
+407DRx51t9YwYI/ttValuehq9+gRJpOTTKp6AjZn/a5Yt3h6jDgpNfM/EyLFIY9z
+V6CXqQQ/8JRvaik/JsGCf+eeLZOw4koIjZGEAg04iuyNTjhx0e/QHEVcYAqNLhXG
+rCTTbCn3NSUO9qxEXC+K/1m1kaXoCGA0UWlVGZ1JSifbbMx0yxq/brpEZPUYm+32
+o8XfbocBWljFUJ+6aljTvZ3LQLKTSPW7TFO+GXycAOmCGhlXh2tlc6iTc41PACqy
+yy+mHmSv
+=kkH7
+-----END PGP PUBLIC KEY BLOCK-----
-- 
GitLab


From 62fa8c51ccfd7c02d91527d30434471b5baf4bff Mon Sep 17 00:00:00 2001
From: Doug Reynolds <djreynolds@sei.cmu.edu>
Date: Tue, 24 Aug 2021 15:43:22 -0400
Subject: [PATCH 21/21] Removed installation of compat-openssl and make, not
 needed

---
 Dockerfile              | 9 ---------
 hardening_manifest.yaml | 5 -----
 2 files changed, 14 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 39f8173..88e55d6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,15 +20,6 @@ RUN chown -R default /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ &&
     chmod -R g=u /etc/rstudio && \
     chmod +t /var/run/rstudio-server
 
-
-RUN mkdir -p /tmp/repo
-COPY signatures/RPM-GPG-KEY-centosofficial /tmp/repo
-ADD compat-openssl10.tar.xz /tmp/repo
-RUN rpm --import /tmp/repo/RPM-GPG-KEY-centosofficial && \
-    dnf install -y /tmp/repo/packages/*.rpm && \
-    rm -frv /tmp/repo && \
-    dnf clean all -y
-
 USER 1001
 EXPOSE 8787
 HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index e52ed9f..e1f2a0f 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -34,11 +34,6 @@ resources:
   validation:
     type: sha256
     value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c 
-- filename: compat-openssl10.tar.xz
-  url: https://coeusblobstorage.z13.web.core.windows.net/centos/8/compat-openssl10.tar.xz
-  validation:
-    type: sha256
-    value: 0ee7a2a2d59c2f71f42e753d8882de8de91725fa7c3b40f5bb36f8a4f6b637a2
 
 # List of project maintainers
 maintainers:
-- 
GitLab