diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..db1c809a848639d3c7528aacd4beebf23907b18c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/tini +/compat-openssl10.tar.* diff --git a/Dockerfile b/Dockerfile index 70ded08a08de020a8b6201bccffe85a232cca306..39f81732b79fa529b4aa750f88ecb1f21e665413 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,10 +20,14 @@ RUN chown -R default /var/lib/rstudio-server /var/run/rstudio-server /opt/R/ && chmod -R g=u /etc/rstudio && \ chmod +t /var/run/rstudio-server -WORKDIR /tmp/repo -COPY compat-openssl10.tar.gz . -RUN tar xvf /tmp/repo/compat-openssl10.tar.gz -RUN yum install -y /tmp/repo/*.rpm + +RUN mkdir -p /tmp/repo +COPY signatures/RPM-GPG-KEY-centosofficial /tmp/repo +ADD compat-openssl10.tar.xz /tmp/repo +RUN rpm --import /tmp/repo/RPM-GPG-KEY-centosofficial && \ + dnf install -y /tmp/repo/packages/*.rpm && \ + rm -frv /tmp/repo && \ + dnf clean all -y USER 1001 EXPOSE 8787 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 34553d80969424291d03f9bd503e852621a54d04..e52ed9f269e11dcee17962ab5b3f96b903c9aac0 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -34,11 +34,11 @@ resources: validation: type: sha256 value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c -- filename: compat-openssl10.tar.gz - url: http://coeus-fileserver.centralus.cloudapp.azure.com/compat-openssl10.tar.gz +- filename: compat-openssl10.tar.xz + url: https://coeusblobstorage.z13.web.core.windows.net/centos/8/compat-openssl10.tar.xz validation: type: sha256 - value: b7ce2eb6b599b4a396d196fbd90854f09fe1c81298c910e2f19d25692bfc6393 + value: 0ee7a2a2d59c2f71f42e753d8882de8de91725fa7c3b40f5bb36f8a4f6b637a2 # List of project maintainers maintainers: diff --git a/signatures/RPM-GPG-KEY-centosofficial b/signatures/RPM-GPG-KEY-centosofficial new file mode 100644 index 0000000000000000000000000000000000000000..30235a8647634c1706cfde7095c82c5a821e4bab --- /dev/null +++ b/signatures/RPM-GPG-KEY-centosofficial @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQINBFzMWxkBEADHrskpBgN9OphmhRkc7P/YrsAGSvvl7kfu+e9KAaU6f5MeAVyn +rIoM43syyGkgFyWgjZM8/rur7EMPY2yt+2q/1ZfLVCRn9856JqTIq0XRpDUe4nKQ +8BlA7wDVZoSDxUZkSuTIyExbDf0cpw89Tcf62Mxmi8jh74vRlPy1PgjWL5494b3X +5fxDidH4bqPZyxTBqPrUFuo+EfUVEqiGF94Ppq6ZUvrBGOVo1V1+Ifm9CGEK597c +aevcGc1RFlgxIgN84UpuDjPR9/zSndwJ7XsXYvZ6HXcKGagRKsfYDWGPkA5cOL/e +f+yObOnC43yPUvpggQ4KaNJ6+SMTZOKikM8yciyBwLqwrjo8FlJgkv8Vfag/2UR7 +JINbyqHHoLUhQ2m6HXSwK4YjtwidF9EUkaBZWrrskYR3IRZLXlWqeOi/+ezYOW0m +vufrkcvsh+TKlVVnuwmEPjJ8mwUSpsLdfPJo1DHsd8FS03SCKPaXFdD7ePfEjiYk +nHpQaKE01aWVSLUiygn7F7rYemGqV9Vt7tBw5pz0vqSC72a5E3zFzIIuHx6aANry +Gat3aqU3qtBXOrA/dPkX9cWE+UR5wo/A2UdKJZLlGhM2WRJ3ltmGT48V9CeS6N9Y +m4CKdzvg7EWjlTlFrd/8WJ2KoqOE9leDPeXRPncubJfJ6LLIHyG09h9kKQARAQAB +tDpDZW50T1MgKENlbnRPUyBPZmZpY2lhbCBTaWduaW5nIEtleSkgPHNlY3VyaXR5 +QGNlbnRvcy5vcmc+iQI3BBMBAgAhBQJczFsZAhsDBgsJCAcDAgYVCAIJCgsDFgIB +Ah4BAheAAAoJEAW1VbOEg8ZdjOsP/2ygSxH9jqffOU9SKyJDlraL2gIutqZ3B8pl +Gy/Qnb9QD1EJVb4ZxOEhcY2W9VJfIpnf3yBuAto7zvKe/G1nxH4Bt6WTJQCkUjcs +N3qPWsx1VslsAEz7bXGiHym6Ay4xF28bQ9XYIokIQXd0T2rD3/lNGxNtORZ2bKjD +vOzYzvh2idUIY1DgGWJ11gtHFIA9CvHcW+SMPEhkcKZJAO51ayFBqTSSpiorVwTq +a0cB+cgmCQOI4/MY+kIvzoexfG7xhkUqe0wxmph9RQQxlTbNQDCdaxSgwbF2T+gw +byaDvkS4xtR6Soj7BKjKAmcnf5fn4C5Or0KLUqMzBtDMbfQQihn62iZJN6ZZ/4dg +q4HTqyVpyuzMXsFpJ9L/FqH2DJ4exGGpBv00ba/Zauy7GsqOc5PnNBsYaHCply0X +407DRx51t9YwYI/ttValuehq9+gRJpOTTKp6AjZn/a5Yt3h6jDgpNfM/EyLFIY9z +V6CXqQQ/8JRvaik/JsGCf+eeLZOw4koIjZGEAg04iuyNTjhx0e/QHEVcYAqNLhXG +rCTTbCn3NSUO9qxEXC+K/1m1kaXoCGA0UWlVGZ1JSifbbMx0yxq/brpEZPUYm+32 +o8XfbocBWljFUJ+6aljTvZ3LQLKTSPW7TFO+GXycAOmCGhlXh2tlc6iTc41PACqy +yy+mHmSv +=kkH7 +-----END PGP PUBLIC KEY BLOCK-----