diff --git a/Dockerfile b/Dockerfile index d8d1fc0fcd70d65c700bdc7fd36f0a69517aae5c..30c2c20bd39d7478cc52e58fc8f16295c717b7e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 -ARG BASE_TAG=8.3 +ARG BASE_REGISTRY=repo1.dso.mil +ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk11 +ARG BASE_TAG=1.11 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ENV RUN_USER jira @@ -23,11 +23,12 @@ EXPOSE 40001 CMD ["/entrypoint.py"] ENTRYPOINT ["/usr/bin/tini", "--"] +USER root COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ RUN dnf -y update && dnf -y upgrade && \ - dnf -y install python3 python3-jinja2 && \ + dnf -y install fontconfig python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm ARG JIRA_VERSION=8.13.4 @@ -41,10 +42,7 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \ && mkdir -p ${JIRA_INSTALL_DIR} \ && tar -xzf /opt/atlassian-jira-software-${JIRA_VERSION}.tar.gz --strip-components 1 -C /opt/atlassian/jira/ \ && chmod -R "u=rwX,g=rX,o=rX" ${JIRA_INSTALL_DIR}/ \ - && chown -R root. ${JIRA_INSTALL_DIR}/ \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/logs \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/temp \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/work \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/ \ \ && sed -i -e 's/^JVM_SUPPORT_RECOMMENDED_ARGS=""$/: \${JVM_SUPPORT_RECOMMENDED_ARGS:=""}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ && sed -i -e 's/^JVM_\(.*\)_MEMORY="\(.*\)"$/: \${JVM_\1_MEMORY:=\2}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ @@ -62,7 +60,8 @@ COPY scripts/shared-components/support /opt/atlassian/suppo COPY config/* /opt/atlassian/etc/ #### Clean up #### -RUN rm -rf /opt/dumb-init-1.2.2-6.el8.x86_64.rpm && dnf clean all && rm -rf /opt/${ARTEFACT_NAME}-${JIRA_VERSION}.tar.gz +RUN rm -rf /opt/dumb-init-1.2.2-6.el8.x86_64.rpm && dnf clean all && rm -rf /opt/${ARTEFACT_NAME}-${JIRA_VERSION}.tar.gz && \ + chmod a+x /entrypoint.py # # HEALTHCHECK diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index cd5a6b9490211372227be289e36ff9edfba443dd..340ae7d772a1d59ac38a24bc73e8775aa8bb50bb 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "atlassian/jira-data-center/jira-node" +name: "atlassian/jira-node-813" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown @@ -13,8 +13,8 @@ tags: # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_IMAGE: "redhat/openjdk/openjdk11" + BASE_TAG: "1.11" # Docker image labels labels: diff --git a/scripts/entrypoint.py b/scripts/entrypoint.py index 48a7ebee6747c8bcbb4df7dff8ff6d62926afc16..9903d23449f1f651658d500a888d93ccbfd7b991 100644 --- a/scripts/entrypoint.py +++ b/scripts/entrypoint.py @@ -14,11 +14,13 @@ gen_container_id() if os.stat('/etc/container_id').st_size == 0: gen_cfg('container_id.j2', '/etc/container_id', user=RUN_USER, group=RUN_GROUP, overwrite=True) -gen_cfg('server.xml.j2', f'{JIRA_INSTALL_DIR}/conf/server.xml') gen_cfg('seraph-config.xml.j2', - f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml') + f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml', + user=RUN_USER, group=RUN_GROUP, overwrite=True) gen_cfg('dbconfig.xml.j2', f'{JIRA_HOME}/dbconfig.xml', user=RUN_USER, group=RUN_GROUP, overwrite=False) +gen_cfg('server.xml.j2', f'{JIRA_INSTALL_DIR}/conf/server.xml', + user=RUN_USER, group=RUN_GROUP, overwrite=True) if str2bool(env.get('clustered')): gen_cfg('cluster.properties.j2', f'{JIRA_HOME}/cluster.properties', user=RUN_USER, group=RUN_GROUP, overwrite=False)