From c356ffb789c4303507d8487bece9c5f8ec8b9d0a Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Fri, 12 Feb 2021 14:36:22 +0000 Subject: [PATCH 1/7] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ec7b18a..8ae40e9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "atlassian/jira-data-center/jira-node" +name: "atlassian/jira-node-813" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown -- GitLab From d4647ad84250a12c4afdc109a6d23fad56042d40 Mon Sep 17 00:00:00 2001 From: Jeffrey Weatherford Date: Thu, 18 Feb 2021 15:49:49 +0000 Subject: [PATCH 2/7] Update Dockerfile, removed python3 and jinja2 --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 32a8b72..c2a0f82 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_REGISTRY=repo1.dso.mil ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -27,11 +27,10 @@ ENTRYPOINT ["/usr/bin/tini", "--"] COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ RUN dnf -y update && dnf -y upgrade && \ - dnf -y install python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm ARG JIRA_VERSION=8.13.3 -ARG ARTEFACT_NAME=atlassian-jira-software +ARG ARTIFACT_NAME=atlassian-jira-software COPY atlassian-jira-software-${JIRA_VERSION}.tar.gz /opt/ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \ -- GitLab From bddf7ff469323f6bfdb87c98558476d9a4a42749 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Fri, 26 Feb 2021 15:51:39 -0500 Subject: [PATCH 3/7] build fixes --- Dockerfile | 8 +++++--- hardening_manifest.yaml | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 087a897..718c95a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_REGISTRY=repo1.dso.mil -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 -ARG BASE_TAG=8.3 +ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk11 +ARG BASE_TAG=1.11 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ENV RUN_USER jira @@ -27,6 +27,7 @@ ENTRYPOINT ["/usr/bin/tini", "--"] COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ RUN dnf -y update && dnf -y upgrade && \ + dnf -y install python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm ARG JIRA_VERSION=8.13.4 @@ -61,7 +62,8 @@ COPY scripts/shared-components/support /opt/atlassian/suppo COPY config/* /opt/atlassian/etc/ #### Clean up #### -RUN rm -rf /opt/dumb-init-1.2.2-6.el8.x86_64.rpm && dnf clean all && rm -rf /opt/${ARTEFACT_NAME}-${JIRA_VERSION}.tar.gz +RUN rm -rf /opt/dumb-init-1.2.2-6.el8.x86_64.rpm && dnf clean all && rm -rf /opt/${ARTEFACT_NAME}-${JIRA_VERSION}.tar.gz && \ + chmod a+x /entrypoint.py # # HEALTHCHECK diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 27e375b..340ae7d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -13,8 +13,8 @@ tags: # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_IMAGE: "redhat/openjdk/openjdk11" + BASE_TAG: "1.11" # Docker image labels labels: -- GitLab From be8e022ee51e487e9fa31dd211bda65655f1eaca Mon Sep 17 00:00:00 2001 From: jweatherford Date: Fri, 26 Feb 2021 16:01:29 -0500 Subject: [PATCH 4/7] switch to root duirng install --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 718c95a..02db3e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,6 +23,7 @@ EXPOSE 40001 CMD ["/entrypoint.py"] ENTRYPOINT ["/usr/bin/tini", "--"] +USER root COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ -- GitLab From 78a4b29dc6eb0cbc77de1b004bb01ae2717c11f9 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 1 Mar 2021 08:21:40 -0500 Subject: [PATCH 5/7] further fixes --- Dockerfile | 4 ++-- scripts/entrypoint.py | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 02db3e4..18238e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,7 @@ USER root COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ RUN dnf -y update && dnf -y upgrade && \ - dnf -y install python3 python3-jinja2 && \ + dnf -y install fontconfig python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm ARG JIRA_VERSION=8.13.4 @@ -42,7 +42,7 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \ && mkdir -p ${JIRA_INSTALL_DIR} \ && tar -xzf /opt/atlassian-jira-software-${JIRA_VERSION}.tar.gz --strip-components 1 -C /opt/atlassian/jira/ \ && chmod -R "u=rwX,g=rX,o=rX" ${JIRA_INSTALL_DIR}/ \ - && chown -R root. ${JIRA_INSTALL_DIR}/ \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/ \ && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/logs \ && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/temp \ && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/work \ diff --git a/scripts/entrypoint.py b/scripts/entrypoint.py index 48a7ebe..ce1937f 100644 --- a/scripts/entrypoint.py +++ b/scripts/entrypoint.py @@ -19,6 +19,8 @@ gen_cfg('seraph-config.xml.j2', f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml') gen_cfg('dbconfig.xml.j2', f'{JIRA_HOME}/dbconfig.xml', user=RUN_USER, group=RUN_GROUP, overwrite=False) +gen_cfg('server.xml.j2', f'{JIRA_INSTALL_DIR}/conf/server.xml', + user=RUN_USER, group=RUN_GROUP, overwrite=True) if str2bool(env.get('clustered')): gen_cfg('cluster.properties.j2', f'{JIRA_HOME}/cluster.properties', user=RUN_USER, group=RUN_GROUP, overwrite=False) -- GitLab From ce86af7f24ffc045ed75f2292fc6eee834028e32 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 1 Mar 2021 10:58:55 -0500 Subject: [PATCH 6/7] more requested fixes --- Dockerfile | 3 --- scripts/entrypoint.py | 1 - 2 files changed, 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 18238e9..30c2c20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,9 +43,6 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \ && tar -xzf /opt/atlassian-jira-software-${JIRA_VERSION}.tar.gz --strip-components 1 -C /opt/atlassian/jira/ \ && chmod -R "u=rwX,g=rX,o=rX" ${JIRA_INSTALL_DIR}/ \ && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/ \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/logs \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/temp \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/work \ \ && sed -i -e 's/^JVM_SUPPORT_RECOMMENDED_ARGS=""$/: \${JVM_SUPPORT_RECOMMENDED_ARGS:=""}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ && sed -i -e 's/^JVM_\(.*\)_MEMORY="\(.*\)"$/: \${JVM_\1_MEMORY:=\2}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ diff --git a/scripts/entrypoint.py b/scripts/entrypoint.py index ce1937f..57ad747 100644 --- a/scripts/entrypoint.py +++ b/scripts/entrypoint.py @@ -14,7 +14,6 @@ gen_container_id() if os.stat('/etc/container_id').st_size == 0: gen_cfg('container_id.j2', '/etc/container_id', user=RUN_USER, group=RUN_GROUP, overwrite=True) -gen_cfg('server.xml.j2', f'{JIRA_INSTALL_DIR}/conf/server.xml') gen_cfg('seraph-config.xml.j2', f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml') gen_cfg('dbconfig.xml.j2', f'{JIRA_HOME}/dbconfig.xml', -- GitLab From a031ec3d8983972d7916a9c843009ba4140fbfd7 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 1 Mar 2021 11:04:51 -0500 Subject: [PATCH 7/7] more fixes --- scripts/entrypoint.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/entrypoint.py b/scripts/entrypoint.py index 57ad747..9903d23 100644 --- a/scripts/entrypoint.py +++ b/scripts/entrypoint.py @@ -15,7 +15,8 @@ if os.stat('/etc/container_id').st_size == 0: gen_cfg('container_id.j2', '/etc/container_id', user=RUN_USER, group=RUN_GROUP, overwrite=True) gen_cfg('seraph-config.xml.j2', - f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml') + f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml', + user=RUN_USER, group=RUN_GROUP, overwrite=True) gen_cfg('dbconfig.xml.j2', f'{JIRA_HOME}/dbconfig.xml', user=RUN_USER, group=RUN_GROUP, overwrite=False) gen_cfg('server.xml.j2', f'{JIRA_INSTALL_DIR}/conf/server.xml', -- GitLab