From 05d91bbd90e2db9948d35ae6392433e7ca758ffe Mon Sep 17 00:00:00 2001
From: Luke Stigdon <lstigdon@eitccorp.com>
Date: Thu, 15 Jul 2021 10:10:41 -0400
Subject: [PATCH 1/5] initial hardening
---
Dockerfile | 21 +++++++++++++++++
LICENSE | 5 ++++
README.md | 6 +++--
hardening_manifest.yaml | 52 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 82 insertions(+), 2 deletions(-)
create mode 100644 Dockerfile
create mode 100644 LICENSE
create mode 100644 hardening_manifest.yaml
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..1ca616c
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,21 @@
+ARG BASE_REGISTRY=registry1.dso.mil
+ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal
+ARG BASE_TAG=8.4
+
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+
+ARG DEFAULTUID=1001
+ARG DEFAULTGID=1001
+
+COPY rda-converter.zip /tmp
+RUN microdnf install -y unzip shadow-utils && \
+ groupadd -g ${DEFAULTGID} -r default && \
+ useradd -u ${DEFAULTUID} -r -g default default && \
+ unzip /tmp/rda-converter.zip -d /usr/local/bin && \
+ microdnf remove -y unzip shadow-utils && \
+ microdnf clean all && \
+ rm -rf /var/cache/yum /var/tmp/* /tmp/* /var/tmp/.???* /tmp/.???*
+
+USER ${DEFAULTUID}
+
+ENTRYPOINT ["/usr/local/bin/rda-converter"]
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..ff836b5
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,5 @@
+Data Rights and Intellectual Property Rights in accordance with the rights
+described in DFARS 252.227-7013 [Rights in Technical Data—Noncommercial Items
+(Nov 1995), DFARS 252.227-7014 [Rights in Noncommercial Computer Software and
+Noncommercial Computer Software Documentation (June 1995)] and DFARS
+252.227-7015 [Rights in Technical Data – Noncommercial Items (Nov. 1995)]
\ No newline at end of file
diff --git a/README.md b/README.md
index 5dc6fa6..f8f04ab 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
-# <application name>
+# rda-converter
-Project template for all Iron Bank container repositories.
\ No newline at end of file
+A container image that includes the [rda-converter](https://gitlab.devforce.disa.mil/up/rda-converter) application.
+
+To update this image, first get the URL to the version of the rda-converter from [nexus](https://nexus.devforce.disa.mil/#browse/search/maven=attributes.maven2.groupId%3Dbdp.rda%20AND%20attributes.maven2.artifactId%3Drda-converter). Then, download the artifact and calculate the SHA256. Update the `hardening_manifest.yaml` with the URL and SHA256 of the artifact.
\ No newline at end of file
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
new file mode 100644
index 0000000..9d4eedb
--- /dev/null
+++ b/hardening_manifest.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "bdp/rda/converter"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+ - "0.4.0"
+ - "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+ BASE_IMAGE: "redhat/ubi/ubi8-minimal"
+ BASE_TAG: "8.4"
+
+# Docker image labels
+labels:
+ org.opencontainers.image.title: "converter"
+ ## Human-readable description of the software packaged in the image
+ org.opencontainers.image.description: "A container image that includes the rda-converter application."
+ ## License(s) under which contained software is distributed
+ org.opencontainers.image.licenses: "proprietary"
+ ## URL to find more information on the image
+ org.opencontainers.image.url: "https://repo1.dso.mil/dsop/bdp/rda/converter"
+ ## Name of the distributing entity, organization or individual
+ org.opencontainers.image.vendor: "BDP"
+ org.opencontainers.image.version: "0.4.0"
+ ## Keywords to help with search (ex. "cicd,gitops,golang")
+ mil.dso.ironbank.image.keywords: "rda,bdp,updn,k8s,converter"
+ ## This value can be "opensource" or "commercial"
+ mil.dso.ironbank.image.type: "commercial"
+ ## Product the image belongs to for grouping multiple images
+ mil.dso.ironbank.product.name: "BDP RDA"
+
+resources:
+ - url: "https://nexus.devforce.disa.mil/repository/UP-Releases/bdp/rda/rda-converter/0.4.0/rda-converter-0.4.0.zip"
+ filename: "rda-converter.zip"
+ auth:
+ type: "basic"
+ id: "nexus"
+ validation:
+ type: "sha256"
+ value: "7dce8d9a5ed34a55ca7dd7a352b027ff1945df64bfdb7e9f2f91ea78a0080a55"
+
+# List of project maintainers
+maintainers:
+- email: "lstigdon@eitccorp.com"
+ name: "Luke Stigdon"
+ username: "lstigdon"
--
GitLab
From 4b0b7307d8c0ee3568db2afa411a1c6b4895d193 Mon Sep 17 00:00:00 2001
From: Luke Stigdon <lstigdon@eitccorp.com>
Date: Thu, 15 Jul 2021 14:53:41 -0400
Subject: [PATCH 2/5] update auth id for nexus artifact
---
hardening_manifest.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 9d4eedb..07e7392 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -40,7 +40,7 @@ resources:
filename: "rda-converter.zip"
auth:
type: "basic"
- id: "nexus"
+ id: "devforce_nexus"
validation:
type: "sha256"
value: "7dce8d9a5ed34a55ca7dd7a352b027ff1945df64bfdb7e9f2f91ea78a0080a55"
--
GitLab
From 998a58dd3c179caab6d3538bced54545e876c58c Mon Sep 17 00:00:00 2001
From: Luke Stigdon <lstigdon@eitccorp.com>
Date: Fri, 16 Jul 2021 07:22:38 -0400
Subject: [PATCH 3/5] formatting
---
hardening_manifest.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 07e7392..f6169f0 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -49,4 +49,4 @@ resources:
maintainers:
- email: "lstigdon@eitccorp.com"
name: "Luke Stigdon"
- username: "lstigdon"
+ username: "lstigdon"
\ No newline at end of file
--
GitLab
From 030b4e1c874ccfed53cb5e062642220f6bd0a1c6 Mon Sep 17 00:00:00 2001
From: Luke Stigdon <lstigdon@eitccorp.com>
Date: Thu, 22 Jul 2021 11:35:41 -0400
Subject: [PATCH 4/5] update rda-converter depedency
---
hardening_manifest.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index f6169f0..9941be9 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -36,14 +36,14 @@ labels:
mil.dso.ironbank.product.name: "BDP RDA"
resources:
- - url: "https://nexus.devforce.disa.mil/repository/UP-Releases/bdp/rda/rda-converter/0.4.0/rda-converter-0.4.0.zip"
+ - url: "https://nexus.eitccorp.com/repository/releases/bdp/rda/rda-converter/0.4.0/rda-converter-0.4.0.zip"
filename: "rda-converter.zip"
auth:
type: "basic"
- id: "devforce_nexus"
+ id: "eitc"
validation:
type: "sha256"
- value: "7dce8d9a5ed34a55ca7dd7a352b027ff1945df64bfdb7e9f2f91ea78a0080a55"
+ value: "ac022dc107e1ebb2fe6fb3aa2a7646d16348c33ac90e812dd2f74c444057675b"
# List of project maintainers
maintainers:
--
GitLab
From ef2f20920f72d3cd1dea282f02b161bd85163f5a Mon Sep 17 00:00:00 2001
From: Luke Stigdon <lstigdon@eitccorp.com>
Date: Thu, 22 Jul 2021 11:54:11 -0400
Subject: [PATCH 5/5] update README
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index f8f04ab..d49cd18 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
-# rda-converter
+# RDA Converter
-A container image that includes the [rda-converter](https://gitlab.devforce.disa.mil/up/rda-converter) application.
+A tool to convert an [RDA](https://devforce.disa.mil/secure/docs/latest/developers-guide/deployment/) into one or more [Helm](https://helm.sh/) [Charts](https://helm.sh/docs/glossary/#chart) and container image files (i.e. Dockerfile).
-To update this image, first get the URL to the version of the rda-converter from [nexus](https://nexus.devforce.disa.mil/#browse/search/maven=attributes.maven2.groupId%3Dbdp.rda%20AND%20attributes.maven2.artifactId%3Drda-converter). Then, download the artifact and calculate the SHA256. Update the `hardening_manifest.yaml` with the URL and SHA256 of the artifact.
\ No newline at end of file
+This container is leveraged by the RDA Deployer and should not generally be used directly. For further information, see the [rda-converter](https://gitlab.eitccorp.com/up/software/rda/rda-converter) project.
--
GitLab