From 90ca35f1ac72a75d3241cf4c4d3a63f56ba7e248 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 28 Jul 2021 09:59:43 -0600 Subject: [PATCH 1/5] meh --- Dockerfile | 8 ++--- hardening_manifest.yaml | 70 ++++++++++++++++++----------------------- 2 files changed, 33 insertions(+), 45 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1a07863..29a6358 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,8 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ENV LANG="C.UTF-8" # IB custom ENV vars -ENV RPM_VERSION=6.1.1-1 -ENV IMG_TAR_VERSION=6.1.1.0 +ENV RPM_VERSION=6.1.2-1 +ENV IMG_TAR_VERSION=6.1.2.1 USER root @@ -54,7 +54,7 @@ COPY archive.key /tmp/ # confluentinc/control-center-images ENV COMPONENT=control-center -ENV CONFLUENT_VERSION=6.1.1 +ENV CONFLUENT_VERSION=6.1.2 ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"' # primary @@ -89,13 +89,11 @@ COPY cp-enterprise-control-center-operator-*_EtcConfluent.tar.gz /etc/ ## For auditing & debugging COPY Dockerfile /etc/confluent/ironbank/ COPY hardening_manifest.yaml /etc/confluent/ironbank/ -COPY maven-artifact-3.8.1.jar /tmp/ RUN echo "===> Installing operator stuff" \ && cd /usr/share && tar -xvf *_UsrShareJava.tar.gz && rm *_UsrShareJava.tar.gz \ && cd /opt && tar -xvf *_OptCaas.tar.gz && rm *_OptCaas.tar.gz \ && cd /etc && tar -xvf *_EtcConfluent.tar.gz && rm *_EtcConfluent.tar.gz \ - && find /usr/share/java -name "maven-artifact-3.6.3.jar" -execdir cp /tmp/maven-artifact-3.8.1.jar . \; -exec rm {} \; \ && chown -R appuser:appuser /etc/confluent \ && mkdir -p "${CONTROL_CENTER_DATA_DIR}" "${CONTROL_CENTER_CONFIG_DIR}" "${COMPONENT_SCRIPT_DIR}/${COMPONENT}" \ && chmod -R ag+w "${CONTROL_CENTER_DATA_DIR}" "${CONTROL_CENTER_CONFIG_DIR}" "/opt" \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 0ca3315..a1dc9e9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "confluentinc/cp-enterprise-control-center-operator" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "6.1.1.0" +- "6.1.2.1" - "6.1.1" - "6.1.x" - "6.1" @@ -23,9 +23,9 @@ labels: org.opencontainers.image.title: "cp-enterprise-control-center-operator" org.opencontainers.image.description: "Confluent Operator image for enterprise control center." org.opencontainers.image.licenses: "CONFLUENT ENTERPRISE LICENSE" - org.opencontainers.image.url: "https://docs.confluent.io/6.1.1/installation/operator/index.html" + org.opencontainers.image.url: "https://docs.confluent.io/6.1.2/installation/operator/index.html" org.opencontainers.image.vendor: "Confluent" - org.opencontainers.image.version: "6.1.1" + org.opencontainers.image.version: "6.1.2" mil.dso.ironbank.image.keywords: "confluent,kafka,zookeeper,operator" mil.dso.ironbank.image.type: "commercial" mil.dso.ironbank.product.name: "Confluent Platform" @@ -222,61 +222,51 @@ resources: validation: type: sha256 value: b569e9d80bc08b65d342491f8b94e47eb7032701ce17b091f212e1072672a4d5 -- filename: confluent-common-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-common-6.1.1-1.noarch.rpm +- filename: confluent-common-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-common-6.1.2-1.noarch.rpm validation: type: sha256 - value: 3ad1efeceed8b2febedc2534191e92980766ebc88d6a44e665b8febd7978a105 -- filename: confluent-rest-utils-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-rest-utils-6.1.1-1.noarch.rpm + value: 26c1f0295805e05ec8ff5883c11d4755231f5fddb0b5b9ff49108d0354779244 +- filename: confluent-control-center-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-control-center-6.1.2-1.noarch.rpm validation: type: sha256 - value: 5413105783d24493747351c358137eb60ce4645ffe88fd91629cb3d716a02930 -- filename: confluent-rebalancer-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-rebalancer-6.1.1-1.noarch.rpm + value: 510ed4f5ec779b05942c0ed3baeff4e7183f840725f1cbff58d38335b14a1fab +- filename: confluent-control-center-fe-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-control-center-fe-6.1.2-1.noarch.rpm validation: type: sha256 - value: dfcc9e938c2f50c7bb3c1a41835a912df8cb49bba6e41d94d5d6ff4317ab3237 -- filename: confluent-control-center-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-control-center-6.1.1-1.noarch.rpm + value: e0d14eaf6e5f4218034aa9e8580fd615c1665eaa13b2f7542e8c78681d5673d0 +- filename: confluent-rebalancer-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-rebalancer-6.1.2-1.noarch.rpm validation: type: sha256 - value: a5aeb1dab7320b4b7e8bc39722ea30d93a3ef6bfb513bc274b3a374701de680e -- filename: confluent-control-center-fe-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-control-center-fe-6.1.1-1.noarch.rpm + value: ae1a92fab61357ed7a29e2cdc345e79ad69ffb79b3c8c118378b01319ca670cb +- filename: confluent-rest-utils-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-rest-utils-6.1.2-1.noarch.rpm validation: type: sha256 - value: c1189f5b3525b05240074883b8f483ac55ef378b0230ea3731a3733ff9767e10 -- filename: confluent-telemetry-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-telemetry-6.1.1-1.noarch.rpm + value: 5f4a62b06e0d61e7350cd0928ea601253dbc1ecf143d81f38468d8e4f456cd49 +- filename: confluent-security-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-security-6.1.2-1.noarch.rpm validation: type: sha256 - value: 339ae6258cb2e1152d91633defdabb5d76ba13cc12a5eedc06f3cd12a3fffd4c -- filename: cp-enterprise-control-center-operator-6.1.1.0_OptCaas.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.1.0_OptCaas.tar.gz + value: 21b93b892a1b6814440357c7d3658e5c4a2385ef60acef8d6c0b35e1f29ab825 +- filename: confluent-schema-registry-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-schema-registry-6.1.2-1.noarch.rpm validation: type: sha256 - value: 3a182b8d1f935ab99fd50431f4227c5163437cf060a1f6e4c03a246e7ee3f757 -- filename: cp-enterprise-control-center-operator-6.1.1.0_UsrShareJava.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.1.0_UsrShareJava.tar.gz + value: c19a098bf8487a7722d0fc408ceff6a350fc3a990713ed43cae7557ade2449cf +- filename: confluent-hub-client-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-hub-client-6.1.2-1.noarch.rpm validation: type: sha256 - value: 4c25d6e66daed7b92a46da89e088dd977c0a557321dbc3c4325aecbf127df0b6 -- filename: cp-enterprise-control-center-operator-6.1.1.0_UsrShareDoc.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.1.0_UsrShareDoc.tar.gz + value: 539ecc095fc639383d56a5cb823821a489b896f8f7f1921d6dd59caadf09d5e4 +- filename: confluent-metadata-service-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-metadata-service-6.1.2-1.noarch.rpm validation: type: sha256 - value: c10c33d09968542c52133d4ee77b8d16d9a725af77e18312fd1b646bf1c7f966 -- filename: cp-enterprise-control-center-operator-6.1.1.0_EtcConfluent.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.1.0_EtcConfluent.tar.gz - validation: - type: sha256 - value: 065649b8a7e5aa82dd6b2a023d3772ed445c4c8fb00bc126c82bdb279f12fa3c -- filename: maven-artifact-3.8.1.jar - url: https://repo1.maven.org/maven2/org/apache/maven/maven-artifact/3.8.1/maven-artifact-3.8.1.jar - validation: - type: sha256 - value: 9dbd3db15ac4816471e72981cb06ef90f3ffa8be6628dddf7135f7bd69bee0c0 + value: 3e4100be4aa5996b33ad3ab10ef37453d479e08187186c38b36734c97129ac97 # List of project maintainers -- GitLab From fc057fcecb119be7e48515f675f387937efb702e Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 28 Jul 2021 10:18:38 -0600 Subject: [PATCH 2/5] meh --- hardening_manifest.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a1dc9e9..e969775 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -267,6 +267,11 @@ resources: validation: type: sha256 value: 3e4100be4aa5996b33ad3ab10ef37453d479e08187186c38b36734c97129ac97 +- filename: confluent-telemetry-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-telemetry-6.1.2-1.noarch.rpm + validation: + type: sha256 + value: b9bdf6ab71228d7cd1b7aff857bc44c7c8638e66d7ee420ec9a7f1a8df78a704 # List of project maintainers -- GitLab From c0e641bf9233b372d29f4167b27a3094788e28b8 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 28 Jul 2021 10:22:20 -0600 Subject: [PATCH 3/5] meh --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index e969775..683194b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -221,7 +221,7 @@ resources: url: https://packages.confluent.io/rpm/6.1/archive.key validation: type: sha256 - value: b569e9d80bc08b65d342491f8b94e47eb7032701ce17b091f212e1072672a4d5 + value: 6753aba4eab80062784a903af0314877d36fa4f998333adffecb0fcba81113cd - filename: confluent-common-6.1.2-1.noarch.rpm url: https://packages.confluent.io/rpm/6.1/confluent-common-6.1.2-1.noarch.rpm validation: -- GitLab From dc871d601046accaab0c4c7fa06e99465d70b2cb Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 28 Jul 2021 11:43:02 -0600 Subject: [PATCH 4/5] meh --- hardening_manifest.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 683194b..ad69f5f 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -272,6 +272,27 @@ resources: validation: type: sha256 value: b9bdf6ab71228d7cd1b7aff857bc44c7c8638e66d7ee420ec9a7f1a8df78a704 +- filename: cp-enterprise-control-center-operator-6.1.2.1_OptCaas.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.2.1_OptCaas.tar.gz + validation: + type: sha256 + value: 9fff64c774017b399ae000a9e858519da671c6e29e8949f6c4a98df6217b2cd8 +- filename: cp-enterprise-control-center-operator-6.1.2.1_UsrShareJava.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.2.1_UsrShareJava.tar.gz + validation: + type: sha256 + value: 58f3a45afc65a8d0ad466fa86fdd90b6b437522be6cfce95411950ca74ce2da8 +- filename: cp-enterprise-control-center-operator-6.1.2.1_UsrShareDoc.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.2.1_UsrShareDoc.tar.gz + validation: + type: sha256 + value: 16f66572191773a791717325bf1896314d4effc26ba99b154d478db347595be3 +- filename: cp-enterprise-control-center-operator-6.1.2.1_EtcConfluent.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.2.1_EtcConfluent.tar.gz + validation: + type: sha256 + value: ef2ca50910a2cf6bcbabce5f289013a31df3046d2123db34b34645daabe2b3de + # List of project maintainers -- GitLab From 2465396e3cb37a947409296f2d20ec87355f0f25 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 28 Jul 2021 12:13:32 -0600 Subject: [PATCH 5/5] meh --- hardening_manifest.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ad69f5f..405c7b9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -276,22 +276,22 @@ resources: url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.2.1_OptCaas.tar.gz validation: type: sha256 - value: 9fff64c774017b399ae000a9e858519da671c6e29e8949f6c4a98df6217b2cd8 + value: cd1ab9c1272a54adb1441e909fff01c410f8c2e103939711997fb4086557664a - filename: cp-enterprise-control-center-operator-6.1.2.1_UsrShareJava.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.2.1_UsrShareJava.tar.gz validation: type: sha256 - value: 58f3a45afc65a8d0ad466fa86fdd90b6b437522be6cfce95411950ca74ce2da8 + value: e721a4dca77b78d9392f0ea15cc11746d725e6f492a69b4f3305c6ba91f4bb04 - filename: cp-enterprise-control-center-operator-6.1.2.1_UsrShareDoc.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.2.1_UsrShareDoc.tar.gz validation: type: sha256 - value: 16f66572191773a791717325bf1896314d4effc26ba99b154d478db347595be3 + value: 50a2d0a5a3a6c01f0ebd783fefdd2e3975b9459f60cceaeeaf9204eccdf3ebaa - filename: cp-enterprise-control-center-operator-6.1.2.1_EtcConfluent.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-enterprise-control-center-operator-6.1.2.1_EtcConfluent.tar.gz validation: type: sha256 - value: ef2ca50910a2cf6bcbabce5f289013a31df3046d2123db34b34645daabe2b3de + value: 9a94fce479c19cb2e0c8e68c1e8d17aed360dc645e66f2188fa8a5defabe6288 -- GitLab