diff --git a/Dockerfile b/Dockerfile index 2c3aae0770c66145843b920390af8fa09e8489fc..f4cf0af689b07ef87900177250129d7c21ad6738 100644 --- a/Dockerfile +++ b/Dockerfile @@ -89,17 +89,14 @@ COPY cp-${COMPONENT}-operator-*_UsrBin.tar.gz /usr/bin/ ## For auditing & debugging COPY Dockerfile /etc/confluent/ironbank/ COPY hardening_manifest.yaml /etc/confluent/ironbank/ -COPY maven-artifact-3.8.1.jar /tmp/ RUN echo "===> Installing operator stuff" \ - && cd /usr/share && tar -xvf *_UsrShareJava.tar.gz && rm *_UsrShareJava.tar.gz \ + && rm -Rf /usr/share/java/ && cd /usr/share && tar -xvf *_UsrShareJava.tar.gz && rm *_UsrShareJava.tar.gz \ && cd /opt && tar -xvf *_OptCaas.tar.gz && rm *_OptCaas.tar.gz \ && cd /etc && tar -xvf *_EtcConfluent.tar.gz && rm *_EtcConfluent.tar.gz \ && cd /etc && tar -xvf *_EtcKsqldb.tar.gz && rm *_EtcKsqldb.tar.gz \ && cd /opt/confluent/ksql && tar -xvf *_OptConfluentKsqlLibs.tar.gz && rm *_OptConfluentKsqlLibs.tar.gz \ && cd /usr/bin && tar -xvf *_UsrBin.tar.gz && rm *_UsrBin.tar.gz \ - && find /usr/share/java /opt/confluent/ksql -name "maven-artifact-3.6.3.jar" -execdir cp /tmp/maven-artifact-3.8.1.jar . \; -exec rm {} \; \ - && chown appuser:appuser /opt/confluent/ksql/libs/maven-artifact-3.8.1.jar && chmod 755 /opt/confluent/ksql/libs/maven-artifact-3.8.1.jar \ && chown -R appuser:appuser /etc/confluent /etc/${COMPONENT} /usr/logs /usr/bin/ksql /usr/share/java \ && mkdir -p "${KSQL_LOG4J_DIR}" "${KSQL_SECRETS_DIR}" "${KSQL_CONFIG_DIR}" "${KSQL_DATA_DIR}" "${COMPONENT_SCRIPT_DIR}/${COMPONENT}" \ && chmod -R ag+w "${KSQL_LOG4J_DIR}" "${KSQL_SECRETS_DIR}" "${KSQL_CONFIG_DIR}" "${KSQL_DATA_DIR}" "/opt" \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 7408dc9fe50ebfbf9d7e03366c5e8efb79f96ea2..c71a44309b8ae5aebbdd960ababc6498e127224c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -221,7 +221,7 @@ resources: url: https://packages.confluent.io/rpm/6.1/archive.key validation: type: sha256 - value: b569e9d80bc08b65d342491f8b94e47eb7032701ce17b091f212e1072672a4d5 + value: 6753aba4eab80062784a903af0314877d36fa4f998333adffecb0fcba81113cd - filename: confluent-common-6.1.1-1.noarch.rpm url: https://packages.confluent.io/rpm/6.1/confluent-common-6.1.1-1.noarch.rpm validation: @@ -247,11 +247,11 @@ resources: validation: type: sha256 value: fc357ef94cd836b914d568d21cbd2b0e5782f1d4ecfa3b82e581a22d21c071ad -- filename: cp-ksqldb-server-operator-6.1.1.0_UsrShareJava.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.1.0_UsrShareJava.tar.gz +- filename: cp-ksqldb-server-operator-6.1.2.0_UsrShareJava.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.2.0_UsrShareJava.tar.gz validation: type: sha256 - value: 0ddb9aad6bf78ef57fdd2dfac250bbbde848234a4ce389520652994bd1e9e6d2 + value: b9aad92518c388e20548065f07f618fbaadc6a0fb66d91354a525700a0f27180 - filename: cp-ksqldb-server-operator-6.1.1.0_UsrShareDoc.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.1.0_UsrShareDoc.tar.gz validation: @@ -267,11 +267,11 @@ resources: validation: type: sha256 value: b7b2ddea51736e4219be80282575d128863b040c2dfb71542cf6fac269a4a921 -- filename: cp-ksqldb-server-operator-6.1.1.0_OptConfluentKsqlLibs.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.1.0_OptConfluentKsqlLibs.tar.gz +- filename: cp-ksqldb-server-operator-6.1.2.0_OptConfluentKsqlLibs.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.2.0_OptConfluentKsqlLibs.tar.gz validation: type: sha256 - value: 0ca5f0420f1e64d15e6f066574b4123cb7ca7287ecf50963caa9289ab373df5c + value: cc5dccdbe29e85220b940bc82852920a2fd8ad70a0205ade64cc3d8f075b3487 - filename: cp-ksqldb-server-operator-6.1.1.0_UsrBin.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.1.0_UsrBin.tar.gz validation: