From 4dfae88351dcf650c26a469bf5885b46b7d22449 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Tue, 29 Jun 2021 14:49:06 -0600 Subject: [PATCH 1/4] hash update --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 7408dc9..60e05a8 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -221,7 +221,7 @@ resources: url: https://packages.confluent.io/rpm/6.1/archive.key validation: type: sha256 - value: b569e9d80bc08b65d342491f8b94e47eb7032701ce17b091f212e1072672a4d5 + value: 6753aba4eab80062784a903af0314877d36fa4f998333adffecb0fcba81113cd - filename: confluent-common-6.1.1-1.noarch.rpm url: https://packages.confluent.io/rpm/6.1/confluent-common-6.1.1-1.noarch.rpm validation: -- GitLab From ca97e8212b6d5d45f2919dbc89a57db033c91f7d Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Tue, 29 Jun 2021 16:36:18 -0600 Subject: [PATCH 2/4] dependency updates --- Dockerfile | 3 --- hardening_manifest.yaml | 6 +++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2c3aae0..b6e22ec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -89,7 +89,6 @@ COPY cp-${COMPONENT}-operator-*_UsrBin.tar.gz /usr/bin/ ## For auditing & debugging COPY Dockerfile /etc/confluent/ironbank/ COPY hardening_manifest.yaml /etc/confluent/ironbank/ -COPY maven-artifact-3.8.1.jar /tmp/ RUN echo "===> Installing operator stuff" \ && cd /usr/share && tar -xvf *_UsrShareJava.tar.gz && rm *_UsrShareJava.tar.gz \ @@ -98,8 +97,6 @@ RUN echo "===> Installing operator stuff" \ && cd /etc && tar -xvf *_EtcKsqldb.tar.gz && rm *_EtcKsqldb.tar.gz \ && cd /opt/confluent/ksql && tar -xvf *_OptConfluentKsqlLibs.tar.gz && rm *_OptConfluentKsqlLibs.tar.gz \ && cd /usr/bin && tar -xvf *_UsrBin.tar.gz && rm *_UsrBin.tar.gz \ - && find /usr/share/java /opt/confluent/ksql -name "maven-artifact-3.6.3.jar" -execdir cp /tmp/maven-artifact-3.8.1.jar . \; -exec rm {} \; \ - && chown appuser:appuser /opt/confluent/ksql/libs/maven-artifact-3.8.1.jar && chmod 755 /opt/confluent/ksql/libs/maven-artifact-3.8.1.jar \ && chown -R appuser:appuser /etc/confluent /etc/${COMPONENT} /usr/logs /usr/bin/ksql /usr/share/java \ && mkdir -p "${KSQL_LOG4J_DIR}" "${KSQL_SECRETS_DIR}" "${KSQL_CONFIG_DIR}" "${KSQL_DATA_DIR}" "${COMPONENT_SCRIPT_DIR}/${COMPONENT}" \ && chmod -R ag+w "${KSQL_LOG4J_DIR}" "${KSQL_SECRETS_DIR}" "${KSQL_CONFIG_DIR}" "${KSQL_DATA_DIR}" "/opt" \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 60e05a8..b947cff 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -247,11 +247,11 @@ resources: validation: type: sha256 value: fc357ef94cd836b914d568d21cbd2b0e5782f1d4ecfa3b82e581a22d21c071ad -- filename: cp-ksqldb-server-operator-6.1.1.0_UsrShareJava.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.1.0_UsrShareJava.tar.gz +- filename: cp-ksqldb-server-operator-6.1.2.0_UsrShareJava.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.2.0_UsrShareJava.tar.gz validation: type: sha256 - value: 0ddb9aad6bf78ef57fdd2dfac250bbbde848234a4ce389520652994bd1e9e6d2 + value: b9aad92518c388e20548065f07f618fbaadc6a0fb66d91354a525700a0f27180 - filename: cp-ksqldb-server-operator-6.1.1.0_UsrShareDoc.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.1.0_UsrShareDoc.tar.gz validation: -- GitLab From bed7d08df08816c38b7c5713a25aff1bf134f544 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 30 Jun 2021 09:10:20 -0600 Subject: [PATCH 3/4] dependency update --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b6e22ec..f4cf0af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -91,7 +91,7 @@ COPY Dockerfile /etc/confluent/ironbank/ COPY hardening_manifest.yaml /etc/confluent/ironbank/ RUN echo "===> Installing operator stuff" \ - && cd /usr/share && tar -xvf *_UsrShareJava.tar.gz && rm *_UsrShareJava.tar.gz \ + && rm -Rf /usr/share/java/ && cd /usr/share && tar -xvf *_UsrShareJava.tar.gz && rm *_UsrShareJava.tar.gz \ && cd /opt && tar -xvf *_OptCaas.tar.gz && rm *_OptCaas.tar.gz \ && cd /etc && tar -xvf *_EtcConfluent.tar.gz && rm *_EtcConfluent.tar.gz \ && cd /etc && tar -xvf *_EtcKsqldb.tar.gz && rm *_EtcKsqldb.tar.gz \ -- GitLab From d0be96c0fc1b92b8e5a2aca2b20593924fa2b8b9 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 30 Jun 2021 10:42:58 -0600 Subject: [PATCH 4/4] dependency update --- hardening_manifest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index b947cff..c71a443 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -267,11 +267,11 @@ resources: validation: type: sha256 value: b7b2ddea51736e4219be80282575d128863b040c2dfb71542cf6fac269a4a921 -- filename: cp-ksqldb-server-operator-6.1.1.0_OptConfluentKsqlLibs.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.1.0_OptConfluentKsqlLibs.tar.gz +- filename: cp-ksqldb-server-operator-6.1.2.0_OptConfluentKsqlLibs.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.2.0_OptConfluentKsqlLibs.tar.gz validation: type: sha256 - value: 0ca5f0420f1e64d15e6f066574b4123cb7ca7287ecf50963caa9289ab373df5c + value: cc5dccdbe29e85220b940bc82852920a2fd8ad70a0205ade64cc3d8f075b3487 - filename: cp-ksqldb-server-operator-6.1.1.0_UsrBin.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-ksqldb-server-operator-6.1.1.0_UsrBin.tar.gz validation: -- GitLab