MEH

Dockerfile

@@ -32,16 +32,16 @@ RUN dnf update -y --nodocs && dnf install -y --nodocs python3 openssl tar procps
 ## Add the Confluent Docker Utility Belt which helps with starting the proper applications
 ## https://github.com/confluentinc/common-docker/tree/master/utility-belt
 
-COPY cp-init-container-operator-6.1.2.1_UsrLocalLib64.tar.gz /usr/local/lib64/
-COPY cp-init-container-operator-6.1.2.1_1_UsrLocalLib.tar.gz /usr/local/lib/
+COPY cp-base-new_*_UsrLocalLib64.tar.gz /usr/local
+COPY cp-base-new_*_UsrLocalLib.tar.gz /usr/local
 
 COPY confluent_docker_utils-0.0.44-py3-none-any.whl /tmp/confluent_docker_utils-0.0.44-py3-none-any.whl
 COPY *.whl /tmp/python-dependencies/
 COPY *.gz  /tmp/python-dependencies/
 
 ## copy in the python libs and then 
-RUN cd /usr/local/lib64 && tar -xvf *_UsrLocalLib64.tar.gz && rm *_UsrLocalLib64.tar.gz \
-    && cd /usr/local/lib && tar -xvf *_UsrLocalLib.tar.gz && rm *_UsrLocalLib.tar.gz \
+RUN cd /usr/local && tar -xvf *_UsrLocalLib64.tar.gz && rm *_UsrLocalLib64.tar.gz \
+    && tar -xvf *_UsrLocalLib.tar.gz && rm *_UsrLocalLib.tar.gz \
     && pip3 install --no-index --prefix=/usr/local --find-links /tmp/python-dependencies/ /tmp/confluent_docker_utils-0.0.44-py3-none-any.whl
 
 ## dub installed
@@ -60,7 +60,7 @@ RUN chown appuser:appuser -R /usr/logs
 
 # Copy required RPMs
 COPY *.rpm /tmp/
-# COPY archive.key /tmp/
+COPY archive.key /tmp/
 
 ########################################
 # confluentinc/kafka-images/server
@@ -80,6 +80,7 @@ EXPOSE 9092
 
 # Add back in the archive key stuff
 RUN echo "===> Installing ${COMPONENT}" \
+    && rpm --import /tmp/archive.key \
     && dnf install --nogpgcheck -y /tmp/confluent-common-${RPM_VERSION}.noarch.rpm \
         /tmp/confluent-rest-utils-${RPM_VERSION}.noarch.rpm \
         /tmp/confluent-metadata-service-${RPM_VERSION}.noarch.rpm \

hardening_manifest.yaml

@@ -37,21 +37,16 @@ resources:
   validation:
     type: sha256
     value: 7e2622a934f04a2e5b23a355f920473ccf0144e946b433bc619a9802c1e3785c
+- filename: archive.key
+  url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/archive.key
+  validation:
+    type: sha256
+    value: 6753aba4eab80062784a903af0314877d36fa4f998333adffecb0fcba81113cd  
 - filename: confluent-common-6.1.3-1.noarch.rpm
   url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-common-6.1.3-1.noarch.rpm
   validation:
     type: sha256
     value: d557cddec400b0b74d247a6cb75f628dba3864d58511ae5dff816c7959e4e58d
-- filename: confluent-control-center-6.1.3-1.noarch.rpm
-  url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-control-center-6.1.3-1.noarch.rpm
-  validation:
-    type: sha256
-    value: efaef02f38bfb90e87683d5572c9776e0f051f0730885e2607c55cbe215c2efa
-- filename: confluent-control-center-fe-6.1.3-1.noarch.rpm
-  url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-control-center-fe-6.1.3-1.noarch.rpm
-  validation:
-    type: sha256
-    value: 287546bc14f97bb92091f8016603f68a2e3db7ab7d2b9643b97f28a169e5cb8b
 - filename: confluent-rebalancer-6.1.3-1.noarch.rpm
   url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-rebalancer-6.1.3-1.noarch.rpm
   validation:
@@ -67,26 +62,11 @@ resources:
   validation:
     type: sha256
     value: e739e6f9ea0dcae90d40d6eeadca980a7269c411bcdfe8cff55fb158cba56602
-- filename: confluent-schema-registry-6.1.3-1.noarch.rpm
-  url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-schema-registry-6.1.3-1.noarch.rpm
-  validation:
-    type: sha256
-    value: add702bb7a1b63fa33e5a5c8e02a7c28edc3e41bd5cbfe41dc59f7804837a423
-- filename: confluent-hub-client-6.1.3-1.noarch.rpm
-  url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-hub-client-6.1.3-1.noarch.rpm
-  validation:
-    type: sha256
-    value: 511af0685f1e457da8b78bfee2b4820270c789a1569955dd2a8cd0c6153805e2
 - filename: confluent-metadata-service-6.1.3-1.noarch.rpm
   url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-metadata-service-6.1.3-1.noarch.rpm
   validation:
     type: sha256
     value: 00454cf1018bd268027146482ab659abaaaf67df66aba15c4ffead528f536ff2
-- filename: confluent-kafka-connect-replicator-6.1.3-1.noarch.rpm
-  url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-kafka-connect-replicator-6.1.3-1.noarch.rpm
-  validation:
-    type: sha256
-    value: a22616e6e3828ec31bb2edfc7f432970436a34ed4dfe898483898266ddb93f32
 - filename: confluent-server-6.1.3-1.noarch.rpm
   url: https://s3.us-west-2.amazonaws.com/staging-confluent-packages-6.1.3/rpm/6.1/confluent-server-6.1.3-1.noarch.rpm
   validation:
@@ -132,16 +112,16 @@ resources:
   validation:
     type: sha256
     value: 1b0e3974172de0a9707cd4a4e6379b7aa99fde14a3ff5b8e228af2427d8a689e
-- filename: cp-init-container-operator-6.1.2.1_1_UsrLocalLib.tar.gz
-  url: https://ironbank-files.s3.amazonaws.com/cp-init-container-operator-6.1.2.1_1_UsrLocalLib.tar.gz
+- filename: cp-base-new_dfe094b60fc1_UsrLocalLib.tar.gz
+  url: https://ironbank-files.s3.amazonaws.com/cp-base-new_dfe094b60fc1_UsrLocalLib.tar.gz
   validation:
     type: sha256
-    value: 4ebe15add0ce30f080473095cc24c58ff835e6ef5cf40f575c64685b120db338
-- filename: cp-init-container-operator-6.1.2.1_UsrLocalLib64.tar.gz
-  url: https://ironbank-files.s3.amazonaws.com/cp-init-container-operator-6.1.2.1_UsrLocalLib64.tar.gz
+    value: 384ca733d5379fe282e31e8e585b9637fdf46e4d2b23ef3289c6943a4a77b087
+- filename: cp-base-new_dfe094b60fc1_UsrLocalLib64.tar.gz
+  url: https://ironbank-files.s3.amazonaws.com/cp-base-new_dfe094b60fc1_UsrLocalLib64.tar.gz
   validation:
     type: sha256
-    value: a495791c5dc10cddc79e75bebf0353924d269196f235a3c5bcc2c27e3c1c519c     
+    value: 3052a4ca7939aa03d1b67fbaa151e9817e2aa2ef6bff5267c8b76708a4269093     
   
 # List of project maintainers
 maintainers:

scripts/importArtifacts.sh

@@ -33,11 +33,17 @@ importArtifacts() {
             url=${line##*$prefix}
             filename=$(basename "$url")
             
+            local=$(find $RESOURCE_HOME -name $filename)
+            echo "local $local"
+
             if [[ ! -f "$filename" ]]; then
+                echo "Using existing $filename. Run ./clean.sh if thats not desired."
+            elif [[ ! -z "$local" ]]; then
+                echo "Using existing $local. Run ./clean.sh if thats not desired."
+                cp $local $maniDir/
+            else
                 echo "downloading ${url} ..."
                 wget $url            
-            else
-                echo "Using existing $filename. Run ./clean.sh if thats not desired."
             fi
 
             if [[ ! -f "$maniDir/$filename" ]]; then
@@ -52,6 +58,7 @@ mani=$(realpath "../hardening_manifest.yaml")
 
 importArtifacts $mani 'ironbank-files.s3.amazonaws.com' "$RESOURCE_HOME/ironbank-files"
 importArtifacts $mani 'packages.confluent.io' "$RESOURCE_HOME/confluent"
+importArtifacts $mani 's3.us-west-2.amazonaws.com/staging-confluent-packages' "$RESOURCE_HOME/confluent"
 importArtifacts $mani 'files.pythonhosted.org' "$RESOURCE_HOME/pythonhosted"
 importArtifacts $mani 'repo1.maven.org' "$RESOURCE_HOME/maven"