From a92cc469000828d2b461c671d7ac92639e1a428d Mon Sep 17 00:00:00 2001
From: Scott Stroud <sstroud@confluent.io>
Date: Mon, 10 Feb 2025 13:44:02 -0700
Subject: [PATCH 1/5] init

---
 Dockerfile              |  5 ++---
 hardening_manifest.yaml | 15 +++++++--------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 811f9f0..9336d73 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 ARG CP_BASE_NEW_IMAGE=confluentinc/cp-base-new
-ARG CP_BASE_NEW_TAG=7.7.2
+ARG CP_BASE_NEW_TAG=7.8.1
 
 ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=redhat/openjdk/openjdk17
@@ -71,5 +71,4 @@ USER appuser
 WORKDIR /home/appuser
 
 ## healthcheck not applicable since this is ONLY used as a base image
-HEALTHCHECK NONE
-
+HEALTHCHECK NONE
\ No newline at end of file
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 08327c3..e6f3350 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,9 +8,8 @@ name: "confluentinc/cp-base-new"
 # on ironbank.dso.mil
 tags:
   - "Q4_2024_jdk17"
-  - "2025-01-06"
-  - "7.7.2"
-  - "7.8.0"
+  - "2025-02-10"
+  - "7.8.1"
   - "latest-ubi8.amd64"
   - "latest.amd64"
   - "latest_jdk17"
@@ -19,8 +18,8 @@ tags:
 # Build args passed to Dockerfile ARGs
 args:
   CP_BASE_NEW_IMAGE: "confluentinc/cp-base-new"
-  CP_BASE_NEW_TAG: "7.7.2"
-  BASE_IMAGE: "redhat/openjdk/openjdk17"
+  CP_BASE_NEW_TAG: "7.8.0"
+  BASE_IMAGE: "ironbank/redhat/openjdk/openjdk17"
   BASE_TAG: "1.17"
 
 # Docker image labels
@@ -36,10 +35,10 @@ labels:
   mil.dso.ironbank.product.name: "Confluent Platform"
 # List of resources to make available to the offline build context
 resources:
-  - url: "docker://docker.io/confluentinc/cp-base-new@sha256:8205597e65df082bda15762345419e6b2dff9c738c409e98037db1f0a1b1640f"
-    tag: "confluentinc/cp-base-new:7.7.2"
+  - url: "docker://docker.io/confluentinc/cp-base-new@sha256:6ec73fa9265136e00ad593d7889d6012305ec5baf6f11e944d699f812ce1e084"
+    tag: "confluentinc/cp-base-new:7.8.1"
   - filename: archive.key
-    url: https://packages.confluent.io/rpm/7.0/archive.key
+    url: https://packages.confluent.io/rpm/7.8/archive.key
     validation:
       type: sha256
       value: b569e9d80bc08b65d342491f8b94e47eb7032701ce17b091f212e1072672a4d5
-- 
GitLab


From aaf8cf1f84df0077c8fd70e4b9fbd125f4f61583 Mon Sep 17 00:00:00 2001
From: Scott Stroud <sstroud@confluent.io>
Date: Mon, 10 Feb 2025 13:55:28 -0700
Subject: [PATCH 2/5] typo

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index e6f3350..25dc92d 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -18,7 +18,7 @@ tags:
 # Build args passed to Dockerfile ARGs
 args:
   CP_BASE_NEW_IMAGE: "confluentinc/cp-base-new"
-  CP_BASE_NEW_TAG: "7.8.0"
+  CP_BASE_NEW_TAG: "7.8.1"
   BASE_IMAGE: "ironbank/redhat/openjdk/openjdk17"
   BASE_TAG: "1.17"
 
-- 
GitLab


From b85f4da67759252739fb811cb0b5f285f1a586ed Mon Sep 17 00:00:00 2001
From: Scott Stroud <sstroud@confluent.io>
Date: Mon, 10 Feb 2025 14:06:45 -0700
Subject: [PATCH 3/5] uri fix

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 25dc92d..5c425c1 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -19,7 +19,7 @@ tags:
 args:
   CP_BASE_NEW_IMAGE: "confluentinc/cp-base-new"
   CP_BASE_NEW_TAG: "7.8.1"
-  BASE_IMAGE: "ironbank/redhat/openjdk/openjdk17"
+  BASE_IMAGE: "redhat/openjdk/openjdk17"
   BASE_TAG: "1.17"
 
 # Docker image labels
-- 
GitLab


From 53db99c72d7fbd8f76760dbb1ca7d34f2bcc4f8c Mon Sep 17 00:00:00 2001
From: Scott Stroud <sstroud@confluent.io>
Date: Mon, 10 Feb 2025 14:26:35 -0700
Subject: [PATCH 4/5] exclude

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 9336d73..2d9158b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -40,7 +40,7 @@ COPY --from=base /usr/share/java/cp-base-new /usr/share/java/cp-base-new
 COPY --from=base /usr/share/doc /usr/share/doc
 COPY --from=base /usr/local/lib /usr/local/lib
 COPY --from=base /usr/local/lib64 /usr/local/lib64
-COPY --from=base /usr/local/bin /usr/local/bin
+COPY --from=base --exclude=openssl /usr/local/bin /usr/local/bin
 
 RUN echo "===> dnf installs" \
         && dnf install -y --nodocs python39 openssl tar procps iputils hostname \
-- 
GitLab


From cb85bb1636cee55b6226b79228af019b0f70c73e Mon Sep 17 00:00:00 2001
From: Scott Stroud <sstroud@confluent.io>
Date: Mon, 10 Feb 2025 14:42:02 -0700
Subject: [PATCH 5/5] take two

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 2d9158b..c79c48d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -40,7 +40,7 @@ COPY --from=base /usr/share/java/cp-base-new /usr/share/java/cp-base-new
 COPY --from=base /usr/share/doc /usr/share/doc
 COPY --from=base /usr/local/lib /usr/local/lib
 COPY --from=base /usr/local/lib64 /usr/local/lib64
-COPY --from=base --exclude=openssl /usr/local/bin /usr/local/bin
+COPY --from=base /usr/local/bin /usr/local/bin
 
 RUN echo "===> dnf installs" \
         && dnf install -y --nodocs python39 openssl tar procps iputils hostname \
@@ -57,6 +57,7 @@ RUN echo "===> dnf installs" \
         && python3 -m pip install --upgrade setuptools \
         && pip3 install urllib3 --upgrade \
         && dnf erase -y procps-ng gdb-gdbserver \
+        && rm -Rf /usr/local/bin/openssl \
     && echo "===> appuser setup" \
         && mkdir -p /usr/logs /licenses \
         && useradd --no-log-init --create-home --shell /bin/bash appuser \
-- 
GitLab