From cd4fbd5a5ac538dbd73f662287022982261dfc8b Mon Sep 17 00:00:00 2001 From: SonicDeathMonkey Date: Tue, 16 Mar 2021 13:02:36 -0600 Subject: [PATCH 1/6] meh --- Dockerfile | 20 +--- hardening_manifest.yaml | 245 ++++++++++++++++++---------------------- 2 files changed, 116 insertions(+), 149 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0b8ee5b..00030b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,11 +27,10 @@ USER root ######################################## ## Install Python -RUN dnf update -y && \ - dnf install -y python38.x86_64 && \ - dnf install -y python38-pip-wheel.noarch && \ - dnf clean all && \ - rm -rf /var/cache/dnf +RUN dnf update -y \ + && dnf install -y python38.x86_64 python38-pip-wheel.noarch openssl tar procps iputils hostname \ + && dnf clean all \ + && rm -rf /var/cache/dnf ## Python Installed ######################################## @@ -41,18 +40,11 @@ RUN dnf update -y && \ ## Add the Confluent Docker Utility Belt which helps with starting the proper applications ## https://github.com/confluentinc/common-docker/tree/master/utility-belt -COPY wheel-0.35.1-py2.py3-none-any.whl /tmp/wheel-0.35.1-py2.py3-none-any.whl -COPY python_dateutil-2.8.0-py2.py3-none-any.whl /tmp/python_dateutil-2.8.0-py2.py3-none-any.whl -COPY setuptools-50.0.0-py3-none-any.whl /tmp/setuptools-50.0.0-py3-none-any.whl -COPY confluent_docker_utils-0.0.40-py3-none-any.whl /tmp/confluent_docker_utils-0.0.40-py3-none-any.whl +COPY confluent_docker_utils-0.0.44-py3-none-any.whl /tmp/confluent_docker_utils-0.0.44-py3-none-any.whl COPY *.whl /tmp/python-dependencies/ COPY *.gz /tmp/python-dependencies/ -RUN dnf install -y openssl tar procps iputils hostname \ - && pip3 install --no-index --prefix=/usr/local --upgrade --find-links /tmp/python-dependencies/ /tmp/wheel-0.35.1-py2.py3-none-any.whl \ - && pip3 install --no-index --prefix=/usr/local --upgrade --find-links /tmp/python-dependencies/ /tmp/setuptools-50.0.0-py3-none-any.whl \ - && pip3 install --no-index --prefix=/usr/local --upgrade --find-links /tmp/python-dependencies/ /tmp/python_dateutil-2.8.0-py2.py3-none-any.whl \ - && pip3 install --no-index --prefix=/usr/local --upgrade --find-links /tmp/python-dependencies/ /tmp/confluent_docker_utils-0.0.40-py3-none-any.whl +RUN pip3 install --no-index --prefix=/usr/local --upgrade --find-links /tmp/python-dependencies/ /tmp/confluent_docker_utils-0.0.44-py3-none-any.whl ## dub installed ######################################## diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 5ed459f..ed428be 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "confluent/replicator/cp-enterprise-replicator-5.5.x" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.5.3" +- "5.5.4" - "5.5.x" - "5.5" @@ -23,9 +23,9 @@ labels: org.opencontainers.image.title: "cp-enterprise-replicator-5.5.x" org.opencontainers.image.description: "Confluent Replicator allows you to easily and reliably replicate topics from one Apache Kafka cluster to another." org.opencontainers.image.licenses: "CONFLUENT ENTERPRISE LICENSE" - org.opencontainers.image.url: "https://docs.confluent.io/5.5.3/installation/docker/image-reference.html#image-reference" + org.opencontainers.image.url: "https://docs.confluent.io/5.5.4/installation/docker/image-reference.html#image-reference" org.opencontainers.image.vendor: "Confluent" - org.opencontainers.image.version: "5.5.3" + org.opencontainers.image.version: "5.5.4" mil.dso.ironbank.image.keywords: "confluent,kafka,zookeeper" mil.dso.ironbank.image.type: "commercial" mil.dso.ironbank.product.name: "Confluent Platform" @@ -37,206 +37,186 @@ resources: validation: type: sha256 value: 12dddbe52385a0f702fb8071e12dcc6b3cb2dde07cd8db3ed60e90d90ab78693 -- filename: six-1.15.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced -- filename: wheel-0.35.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a7/00/3df031b3ecd5444d572141321537080b40c1c25e1caa3d86cdd12e5e919c/wheel-0.35.1-py2.py3-none-any.whl - validation: - type: sha256 - value: 497add53525d16c173c2c1c733b8f655510e909ea78cc0e29d374243544b77a2 -- filename: python_dateutil-2.8.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/41/17/c62faccbfbd163c7f57f3844689e3a78bae1f403648a6afb1d0866d87fbb/python_dateutil-2.8.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 7e6584c74aeed623791615e26efd690f29817a27c73085b78e4bad02493df2fb -- filename: setuptools-50.0.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/b0/8b/379494d7dbd3854aa7b85b216cb0af54edcb7fce7d086ba3e35522a713cf/setuptools-50.0.0-py3-none-any.whl - validation: - type: sha256 - value: 1e842b6dc37a1282f95a05551efe2c4bd09ddca8dd506ed3aa635a9fb6d15309 -- filename: python_dateutil-2.8.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl - validation: - type: sha256 - value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a -- filename: paramiko-2.4.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/cf/ae/94e70d49044ccc234bfdba20114fa947d7ba6eb68a2e452d89b920e62227/paramiko-2.4.2-py2.py3-none-any.whl +- filename: boto3-1.17.16-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c2/03/18184037cb21cab227e392962e0ba9a7596d777a08d7c07c2d3640f939bf/boto3-1.17.16-py2.py3-none-any.whl validation: type: sha256 - value: 3c16b2bfb4c0d810b24c40155dbfd113c0521e7e6ee593d704e84b4c658a1f3b -- filename: boto3-1.9.128-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/bc/2d/831406bd8ad5846aef015f98cfb8ebee6a4830bdc3b3bf14ab378f79c970/boto3-1.9.128-py2.py3-none-any.whl + value: 602eadaef665f49090344e0f87aa6a98dbe1ccdd2f20069a372ed35f2706c63c +- filename: paramiko-2.7.2-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/95/19/124e9287b43e6ff3ebb9cdea3e5e8e88475a873c05ccdf8b7e20d2c4201e/paramiko-2.7.2-py2.py3-none-any.whl validation: type: sha256 - value: 9a133736098741ef8016fb22824c99f9bef8f39a0bfbb76f73fe8bf18373f726 -- filename: cryptography-2.7-cp34-abi3-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/97/18/c6557f63a6abde34707196fb2cad1c6dc0dbff25a200d5044922496668a4/cryptography-2.7-cp34-abi3-manylinux1_x86_64.whl + value: 4f3e316fef2ac628b05097a637af35685183111d4bc1b5979bd397c2ab7b5898 +- filename: docker-4.4.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c4/22/410313ad554477e87ec406d38d85f810e61ddb0d2fc44e64994857476de9/docker-4.4.4-py2.py3-none-any.whl validation: type: sha256 - value: 96d8473848e984184b6728e2c9d391482008646276c3ff084a1bd89e15ff53a1 -- filename: docker-3.7.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/48/68/c3afca1a5aa8d2997ec3b8ee822a4d752cf85907b321f07ea86888545152/docker-3.7.2-py2.py3-none-any.whl + value: f3607d5695be025fa405a12aca2e5df702a57db63790c73b927eb6a94aac60af +- filename: docker_compose-1.28.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/00/ff/17cdd2bc5f581cd80fc0b45b549d48c6eff7cd70d20a9f805a0c89394e69/docker_compose-1.28.4-py2.py3-none-any.whl validation: type: sha256 - value: 2b1f48041cfdcc9f6b5da0e04e0e326ded225e736762ade2060000e708f4c9b7 -- filename: requests-2.20.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f1/ca/10332a30cb25b627192b4ea272c351bce3ca1091e541245cccbace6051d8/requests-2.20.0-py2.py3-none-any.whl + value: 92375b30ab7134e8c32470b621e7cf9a3c0771ce2c20de7e1f11cd71f83a088e +- filename: Jinja2-2.11.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl validation: type: sha256 - value: a84b8c9ab6239b578f22d1c21d51b696dcfe004032bb80ea832398d6909d7279 -- filename: mock-2.0.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/e6/35/f187bdf23be87092bd0f1200d43d23076cee4d0dec109f195173fd3ebc79/mock-2.0.0-py2.py3-none-any.whl + value: 03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419 +- filename: mock-4.0.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/5c/03/b7e605db4a57c0f6fba744b11ef3ddf4ddebcada35022927a2b5fc623fdf/mock-4.0.3-py3-none-any.whl validation: type: sha256 - value: 5ce3c71c5545b472da17b72268978914d0252980348636840bd34a00b5cc96c1 -- filename: pyrsistent-0.16.1.tar.gz - url: https://files.pythonhosted.org/packages/80/18/1492d651693ef7d40e0a40377ed56a8cc5c5fe86073eb6c56e53513f4480/pyrsistent-0.16.1.tar.gz + value: 122fcb64ee37cfad5b3f48d7a7d51875d7031aaf3d8be7c42e2bee25044eee62 +- filename: requests-2.25.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl validation: type: sha256 - value: aa2ae1c2e496f4d6777f869ea5de7166a8ccb9c2e06ebcf6c7ff1b670c98c5ef -- filename: six-1.14.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/65/eb/1f97cb97bfc2390a276969c6fae16075da282f5058082d4cb10c6c5c1dba/six-1.14.0-py2.py3-none-any.whl + value: c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e +- filename: cryptography-3.4.6-cp36-abi3-manylinux2014_x86_64.whl + url: https://files.pythonhosted.org/packages/f8/1f/acde6ff69864c5e78b56488e3afd93c1ccc8c2651186e2a5f93d93f64859/cryptography-3.4.6-cp36-abi3-manylinux2014_x86_64.whl validation: type: sha256 - value: 8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c -- filename: docker_compose-1.25.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/a0/dd/6ecfedfb035567bb3be1b895ef036bfe9183917c8746b97ea1a94d1fabd5/docker_compose-1.25.2-py2.py3-none-any.whl - validation: - type: sha256 - value: 93f8a0eb1909aebbefaeeb172b35507a4d04b88962b02ac11c08c92a545678cd -- filename: Jinja2-2.11.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/30/9e/f663a2aa66a09d838042ae1a2c5659828bb9b41ea3a6efa20a20fd92b121/Jinja2-2.11.2-py2.py3-none-any.whl - validation: - type: sha256 - value: f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035 -- filename: PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/9d/57/2f5e6226a674b2bcb6db531e8b383079b678df5b10cdaa610d6cf20d77ba/PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl + value: fec7fb46b10da10d9e1d078d1ff8ed9e05ae14f431fdbd11145edd0550b9a964 +- filename: s3transfer-0.3.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ea/43/4b4a1b26eb03a429a4c37ca7fdf369d938bd60018fc194e94b8379b0c77c/s3transfer-0.3.4-py2.py3-none-any.whl validation: type: sha256 - value: 30f9b96db44e09b3304f9ea95079b1b7316b2b4f3744fe3aaecccd95d547063d -- filename: pyasn1-0.4.8-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl - validation: - type: sha256 - value: 39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d -- filename: bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl - url: https://files.pythonhosted.org/packages/26/70/6d218afbe4c73538053c1016dd631e8f25fffc10cd01f5c272d7acf3c03d/bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl - validation: - type: sha256 - value: cd1ea2ff3038509ea95f687256c46b79f5fc382ad0aa3664d200047546d511d1 -- filename: botocore-1.12.253-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/8e/7b/88f10115b4748f86be6b7b1d8761ba5023fccf6e6cbe762e368f63eddcf9/botocore-1.12.253-py2.py3-none-any.whl + value: 1e28620e5b444652ed752cf87c7e0cb15b0e578972568c6609f0f18212f259ed +- filename: jmespath-0.10.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/07/cb/5f001272b6faeb23c1c9e0acc04d48eaaf5c862c17709d20e3469c6e0139/jmespath-0.10.0-py2.py3-none-any.whl validation: type: sha256 - value: dc080aed4f9b220a9e916ca29ca97a9d37e8e1d296fe89cbaeef929bf0c8066b -- filename: s3transfer-0.2.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/16/8a/1fc3dba0c4923c2a76e1ff0d52b305c44606da63f718d14d3231e21c51b0/s3transfer-0.2.1-py2.py3-none-any.whl + value: cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f +- filename: botocore-1.20.16-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/17/da/da506c061c22a4068163dc0b8d1f96e9ae87cf34f8086c7460e94261f90f/botocore-1.20.16-py2.py3-none-any.whl validation: type: sha256 - value: b780f2411b824cb541dbcd2c713d0cb61c7d1bcadae204cdddda2b35cef493ba -- filename: jmespath-0.10.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/07/cb/5f001272b6faeb23c1c9e0acc04d48eaaf5c862c17709d20e3469c6e0139/jmespath-0.10.0-py2.py3-none-any.whl + value: 48350c0524fafcc6f1cf792a80080eeaf282c4ceed016e9296f1ebfda7c34fb3 +- filename: python_dateutil-2.8.1-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl validation: type: sha256 - value: cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f -- filename: asn1crypto-1.4.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/b5/a8/56be92dcd4a5bf1998705a9b4028249fe7c9a035b955fe93b6a3e5b829f8/asn1crypto-1.4.0-py2.py3-none-any.whl + value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a +- filename: urllib3-1.26.3-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/23/fc/8a49991f7905261f9ca9df5aa9b58363c3c821ce3e7f671895442b7100f2/urllib3-1.26.3-py2.py3-none-any.whl validation: type: sha256 - value: 4bcdf33c861c7d40bdcd74d8e4dd7661aac320fcdf40b9a3f95b4ee12fde2fa8 -- filename: cffi-1.14.3-cp38-cp38-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/c6/60/44b6c54dbbee7d5eafbc34e0a0b67207e85906fe8e36c830dfd3966dde1d/cffi-1.14.3-cp38-cp38-manylinux1_x86_64.whl + value: 1b465e494e3e0d8939b50680403e3aedaa2bc434b7d5af64dfd3c958d7f5ae80 +- filename: cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/5c/0f/e07df370fac0e99e938edc62c8a15e54b9d75605e11838fa0ef300118e1d/cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl validation: type: sha256 - value: 529c4ed2e10437c205f38f3691a68be66c39197d01062618c55f74294a4a4828 -- filename: docker_pycreds-0.4.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/f5/e8/f6bd1eee09314e7e6dee49cbe2c5e22314ccdb38db16c9fc72d2fa80d054/docker_pycreds-0.4.0-py2.py3-none-any.whl + value: 6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e +- filename: pycparser-2.20-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl validation: type: sha256 - value: 7266112468627868005106ec19cd0d722702d2b7d5912a28e19b826c3d37af49 + value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 - filename: websocket_client-0.57.0-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/4c/5f/f61b420143ed1c8dc69f9eaec5ff1ac36109d52c80de49d66e0c36c3dfdf/websocket_client-0.57.0-py2.py3-none-any.whl validation: type: sha256 value: 0fc45c961324d79c781bab301359d5a1b00b13ad1b10415a4780229ef71a5549 -- filename: idna-2.7-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/4b/2a/0276479a4b3caeb8a8c1af2f8e4355746a97fab05a372e4a2c6a6b876165/idna-2.7-py2.py3-none-any.whl - validation: - type: sha256 - value: 156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e -- filename: chardet-3.0.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl +- filename: six-1.15.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl validation: type: sha256 - value: fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 -- filename: certifi-2020.6.20-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/5e/c4/6c4fe722df5343c33226f0b4e0bb042e4dc13483228b4718baf286f86d87/certifi-2020.6.20-py2.py3-none-any.whl + value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced +- filename: docopt-0.6.2.tar.gz + url: https://files.pythonhosted.org/packages/a2/55/8f8cab2afd404cf578136ef2cc5dfb50baa1761b68c9da1fb1e4eed343c9/docopt-0.6.2.tar.gz validation: type: sha256 - value: 8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 -- filename: urllib3-1.24.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/01/11/525b02e4acc0c747de8b6ccdab376331597c569c42ea66ab0a1dbd36eca2/urllib3-1.24.3-py2.py3-none-any.whl + value: 49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491 +- filename: jsonschema-3.2.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl validation: type: sha256 - value: a637e5fae88995b256e3409dc4d52c2e2e0ba32c42a6365fee8bbd2238de3cfb -- filename: pbr-5.5.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/c1/a3/d439f338aa90edd5ad9096cd56564b44882182150e92148eb14ceb7488ba/pbr-5.5.0-py2.py3-none-any.whl + value: 4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163 +- filename: python_dotenv-0.15.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/32/2e/e4585559237787966aad0f8fd0fc31df1c4c9eb0e62de458c5b6cde954eb/python_dotenv-0.15.0-py2.py3-none-any.whl validation: type: sha256 - value: 5adc0f9fc64319d8df5ca1e4e06eea674c26b80e6f00c530b18ce6a6592ead15 + value: 0c8d1b80d1a1e91717ea7d526178e3882732420b03f08afea0406db6402e220e - filename: cached_property-1.5.2-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/48/19/f2090f7dad41e225c7f2326e4cfe6fff49e57dedb5b53636c9551f86b069/cached_property-1.5.2-py2.py3-none-any.whl validation: type: sha256 value: df4f613cf7ad9a588cc381aaf4a512d26265ecebd5eb9e1ba12f1319eb85a6a0 -- filename: docopt-0.6.2.tar.gz - url: https://files.pythonhosted.org/packages/a2/55/8f8cab2afd404cf578136ef2cc5dfb50baa1761b68c9da1fb1e4eed343c9/docopt-0.6.2.tar.gz - validation: - type: sha256 - value: 49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491 - filename: dockerpty-0.4.1.tar.gz url: https://files.pythonhosted.org/packages/8d/ee/e9ecce4c32204a6738e0a5d5883d3413794d7498fe8b06f44becc028d3ba/dockerpty-0.4.1.tar.gz validation: type: sha256 value: 69a9d69d573a0daa31bcd1c0774eeed5c15c295fe719c61aca550ed1393156ce -- filename: jsonschema-3.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl +- filename: PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/70/96/c7245e551b1cb496bfb95840ace55ca60f20d3d8e33d70faf8c78a976899/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl validation: type: sha256 - value: 4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163 + value: 8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb - filename: texttable-1.6.3-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/06/f5/46201c428aebe0eecfa83df66bf3e6caa29659dbac5a56ddfd83cae0d4a4/texttable-1.6.3-py2.py3-none-any.whl validation: type: sha256 value: f802f2ef8459058736264210f716c757cbf85007a30886d8541aa8c3404f1dda -- filename: PyYAML-5.3.1.tar.gz - url: https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz +- filename: distro-1.5.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/25/b7/b3c4270a11414cb22c6352ebc7a83aaa3712043be29daa05018fd5a5c956/distro-1.5.0-py2.py3-none-any.whl validation: type: sha256 - value: b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d + value: df74eed763e18d10d0da624258524ae80486432cd17392d9c3d96f5e83cd2799 - filename: MarkupSafe-1.1.1-cp38-cp38-manylinux1_x86_64.whl url: https://files.pythonhosted.org/packages/4b/20/f6d7648c81cb84815d0be935d5c74cd1cc0239e43eadb1a61062d34b6543/MarkupSafe-1.1.1-cp38-cp38-manylinux1_x86_64.whl validation: type: sha256 value: 13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42 -- filename: docutils-0.15.2-py3-none-any.whl - url: https://files.pythonhosted.org/packages/22/cd/a6aa959dca619918ccb55023b4cb151949c64d4d5d55b3f4ffd7eee0c6e8/docutils-0.15.2-py3-none-any.whl +- filename: importlib_metadata-3.7.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/3a/0d/af9e3dce6524461fa1e8327449f392edac8a3d880b4c91ce3e2d25450d03/importlib_metadata-3.7.0-py3-none-any.whl validation: type: sha256 - value: 6c4f696463b79f1fb8ba0c594b63840ebd41f059e92b31957c46b74a4599b6d0 -- filename: pycparser-2.20-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl + value: c6af5dbf1126cd959c4a8d8efd61d4d3c83bddb0459a17e554284a077574b614 +- filename: attrs-20.3.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/c3/aa/cb45262569fcc047bf070b5de61813724d6726db83259222cd7b4c79821a/attrs-20.3.0-py2.py3-none-any.whl validation: type: sha256 - value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 -- filename: attrs-20.2.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/14/df/479736ae1ef59842f512548bacefad1abed705e400212acba43f9b0fa556/attrs-20.2.0-py2.py3-none-any.whl + value: 31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 +- filename: pyrsistent-0.17.3.tar.gz + url: https://files.pythonhosted.org/packages/4d/70/fd441df751ba8b620e03fd2d2d9ca902103119616f0f6cc42e6405035062/pyrsistent-0.17.3.tar.gz validation: type: sha256 - value: fce7fc47dfc976152e82d53ff92fa0407700c21acd20886a13777a0d20e655dc + value: 2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e +- filename: PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/9d/57/2f5e6226a674b2bcb6db531e8b383079b678df5b10cdaa610d6cf20d77ba/PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl + validation: + type: sha256 + value: 30f9b96db44e09b3304f9ea95079b1b7316b2b4f3744fe3aaecccd95d547063d +- filename: bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl + url: https://files.pythonhosted.org/packages/26/70/6d218afbe4c73538053c1016dd631e8f25fffc10cd01f5c272d7acf3c03d/bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl + validation: + type: sha256 + value: cd1ea2ff3038509ea95f687256c46b79f5fc382ad0aa3664d200047546d511d1 +- filename: certifi-2020.12.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/5e/a0/5f06e1e1d463903cf0c0eebeb751791119ed7a4b3737fdc9a77f1cdfb51f/certifi-2020.12.5-py2.py3-none-any.whl + validation: + type: sha256 + value: 719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830 +- filename: chardet-4.0.0-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl + validation: + type: sha256 + value: f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 +- filename: idna-2.10-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl + validation: + type: sha256 + value: b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 +- filename: typing_extensions-3.7.4.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/60/7a/e881b5abb54db0e6e671ab088d079c57ce54e8a01a3ca443f561ccadb37e/typing_extensions-3.7.4.3-py3-none-any.whl + validation: + type: sha256 + value: 7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 +- filename: zipp-3.4.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/41/ad/6a4f1a124b325618a7fb758b885b68ff7b058eec47d9220a12ab38d90b1f/zipp-3.4.0-py3-none-any.whl + validation: + type: sha256 + value: 102c24ef8f171fd729d46599845e95c7ab894a4cf45f5de11a44cc7444fb1108 - filename: confluent-common-5.5.3-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-common-5.5.3-1.noarch.rpm validation: @@ -292,11 +272,6 @@ resources: validation: type: sha256 value: ed40d62ed5f30ee2fff35e647cd0853655b60541f11294fd6556b9f0ce37240b -- filename: confluent_docker_utils-0.0.40-py3-none-any.whl - url: https://ironbank-files.s3.amazonaws.com/confluent_docker_utils-0.0.40-py3-none-any.whl - validation: - type: sha256 - value: f84abafb513eb80b94bf6f90a838beecd72d7b93bf76e77ae7b090f23db6002d - filename: cp-base-new-5.5.2_doc.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.2_doc.tar.gz validation: -- GitLab From f0fe6b5c7061892fcbb93fc73392052284673c2b Mon Sep 17 00:00:00 2001 From: SonicDeathMonkey Date: Tue, 16 Mar 2021 13:37:26 -0600 Subject: [PATCH 2/6] meh --- hardening_manifest.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ed428be..53f3555 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -217,6 +217,11 @@ resources: validation: type: sha256 value: 102c24ef8f171fd729d46599845e95c7ab894a4cf45f5de11a44cc7444fb1108 +- filename: confluent_docker_utils-0.0.44-py3-none-any.whl + url: https://ironbank-files.s3.amazonaws.com/confluent_docker_utils-0.0.44-py3-none-any.whl + validation: + type: sha256 + value: 7e2622a934f04a2e5b23a355f920473ccf0144e946b433bc619a9802c1e3785c - filename: confluent-common-5.5.3-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-common-5.5.3-1.noarch.rpm validation: -- GitLab From a18a8b7872c5ddf761250b2072f77f2dcdeb3a0c Mon Sep 17 00:00:00 2001 From: SonicDeathMonkey Date: Tue, 16 Mar 2021 15:39:31 -0600 Subject: [PATCH 3/6] urllib update --- hardening_manifest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 53f3555..74b8616 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -97,11 +97,11 @@ resources: validation: type: sha256 value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a -- filename: urllib3-1.26.3-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/23/fc/8a49991f7905261f9ca9df5aa9b58363c3c821ce3e7f671895442b7100f2/urllib3-1.26.3-py2.py3-none-any.whl +- filename: urllib3-1.26.4-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/09/c6/d3e3abe5b4f4f16cf0dfc9240ab7ce10c2baa0e268989a4e3ec19e90c84e/urllib3-1.26.4-py2.py3-none-any.whl validation: type: sha256 - value: 1b465e494e3e0d8939b50680403e3aedaa2bc434b7d5af64dfd3c958d7f5ae80 + value: 2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df - filename: cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl url: https://files.pythonhosted.org/packages/5c/0f/e07df370fac0e99e938edc62c8a15e54b9d75605e11838fa0ef300118e1d/cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl validation: -- GitLab From f734e672c6a27cf46a037fbcf10f7cbac1d92760 Mon Sep 17 00:00:00 2001 From: SonicDeathMonkey Date: Mon, 29 Mar 2021 08:55:25 -0600 Subject: [PATCH 4/6] 5.5.4 mass replace --- Dockerfile | 50 ++++++++++++++-------------- hardening_manifest.yaml | 72 ++++++++++++++++++++--------------------- 2 files changed, 61 insertions(+), 61 deletions(-) diff --git a/Dockerfile b/Dockerfile index 00030b8..1d1d87c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,30 +52,30 @@ RUN mkdir -p /etc/confluent/docker /usr/logs /licenses \ && useradd --no-log-init --create-home --shell /bin/bash appuser COPY --chown=appuser:appuser cp-base-new-5.5.2_doc.tar.gz /usr/share/doc/cp-base-new/ -COPY --chown=appuser:appuser cp-base-new-5.5.3_java.tar.gz /usr/share/java/cp-base-new/ +COPY --chown=appuser:appuser cp-base-new-5.5.4_java.tar.gz /usr/share/java/cp-base-new/ COPY --chown=appuser:appuser scripts/etc/confluent/docker /etc/confluent/docker COPY license.txt /licenses RUN chown appuser:appuser -R /etc/confluent/ /usr/logs \ && cd /usr/share/doc/cp-base-new/ && tar -xvf cp-base-new-5.5.2_doc.tar.gz && rm cp-base-new-5.5.2_doc.tar.gz \ - && cd /usr/share/java/cp-base-new/ && tar -xvf cp-base-new-5.5.3_java.tar.gz && rm cp-base-new-5.5.3_java.tar.gz + && cd /usr/share/java/cp-base-new/ && tar -xvf cp-base-new-5.5.4_java.tar.gz && rm cp-base-new-5.5.4_java.tar.gz ############ ^^^^^ Base Container Details ^^^^^ ############ ############################################################ ############ vvvvv This Container Below vvvvv ############ # Copy required RPMs -COPY confluent-common-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-control-center-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-control-center-fe-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-hub-client-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-kafka-connect-replicator-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-metadata-service-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-rebalancer-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-rest-utils-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-schema-registry-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-security-5.5.3-1.noarch.rpm /tmp/ -COPY confluent-server-5.5.3-1.noarch.rpm /tmp/ +COPY confluent-common-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-control-center-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-control-center-fe-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-hub-client-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-kafka-connect-replicator-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-metadata-service-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-rebalancer-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-rest-utils-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-schema-registry-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-security-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-server-5.5.4-0.1.noarch.rpm /tmp/ ######################################## # confluentinc/kafka-images/server @@ -92,14 +92,14 @@ EXPOSE 9092 USER root RUN echo "===> Installing kafka" \ - && dnf install --nogpgcheck -y /tmp/confluent-common-5.5.3-1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-rest-utils-5.5.3-1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-metadata-service-5.5.3-1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-server-5.5.3-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-common-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-rest-utils-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-metadata-service-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-server-5.5.4-0.1.noarch.rpm \ && echo "===> installing confluent-rebalancer ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-rebalancer-5.5.3-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-rebalancer-5.5.4-0.1.noarch.rpm \ && echo "===> installing confluent-security ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.3-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.4-0.1.noarch.rpm \ && echo "===> Setting up kafka dirs" \ && mkdir -p /var/lib/kafka/data /etc/kafka/secrets \ && chmod -R ag+w /etc/kafka /var/lib/kafka/data /etc/kafka/secrets \ @@ -118,14 +118,14 @@ USER root RUN echo "===> Installing ${COMPONENT}..." \ && echo "===> Installing Schema Registry (for Avro jars) ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-schema-registry-5.5.3-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-schema-registry-5.5.4-0.1.noarch.rpm \ && echo "===> Installing Controlcenter for monitoring interceptors ..."\ - && dnf install --nogpgcheck -y /tmp/confluent-control-center-fe-5.5.3-1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-control-center-5.5.3-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-control-center-fe-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-control-center-5.5.4-0.1.noarch.rpm \ && echo "===> Installing Confluent security plugins ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.3-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.4-0.1.noarch.rpm \ && echo "===> Installing Confluent Hub client ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-hub-client-5.5.3-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-hub-client-5.5.4-0.1.noarch.rpm \ && echo "===> Setting up ${COMPONENT} dirs ..." \ && mkdir -p /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /usr/logs \ && chown appuser:appuser -R /etc/${COMPONENT} /usr/logs \ @@ -144,7 +144,7 @@ COPY --chown=appuser:appuser scripts/etc/confluent/docker /etc/confluent/docker ## confluentinc/kafka-replicator-images/replicator RUN echo "===> Installing Replicator ..." \ && yum -q -y update \ - && dnf install --nogpgcheck -y /tmp/confluent-kafka-connect-replicator-5.5.3-1.noarch.rpm + && dnf install --nogpgcheck -y /tmp/confluent-kafka-connect-replicator-5.5.4-0.1.noarch.rpm ######################################## ## confluentinc/kafka-replicator-images/replicator-executable diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 74b8616..1fb5f77 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -222,71 +222,71 @@ resources: validation: type: sha256 value: 7e2622a934f04a2e5b23a355f920473ccf0144e946b433bc619a9802c1e3785c -- filename: confluent-common-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-common-5.5.3-1.noarch.rpm +- filename: confluent-common-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-common-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: fb3b84e9c4484dc5a185bceb95ec2c9c1c64a94e1831e8553eec8d83077829fc -- filename: confluent-control-center-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-control-center-5.5.3-1.noarch.rpm + value: a50e01f18f0f1abd033b00d76dcb9355b7ee93f541542a5c5aa7add3a035125a +- filename: confluent-control-center-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-control-center-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: 6998f7519cf61a4ec8a145d4c359fb29a91f0d2602cf1711eb624093884a5a25 -- filename: confluent-control-center-fe-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-control-center-fe-5.5.3-1.noarch.rpm + value: 3725d89f2b6f3c57198895b30b3cce99025868fca0a4908f2976d688ffac4f4d +- filename: confluent-control-center-fe-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-control-center-fe-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: 2914be074eed9c74cfc7fbc20534c7b8a8508274569a5d450f885e20032c1710 -- filename: confluent-rebalancer-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-rebalancer-5.5.3-1.noarch.rpm + value: 57776e7b364f81a2bed5d4191e8d1fce7c0de9f1edd5516deec98a7510562c50 +- filename: confluent-rebalancer-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-rebalancer-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: df2ef7a3e1e46da06f007a4789a2ffd5fcdad7b0949d022b875c2ccea3adb294 -- filename: confluent-rest-utils-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-rest-utils-5.5.3-1.noarch.rpm + value: acb2ea5d263078997078ad6569f81c4a50f298c8f7af5a09faa90cfb964e562c +- filename: confluent-rest-utils-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-rest-utils-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: 0ff101d3b9886a89acb6005f30a7f0eb1c274d9fdc29df5bd15d8870f2055f78 -- filename: confluent-security-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-security-5.5.3-1.noarch.rpm + value: 46e3be0ef9d5e3546024bcb6b4ad587d26137e5e2b252215ba8952b103f43f2a +- filename: confluent-security-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-security-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: 00479e328d68a8e9698db9093b3ebb812c7dbca78ffe4be1dfe1bf1c5307a416 -- filename: confluent-schema-registry-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-schema-registry-5.5.3-1.noarch.rpm + value: 81d6d3f15b4220fa11a2cd7afb357e4da24589d3ca20d2231f7f005ce8dc98e5 +- filename: confluent-schema-registry-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-schema-registry-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: 8e7b12f13e46fa63919db9a7fa00112b13bc74f4f4e6bff46a12d35eeda28aa1 -- filename: confluent-hub-client-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-hub-client-5.5.3-1.noarch.rpm + value: c2784e84490bf84351863ad331321a9cdaf556ef4ba311b02c09a6c4d53bbaa7 +- filename: confluent-hub-client-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-hub-client-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: 344fd23189d9b58054596d2de47c3d62ae37649c47e8a044b1e0f30232296b67 -- filename: confluent-metadata-service-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-metadata-service-5.5.3-1.noarch.rpm + value: be6beae15395f846c01cefaa4b4d0095cb31ae1383670a747a8d25a81c4741c2 +- filename: confluent-metadata-service-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-metadata-service-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: 46fd78cdf2bdfc1907bc49760720b02869b399e25da0b7df901e39b84ab4a5dd -- filename: confluent-server-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-server-5.5.3-1.noarch.rpm + value: 34cb00271cc7afe28e1ccfdf2a9d7021685dddac9ede2eda70df789a245cd9a9 +- filename: confluent-server-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-server-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: 186ecbc1510d3a2d65df15e03a9e81dad9a37ec7137ffc1e9961860f510e3597 -- filename: confluent-kafka-connect-replicator-5.5.3-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-kafka-connect-replicator-5.5.3-1.noarch.rpm + value: 43aeb09018867ece568d2217bb7f8b9e9b916a3c0e930e106713a374d3740084 +- filename: confluent-kafka-connect-replicator-5.5.4-0.1.noarch.rpm + url: https://ironbank-files.s3.amazonaws.com/confluent-kafka-connect-replicator-5.5.4-0.1.noarch.rpm validation: type: sha256 - value: ed40d62ed5f30ee2fff35e647cd0853655b60541f11294fd6556b9f0ce37240b + value: 2b141d3e0129449574d37bac697d4b0c47164a3712eee695d27e9269f01f9519 - filename: cp-base-new-5.5.2_doc.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.2_doc.tar.gz validation: type: sha256 value: a9f0dde812daa1e9d0c20a092c03e099f75786493ea6eb6e8fb56e358a57710d -- filename: cp-base-new-5.5.3_java.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.3_java.tar.gz +- filename: cp-base-new-5.5.4_java.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.4_java.tar.gz validation: type: sha256 - value: 50605f8df545b6914fc96567be5c00bfc402d97a3cd888b456d62dc523cc8c47 + value: b9ff9fb0c4d6a2510da1cceb222c3071c5bd084153943229bfd7ebb68cd5b72e # List of project maintainers maintainers: -- GitLab From 9b018d7a1c93dee6b4eca04b49102fd64be5ed26 Mon Sep 17 00:00:00 2001 From: SonicDeathMonkey Date: Thu, 1 Apr 2021 08:46:45 -0600 Subject: [PATCH 5/6] meh --- Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1d1d87c..cd9c66d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,6 +60,9 @@ RUN chown appuser:appuser -R /etc/confluent/ /usr/logs \ && cd /usr/share/doc/cp-base-new/ && tar -xvf cp-base-new-5.5.2_doc.tar.gz && rm cp-base-new-5.5.2_doc.tar.gz \ && cd /usr/share/java/cp-base-new/ && tar -xvf cp-base-new-5.5.4_java.tar.gz && rm cp-base-new-5.5.4_java.tar.gz +# Set the classpath for JARs required by `cub` +ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"' + ############ ^^^^^ Base Container Details ^^^^^ ############ ############################################################ ############ vvvvv This Container Below vvvvv ############ @@ -116,6 +119,8 @@ EXPOSE 8083 USER root +ENV COMPONENT=replicator + RUN echo "===> Installing ${COMPONENT}..." \ && echo "===> Installing Schema Registry (for Avro jars) ..." \ && dnf install --nogpgcheck -y /tmp/confluent-schema-registry-5.5.4-0.1.noarch.rpm \ @@ -149,8 +154,6 @@ RUN echo "===> Installing Replicator ..." \ ######################################## ## confluentinc/kafka-replicator-images/replicator-executable -ENV COMPONENT=replicator - USER root RUN echo "===> clean up ..." \ -- GitLab From 2970b506a06ed4ad54281f2b65e8ababea97bb2b Mon Sep 17 00:00:00 2001 From: SonicDeathMonkey Date: Thu, 22 Apr 2021 10:57:33 -0600 Subject: [PATCH 6/6] rpm update --- .gitignore | 4 +++ Dockerfile | 50 ++++++++++++++-------------- hardening_manifest.yaml | 74 ++++++++++++++++++++--------------------- 3 files changed, 66 insertions(+), 62 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..64da4f0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.whl +*.tar.gz +*.rpm +build-image.sh diff --git a/Dockerfile b/Dockerfile index cd9c66d..2a8720c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,13 +51,13 @@ RUN pip3 install --no-index --prefix=/usr/local --upgrade --find-links /tmp/pyth RUN mkdir -p /etc/confluent/docker /usr/logs /licenses \ && useradd --no-log-init --create-home --shell /bin/bash appuser -COPY --chown=appuser:appuser cp-base-new-5.5.2_doc.tar.gz /usr/share/doc/cp-base-new/ +COPY --chown=appuser:appuser cp-base-new-5.5.4_doc.tar.gz /usr/share/doc/cp-base-new/ COPY --chown=appuser:appuser cp-base-new-5.5.4_java.tar.gz /usr/share/java/cp-base-new/ COPY --chown=appuser:appuser scripts/etc/confluent/docker /etc/confluent/docker COPY license.txt /licenses RUN chown appuser:appuser -R /etc/confluent/ /usr/logs \ - && cd /usr/share/doc/cp-base-new/ && tar -xvf cp-base-new-5.5.2_doc.tar.gz && rm cp-base-new-5.5.2_doc.tar.gz \ + && cd /usr/share/doc/cp-base-new/ && tar -xvf cp-base-new-5.5.4_doc.tar.gz && rm cp-base-new-5.5.4_doc.tar.gz \ && cd /usr/share/java/cp-base-new/ && tar -xvf cp-base-new-5.5.4_java.tar.gz && rm cp-base-new-5.5.4_java.tar.gz # Set the classpath for JARs required by `cub` @@ -68,17 +68,17 @@ ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"' ############ vvvvv This Container Below vvvvv ############ # Copy required RPMs -COPY confluent-common-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-control-center-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-control-center-fe-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-hub-client-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-kafka-connect-replicator-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-metadata-service-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-rebalancer-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-rest-utils-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-schema-registry-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-security-5.5.4-0.1.noarch.rpm /tmp/ -COPY confluent-server-5.5.4-0.1.noarch.rpm /tmp/ +COPY confluent-common-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-control-center-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-control-center-fe-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-hub-client-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-kafka-connect-replicator-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-metadata-service-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-rebalancer-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-rest-utils-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-schema-registry-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-security-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-server-5.5.4-1.noarch.rpm /tmp/ ######################################## # confluentinc/kafka-images/server @@ -95,14 +95,14 @@ EXPOSE 9092 USER root RUN echo "===> Installing kafka" \ - && dnf install --nogpgcheck -y /tmp/confluent-common-5.5.4-0.1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-rest-utils-5.5.4-0.1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-metadata-service-5.5.4-0.1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-server-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-common-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-rest-utils-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-metadata-service-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-server-5.5.4-1.noarch.rpm \ && echo "===> installing confluent-rebalancer ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-rebalancer-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-rebalancer-5.5.4-1.noarch.rpm \ && echo "===> installing confluent-security ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.4-1.noarch.rpm \ && echo "===> Setting up kafka dirs" \ && mkdir -p /var/lib/kafka/data /etc/kafka/secrets \ && chmod -R ag+w /etc/kafka /var/lib/kafka/data /etc/kafka/secrets \ @@ -123,14 +123,14 @@ ENV COMPONENT=replicator RUN echo "===> Installing ${COMPONENT}..." \ && echo "===> Installing Schema Registry (for Avro jars) ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-schema-registry-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-schema-registry-5.5.4-1.noarch.rpm \ && echo "===> Installing Controlcenter for monitoring interceptors ..."\ - && dnf install --nogpgcheck -y /tmp/confluent-control-center-fe-5.5.4-0.1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-control-center-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-control-center-fe-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-control-center-5.5.4-1.noarch.rpm \ && echo "===> Installing Confluent security plugins ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.4-1.noarch.rpm \ && echo "===> Installing Confluent Hub client ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-hub-client-5.5.4-0.1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-hub-client-5.5.4-1.noarch.rpm \ && echo "===> Setting up ${COMPONENT} dirs ..." \ && mkdir -p /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /usr/logs \ && chown appuser:appuser -R /etc/${COMPONENT} /usr/logs \ @@ -149,7 +149,7 @@ COPY --chown=appuser:appuser scripts/etc/confluent/docker /etc/confluent/docker ## confluentinc/kafka-replicator-images/replicator RUN echo "===> Installing Replicator ..." \ && yum -q -y update \ - && dnf install --nogpgcheck -y /tmp/confluent-kafka-connect-replicator-5.5.4-0.1.noarch.rpm + && dnf install --nogpgcheck -y /tmp/confluent-kafka-connect-replicator-5.5.4-1.noarch.rpm ######################################## ## confluentinc/kafka-replicator-images/replicator-executable diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1fb5f77..046c7dc 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -222,71 +222,71 @@ resources: validation: type: sha256 value: 7e2622a934f04a2e5b23a355f920473ccf0144e946b433bc619a9802c1e3785c -- filename: confluent-common-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-common-5.5.4-0.1.noarch.rpm +- filename: confluent-common-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-common-5.5.4-1.noarch.rpm validation: type: sha256 - value: a50e01f18f0f1abd033b00d76dcb9355b7ee93f541542a5c5aa7add3a035125a -- filename: confluent-control-center-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-control-center-5.5.4-0.1.noarch.rpm + value: e93d108159b622e0aea91692021ca26ca8521d16d4d05ddf36b0dca607f27a85 +- filename: confluent-control-center-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-control-center-5.5.4-1.noarch.rpm validation: type: sha256 - value: 3725d89f2b6f3c57198895b30b3cce99025868fca0a4908f2976d688ffac4f4d -- filename: confluent-control-center-fe-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-control-center-fe-5.5.4-0.1.noarch.rpm + value: 72798e1dfaa9d1b15dac2aa756353620d21549d6dd4fdb9320f1b413f502b44e +- filename: confluent-control-center-fe-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-control-center-fe-5.5.4-1.noarch.rpm validation: type: sha256 - value: 57776e7b364f81a2bed5d4191e8d1fce7c0de9f1edd5516deec98a7510562c50 -- filename: confluent-rebalancer-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-rebalancer-5.5.4-0.1.noarch.rpm + value: d3997c3e8ce5cd9952712c66eca9e9768f79daa6688912d63a46a9092b4ba4c9 +- filename: confluent-rebalancer-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-rebalancer-5.5.4-1.noarch.rpm validation: type: sha256 - value: acb2ea5d263078997078ad6569f81c4a50f298c8f7af5a09faa90cfb964e562c -- filename: confluent-rest-utils-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-rest-utils-5.5.4-0.1.noarch.rpm + value: f86f222733795f61cf0023adea4754cbdc405dbbb95682bc1c465ec64f0475af +- filename: confluent-rest-utils-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-rest-utils-5.5.4-1.noarch.rpm validation: type: sha256 - value: 46e3be0ef9d5e3546024bcb6b4ad587d26137e5e2b252215ba8952b103f43f2a -- filename: confluent-security-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-security-5.5.4-0.1.noarch.rpm + value: acefcb0c494db95172190e9dcf4703d694b515ab33c8174372189e8a022aa01f +- filename: confluent-security-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-security-5.5.4-1.noarch.rpm validation: type: sha256 - value: 81d6d3f15b4220fa11a2cd7afb357e4da24589d3ca20d2231f7f005ce8dc98e5 -- filename: confluent-schema-registry-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-schema-registry-5.5.4-0.1.noarch.rpm + value: 0286744a98e6dd9fd8812d66c11ff106632c2d5b71e3e3c8e99f6f0ce66f7b10 +- filename: confluent-schema-registry-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-schema-registry-5.5.4-1.noarch.rpm validation: type: sha256 - value: c2784e84490bf84351863ad331321a9cdaf556ef4ba311b02c09a6c4d53bbaa7 -- filename: confluent-hub-client-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-hub-client-5.5.4-0.1.noarch.rpm + value: ad5a7def1f25373c3da899d11df04594be3dad80bd33860c3ad1613542e8a266 +- filename: confluent-hub-client-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-hub-client-5.5.4-1.noarch.rpm validation: type: sha256 - value: be6beae15395f846c01cefaa4b4d0095cb31ae1383670a747a8d25a81c4741c2 -- filename: confluent-metadata-service-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-metadata-service-5.5.4-0.1.noarch.rpm + value: 4236376486acfeba6bd48cc3c727edaeb586e39f1545af70500e27fcf63b3d0a +- filename: confluent-metadata-service-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-metadata-service-5.5.4-1.noarch.rpm validation: type: sha256 - value: 34cb00271cc7afe28e1ccfdf2a9d7021685dddac9ede2eda70df789a245cd9a9 -- filename: confluent-server-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-server-5.5.4-0.1.noarch.rpm + value: 29a53786b529aa9ef27610b3f62603e807f2a844a6d1a6739f4ba151d790001b +- filename: confluent-server-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-server-5.5.4-1.noarch.rpm validation: type: sha256 - value: 43aeb09018867ece568d2217bb7f8b9e9b916a3c0e930e106713a374d3740084 -- filename: confluent-kafka-connect-replicator-5.5.4-0.1.noarch.rpm - url: https://ironbank-files.s3.amazonaws.com/confluent-kafka-connect-replicator-5.5.4-0.1.noarch.rpm + value: aabd3bfd3a5e70b69f27e5fdf8fb80fc2e2601d9559400811029320a760e9290 +- filename: confluent-kafka-connect-replicator-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-kafka-connect-replicator-5.5.4-1.noarch.rpm validation: type: sha256 - value: 2b141d3e0129449574d37bac697d4b0c47164a3712eee695d27e9269f01f9519 -- filename: cp-base-new-5.5.2_doc.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.2_doc.tar.gz + value: 4bd27c80186166373e44502336886434ef1380f0218415f7ba99bee0d52f26f0 +- filename: cp-base-new-5.5.4_doc.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.4_doc.tar.gz validation: type: sha256 - value: a9f0dde812daa1e9d0c20a092c03e099f75786493ea6eb6e8fb56e358a57710d + value: c3524445edb1f8a8f458d55b119c4ee2527e8129c6c20f1eed801cef7a72066e - filename: cp-base-new-5.5.4_java.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.4_java.tar.gz validation: type: sha256 - value: b9ff9fb0c4d6a2510da1cceb222c3071c5bd084153943229bfd7ebb68cd5b72e + value: 336e98fb3bd4699ab26aa107ad5076d3dced94afd4ad2bab30c186a21965efe1 # List of project maintainers maintainers: -- GitLab