From a4d4972a5c823b14669e1e5f89352aaf95266519 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 30 Jun 2021 12:25:26 -0600 Subject: [PATCH 1/4] 5.5.5 updates --- Dockerfile | 46 ++++++++++++++--------------- hardening_manifest.yaml | 65 +++++++++++++++++++++-------------------- 2 files changed, 56 insertions(+), 55 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2a8720c..78cc2bc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,17 +68,17 @@ ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"' ############ vvvvv This Container Below vvvvv ############ # Copy required RPMs -COPY confluent-common-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-control-center-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-control-center-fe-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-hub-client-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-kafka-connect-replicator-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-metadata-service-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-rebalancer-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-rest-utils-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-schema-registry-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-security-5.5.4-1.noarch.rpm /tmp/ -COPY confluent-server-5.5.4-1.noarch.rpm /tmp/ +COPY confluent-common-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-control-center-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-control-center-fe-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-hub-client-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-kafka-connect-replicator-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-metadata-service-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-rebalancer-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-rest-utils-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-schema-registry-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-security-5.5.5-1.noarch.rpm /tmp/ +COPY confluent-server-5.5.5-1.noarch.rpm /tmp/ ######################################## # confluentinc/kafka-images/server @@ -95,14 +95,14 @@ EXPOSE 9092 USER root RUN echo "===> Installing kafka" \ - && dnf install --nogpgcheck -y /tmp/confluent-common-5.5.4-1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-rest-utils-5.5.4-1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-metadata-service-5.5.4-1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-server-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-common-5.5.5-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-rest-utils-5.5.5-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-metadata-service-5.5.5-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-server-5.5.5-1.noarch.rpm \ && echo "===> installing confluent-rebalancer ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-rebalancer-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-rebalancer-5.5.5-1.noarch.rpm \ && echo "===> installing confluent-security ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.5-1.noarch.rpm \ && echo "===> Setting up kafka dirs" \ && mkdir -p /var/lib/kafka/data /etc/kafka/secrets \ && chmod -R ag+w /etc/kafka /var/lib/kafka/data /etc/kafka/secrets \ @@ -123,14 +123,14 @@ ENV COMPONENT=replicator RUN echo "===> Installing ${COMPONENT}..." \ && echo "===> Installing Schema Registry (for Avro jars) ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-schema-registry-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-schema-registry-5.5.5-1.noarch.rpm \ && echo "===> Installing Controlcenter for monitoring interceptors ..."\ - && dnf install --nogpgcheck -y /tmp/confluent-control-center-fe-5.5.4-1.noarch.rpm \ - && dnf install --nogpgcheck -y /tmp/confluent-control-center-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-control-center-fe-5.5.5-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-control-center-5.5.5-1.noarch.rpm \ && echo "===> Installing Confluent security plugins ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-security-5.5.5-1.noarch.rpm \ && echo "===> Installing Confluent Hub client ..." \ - && dnf install --nogpgcheck -y /tmp/confluent-hub-client-5.5.4-1.noarch.rpm \ + && dnf install --nogpgcheck -y /tmp/confluent-hub-client-5.5.5-1.noarch.rpm \ && echo "===> Setting up ${COMPONENT} dirs ..." \ && mkdir -p /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /usr/logs \ && chown appuser:appuser -R /etc/${COMPONENT} /usr/logs \ @@ -149,7 +149,7 @@ COPY --chown=appuser:appuser scripts/etc/confluent/docker /etc/confluent/docker ## confluentinc/kafka-replicator-images/replicator RUN echo "===> Installing Replicator ..." \ && yum -q -y update \ - && dnf install --nogpgcheck -y /tmp/confluent-kafka-connect-replicator-5.5.4-1.noarch.rpm + && dnf install --nogpgcheck -y /tmp/confluent-kafka-connect-replicator-5.5.5-1.noarch.rpm ######################################## ## confluentinc/kafka-replicator-images/replicator-executable diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index e55e335..8a02c34 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -9,6 +9,7 @@ name: "confluent/replicator/cp-enterprise-replicator-5.5.x" # on ironbank.dsop.io tags: - "5.5.4" +- "5.5.5" - "5.5.x" - "5.5" @@ -97,11 +98,11 @@ resources: validation: type: sha256 value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a -- filename: urllib3-1.26.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/09/c6/d3e3abe5b4f4f16cf0dfc9240ab7ce10c2baa0e268989a4e3ec19e90c84e/urllib3-1.26.4-py2.py3-none-any.whl +- filename: urllib3-1.26.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/0c/cd/1e2ec680ec7b09846dc6e605f5a7709dfb9d7128e51a026e7154e18a234e/urllib3-1.26.5-py2.py3-none-any.whl validation: type: sha256 - value: 2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df + value: 753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c - filename: cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl url: https://files.pythonhosted.org/packages/5c/0f/e07df370fac0e99e938edc62c8a15e54b9d75605e11838fa0ef300118e1d/cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl validation: @@ -222,61 +223,61 @@ resources: validation: type: sha256 value: 7e2622a934f04a2e5b23a355f920473ccf0144e946b433bc619a9802c1e3785c -- filename: confluent-common-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-common-5.5.4-1.noarch.rpm +- filename: confluent-common-5.5.5-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-common-5.5.5-1.noarch.rpm validation: type: sha256 - value: 425f7f7104087c932a4144ae929b764098aa0c3a30348d23bbd692b7f95e7fd2 -- filename: confluent-control-center-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-control-center-5.5.4-1.noarch.rpm + value: +- filename: confluent-control-center-5.5.5-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-control-center-5.5.5-1.noarch.rpm validation: type: sha256 - value: d7ed562e413ae44a941116f7355717fdc767a02f01504fac49dc0e7f3096fe76 -- filename: confluent-control-center-fe-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-control-center-fe-5.5.4-1.noarch.rpm + value: +- filename: confluent-control-center-fe-5.5.5-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-control-center-fe-5.5.5-1.noarch.rpm validation: type: sha256 - value: 0cce81d14d8d68727a7ee05d8a67b372a02bc7ac2d72b3a019799ece4408b5d1 -- filename: confluent-rebalancer-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-rebalancer-5.5.4-1.noarch.rpm + value: +- filename: confluent-rebalancer-5.5.5-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-rebalancer-5.5.5-1.noarch.rpm validation: type: sha256 - value: f4bfc0e70aa680e88a6ff3aee6ddda954fa8584b7e7fc350359441c726fb291a + value: - filename: confluent-rest-utils-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-rest-utils-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-rest-utils-5.5.5-1.noarch.rpm validation: type: sha256 - value: 6179243e3841115b3dbacfacf61e8607d24782c2cbf8e53e575df0a5784a091f + value: - filename: confluent-security-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-security-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-security-5.5.5-1.noarch.rpm validation: type: sha256 - value: 05397e5d1eb1779c92185ea1ee66acd46c9f1544b583b64ace75e2097ff85033 + value: - filename: confluent-schema-registry-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-schema-registry-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-schema-registry-5.5.5-1.noarch.rpm validation: type: sha256 - value: a046709a78d73a73b915d01a660e32af8053b2cdfe561cdd6b82cae8460755ce -- filename: confluent-hub-client-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-hub-client-5.5.4-1.noarch.rpm + value: +- filename: confluent-hub-client-5.5.5-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-hub-client-5.5.5-1.noarch.rpm validation: type: sha256 - value: e48457c29d1d9feaa9bd261b5510c6f788c62c1f0e61f152165735e56174b2bb -- filename: confluent-metadata-service-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-metadata-service-5.5.4-1.noarch.rpm + value: +- filename: confluent-metadata-service-5.5.5-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-metadata-service-5.5.5-1.noarch.rpm validation: type: sha256 - value: 2441c2c7493611a81f3ac68086fcf59a0fb0ed779221446f6d26dbb3f2403abd + value: - filename: confluent-server-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-server-5.5.4-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-server-5.5.5-1.noarch.rpm validation: type: sha256 - value: 883a20a68fc9c90154ea820f8d54ab085fb43c862b4624120af6b4b50a7c518d -- filename: confluent-kafka-connect-replicator-5.5.4-1.noarch.rpm - url: https://packages.confluent.io/rpm/5.5/confluent-kafka-connect-replicator-5.5.4-1.noarch.rpm + value: +- filename: confluent-kafka-connect-replicator-5.5.5-1.noarch.rpm + url: https://packages.confluent.io/rpm/5.5/confluent-kafka-connect-replicator-5.5.5-1.noarch.rpm validation: type: sha256 - value: 6f3e262247e6b94f8bd51c45034ebcd911497af493d460d7948fc3bbb14d7dca + value: - filename: cp-base-new-5.5.4_doc.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.4_doc.tar.gz validation: -- GitLab From 03fd642901022cab3f43b7ae02c07d9206dd2cde Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 30 Jun 2021 13:39:12 -0600 Subject: [PATCH 2/4] hashes added --- hardening_manifest.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 8a02c34..478d4cd 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -227,57 +227,57 @@ resources: url: https://packages.confluent.io/rpm/5.5/confluent-common-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 80fcd5c1f756889eebbbf6c7744b36a910056250d54a34ab0941ac358c6755d7 - filename: confluent-control-center-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-control-center-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 81557a1a1fd5ca0e75a37dbf564ee8c3941e3fa1a086306b04558a21f8c1a9a8 - filename: confluent-control-center-fe-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-control-center-fe-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 9f40732b25da1cc5d7864dd6a1a02c94ce36836cb7f983335f559cffbad32a69 - filename: confluent-rebalancer-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-rebalancer-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 957b6f4803013eed18079d1721952d93621349c7363464f4ecd67bb0a2fbe7f1 - filename: confluent-rest-utils-5.5.4-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-rest-utils-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 02b8bfe06a504380bed46cc0f6be751aae33f9df615d4443ebc883446e8f2aee - filename: confluent-security-5.5.4-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-security-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 5273b4bb9964dee14204c21be3f8ab57578c86b523214515e6cc1059ee263d89 - filename: confluent-schema-registry-5.5.4-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-schema-registry-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 42673ffb8ba4c8204987a78dae30d12e7e7f9245d235b681590c79bc50f05278 - filename: confluent-hub-client-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-hub-client-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 5acd64249ba884c6448626b9cdf314c26a3c5f52166b220b04031527541e20f7 - filename: confluent-metadata-service-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-metadata-service-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 2de4f5ae6058f8ddb49b4f9e69542e0c74f150b1ece50c844b8999ad2181aac7 - filename: confluent-server-5.5.4-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-server-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: ff66c9bf315b22aabf430e8f2dbedc7d9c71bee569227e7cd8c5f759c232d178 - filename: confluent-kafka-connect-replicator-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-kafka-connect-replicator-5.5.5-1.noarch.rpm validation: type: sha256 - value: + value: 89f32b7c5df5ebfc4e7ed7b8e876d4437d62fe4c029d8e9530dd9454b99f99da - filename: cp-base-new-5.5.4_doc.tar.gz url: https://ironbank-files.s3.amazonaws.com/cp-base-new-5.5.4_doc.tar.gz validation: -- GitLab From 6858c428c17ed3eb752037dba3592357f8ac1226 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 30 Jun 2021 14:13:47 -0600 Subject: [PATCH 3/4] filename fixes --- hardening_manifest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 478d4cd..328dd0c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -243,17 +243,17 @@ resources: validation: type: sha256 value: 957b6f4803013eed18079d1721952d93621349c7363464f4ecd67bb0a2fbe7f1 -- filename: confluent-rest-utils-5.5.4-1.noarch.rpm +- filename: confluent-rest-utils-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-rest-utils-5.5.5-1.noarch.rpm validation: type: sha256 value: 02b8bfe06a504380bed46cc0f6be751aae33f9df615d4443ebc883446e8f2aee -- filename: confluent-security-5.5.4-1.noarch.rpm +- filename: confluent-security-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-security-5.5.5-1.noarch.rpm validation: type: sha256 value: 5273b4bb9964dee14204c21be3f8ab57578c86b523214515e6cc1059ee263d89 -- filename: confluent-schema-registry-5.5.4-1.noarch.rpm +- filename: confluent-schema-registry-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-schema-registry-5.5.5-1.noarch.rpm validation: type: sha256 -- GitLab From a5919612c4b9e8340c1b2611c46a4757b7e0f704 Mon Sep 17 00:00:00 2001 From: Scott Stroud Date: Wed, 30 Jun 2021 14:36:21 -0600 Subject: [PATCH 4/4] meh --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 328dd0c..111df37 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -268,7 +268,7 @@ resources: validation: type: sha256 value: 2de4f5ae6058f8ddb49b4f9e69542e0c74f150b1ece50c844b8999ad2181aac7 -- filename: confluent-server-5.5.4-1.noarch.rpm +- filename: confluent-server-5.5.5-1.noarch.rpm url: https://packages.confluent.io/rpm/5.5/confluent-server-5.5.5-1.noarch.rpm validation: type: sha256 -- GitLab