From cfe2d3ad13a95328944b18a7a53ae00d68098fcd Mon Sep 17 00:00:00 2001
From: "John K. Harvey" <john.harvey@crunchydata.com>
Date: Thu, 2 Sep 2021 08:14:50 -0400
Subject: [PATCH 1/3] Remove unnecessary dependencies flagged by scanners

---
 hardening_manifest.yaml | 42 -----------------------------------------
 1 file changed, 42 deletions(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 881c5fd..b99866a 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -2230,30 +2230,6 @@ resources:
       type: sha256
       value: dffc8ca60da043a118fd13dbea1e585d82b9be8750b4acb7a959f641950db838
 
-  - filename: grub2-common-2.02-99.el8.noarch.rpm
-    url: http://mirror.centos.org/centos-8/8.4.2105/BaseOS/x86_64/os/Packages//grub2-common-2.02-99.el8.noarch.rpm
-    validation:
-      type: sha256
-      value: 4a08d5264e865548e65d31886c91b659b33a2c2ba39fd115b00af3ea0bc91a83
-
-  - filename: grub2-tools-2.02-99.el8.x86_64.rpm
-    url: http://mirror.centos.org/centos-8/8.4.2105/BaseOS/x86_64/os/Packages//grub2-tools-2.02-99.el8.x86_64.rpm
-    validation:
-      type: sha256
-      value: ffb306f226bf9b8b97ecc2ee4fc298cb016d459d2f3847144e065fbb30e60698
-
-  - filename: grub2-tools-minimal-2.02-99.el8.x86_64.rpm
-    url: http://mirror.centos.org/centos-8/8.4.2105/BaseOS/x86_64/os/Packages//grub2-tools-minimal-2.02-99.el8.x86_64.rpm
-    validation:
-      type: sha256
-      value: a7ae26b282cff8289a4bd20ee9683bc87e9f6a4c7d7ffce839f2d8a9d46c5734
-
-  - filename: grubby-8.40-41.el8.x86_64.rpm
-    url: http://mirror.centos.org/centos-8/8.4.2105/BaseOS/x86_64/os/Packages//grubby-8.40-41.el8.x86_64.rpm
-    validation:
-      type: sha256
-      value: 188c15ed6c943e47dd53002c2a2275b6c2a465db7901dcedbfaef225c607e64b
-
   - filename: libgudev-232-4.el8.x86_64.rpm
     url: http://mirror.centos.org/centos-8/8.4.2105/BaseOS/x86_64/os/Packages//libgudev-232-4.el8.x86_64.rpm
     validation:
@@ -2266,24 +2242,12 @@ resources:
       type: sha256
       value: aa8d1f77e2afea5018f4df761a5cffe7ab70e341e51cbf4c57ea53233b081ffc
 
-  - filename: memstrack-0.1.11-1.el8.x86_64.rpm
-    url: http://mirror.centos.org/centos-8/8.4.2105/BaseOS/x86_64/os/Packages//memstrack-0.1.11-1.el8.x86_64.rpm
-    validation:
-      type: sha256
-      value: efac6a249e1ab6e6e586db6d1f16c22c299667f464874a9612e280945077bf53
-
   - filename: openssh-server-8.0p1-6.el8_4.2.x86_64.rpm
     url: http://mirror.centos.org/centos-8/8.4.2105/BaseOS/x86_64/os/Packages//openssh-server-8.0p1-6.el8_4.2.x86_64.rpm
     validation:
       type: sha256
       value: 12cf61cf5893a095ef8d693dc8e9b4bdb26eacb31c2075d831b06d0b5ecdd13e
 
-  - filename: os-prober-1.74-6.el8.x86_64.rpm
-    url: http://mirror.centos.org/centos-8/8.4.2105/BaseOS/x86_64/os/Packages//os-prober-1.74-6.el8.x86_64.rpm
-    validation:
-      type: sha256
-      value: 91eb3bdf183ca4211207f1691be56b036d07442b421981fcf2a4a37c8b52b0f2
-
   - filename: blas-3.8.0-8.el8.x86_64.rpm
     url: http://mirror.centos.org/centos-8/8.4.2105/AppStream/x86_64/os/Packages//blas-3.8.0-8.el8.x86_64.rpm
     validation:
@@ -2362,12 +2326,6 @@ resources:
       type: sha256
       value: 7f94c95cf3fd3d7d42d7b6d14707372faab1f9da5bd1e112cd49c53dfc4c9ba8
 
-  - filename: libxkbcommon-x11-0.9.1-1.el8.x86_64.rpm
-    url: http://mirror.centos.org/centos-8/8.4.2105/AppStream/x86_64/os/Packages//libxkbcommon-x11-0.9.1-1.el8.x86_64.rpm
-    validation:
-      type: sha256
-      value: 2b4ae72021189492aad9a43e317263863be41f698862c5ec000b887727fe7cdc
-
   - filename: mtdev-1.1.5-12.el8.x86_64.rpm
     url: http://mirror.centos.org/centos-8/8.4.2105/AppStream/x86_64/os/Packages//mtdev-1.1.5-12.el8.x86_64.rpm
     validation:
-- 
GitLab


From 34d4cb25a7de68bdac30a9843eb189666db8ea51 Mon Sep 17 00:00:00 2001
From: "John K. Harvey" <john.harvey@crunchydata.com>
Date: Thu, 2 Sep 2021 11:07:35 -0400
Subject: [PATCH 2/3] Can't remove libxkbcommon-x11.so.0()(64bit) needed by
 qt5-qtbase-gui-5.12.5-8.el8.x86_64

---
 hardening_manifest.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index b99866a..798cdd0 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -2326,6 +2326,12 @@ resources:
       type: sha256
       value: 7f94c95cf3fd3d7d42d7b6d14707372faab1f9da5bd1e112cd49c53dfc4c9ba8
 
+  - filename: libxkbcommon-x11-0.9.1-1.el8.x86_64.rpm
+    url: http://mirror.centos.org/centos-8/8.4.2105/AppStream/x86_64/os/Packages//libxkbcommon-x11-0.9.1-1.el8.x86_64.rpm
+    validation:
+      type: sha256
+      value: 2b4ae72021189492aad9a43e317263863be41f698862c5ec000b887727fe7cdc
+
   - filename: mtdev-1.1.5-12.el8.x86_64.rpm
     url: http://mirror.centos.org/centos-8/8.4.2105/AppStream/x86_64/os/Packages//mtdev-1.1.5-12.el8.x86_64.rpm
     validation:
-- 
GitLab


From 26745e96a332175536957b24a05e4b69a0d70ca4 Mon Sep 17 00:00:00 2001
From: "John K. Harvey" <john.harvey@crunchydata.com>
Date: Thu, 2 Sep 2021 11:39:16 -0400
Subject: [PATCH 3/3] Update from 8.3 to 8.4

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index df8573c..af3fc9c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
-ARG BASE_TAG=8.3
+ARG BASE_TAG=8.4
 FROM $BASE_REGISTRY/$BASE_IMAGE:$BASE_TAG
 
 MAINTAINER Crunchy Data <info@crunchydata.com>
@@ -63,4 +63,4 @@ ENTRYPOINT ["/opt/crunchy/bin/uid_postgres.sh"]
 
 USER 26
 
-CMD ["/opt/crunchy/bin/start.sh"]
\ No newline at end of file
+CMD ["/opt/crunchy/bin/start.sh"]
-- 
GitLab