From d2b402f36aac68e7ea0270f50f2d010efb477ada Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 16 Feb 2021 16:50:29 -0800 Subject: [PATCH 001/134] initial checkin --- dockerfile | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 dockerfile diff --git a/dockerfile b/dockerfile new file mode 100644 index 0000000..2f387ee --- /dev/null +++ b/dockerfile @@ -0,0 +1,110 @@ +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 +ARG BASE_TAG=8.3 + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +# Set necessary environment variables for python and python development environment +ARG APP_ROOT=/opt/app-root +ENV PYTHON_VERSION=3.6 \ + APP_ROOT=$APP_ROOT \ + USER_NAME=hero \ + HOME=${APP_ROOT} \ + PATH=$HOME/.local/bin/:/opt/app-root/src/bin:/opt/app-root/bin:$PATH \ + EDITOR=/usr/bin/vim \ + PS1="AAP \W\$ " \ + PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + PIP_NO_CACHE_DIR=off \ + LANG="en_US.UTF-8" + +# - Enable the virtual python environment and default interactive and non-interactive +# shell environment upon container startup +#ENV BASH_ENV=/usr/bin/py-enable \ +# ENV=/usr/bin/py-enable \ +ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" + +# ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script +# ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. +# https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html +# https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html + +ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ + DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +building and running various Python $PYTHON_VERSION applications and frameworks. \ +Python is an easy to learn, powerful programming language. It has efficient high-level \ +data structures and a simple but effective approach to object-oriented programming. \ +Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +make it an ideal language for scripting and rapid application development in many areas \ +on most platforms." + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="Python 3.6" \ + io.openshift.tags="builder,python,python36,python-36,rh-python36" \ + com.redhat.component="ubi8-container" \ + name="ubi8/python-36" \ + version="1" \ + com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ + maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" + +# Copy extra files to the image. +COPY ./root / +RUN chmod a+x /usr/bin/container-entrypoint && \ + chmod a+x /usr/bin/fix-permissions && \ + chmod a+x /usr/bin/rpm-file-permissions && \ + chmod a+x /usr/bin/generate-container-user && \ + chmod a+x /usr/bin/py-enable && \ + chmod a+x /usr/bin/aap + +# Install packages +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ + yum -y update-minimal --setopt=tsflags=nodocs --security && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + yum -y remove vim-minimal && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo="*" + +# Install the OpenShift command line tool, oc +RUN curl -kv --output ./oc.tar https://downloads-openshift-console.apps.unity.services.nres.navy.mil/amd64/linux/oc.tar && \ + tar xvf oc.tar && \ + mv ./oc /usr/bin/ && \ + rm -f oc.tar + +# Install mongodb shell (client) +RUN curl -kv --output ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ + yum -y install ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ + rm -f mongodb-org-shell-3.6.18-1.el8.x86_64.rpm + +# Instal jq (to parse openshift api query results) +RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ + mv ./jq /usr/bin/ && \ + chmod a+x /usr/bin/jq + +# Instal helm +RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ + mv ./helm /usr/bin/ && \ + chmod a+x /usr/bin/helm + +# - Create a Python virtual environment for use by any application to avoid +# potential conflicts with Python packages preinstalled in the main Python +# installation. +# - In order to drop the root user, we have to make some directories world +# writable as multi-tenant Kubernetes clusters' default security model +# should run the container under a random UID. +# - For any python applications use this default user +#RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ + +# Set up container user and adjust permissions to run in OpenShift environment +WORKDIR ${HOME} +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions + +ENTRYPOINT ["/usr/bin/container-entrypoint"] +USER 1001 + +HEALTHCHECK CMD python --version -- GitLab From cc470bdaedeec66dc658280663fb37ab0f35c0e3 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 17 Feb 2021 12:57:45 -0800 Subject: [PATCH 002/134] rename file --- dockerfile => Dockerfile.aapcli | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename dockerfile => Dockerfile.aapcli (100%) diff --git a/dockerfile b/Dockerfile.aapcli similarity index 100% rename from dockerfile rename to Dockerfile.aapcli -- GitLab From 5d8a179f21778cecea2b18d396ff1a1668f1406d Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 17 Feb 2021 12:57:55 -0800 Subject: [PATCH 003/134] rename file --- Dockerfile.aapcli => Dockerfile | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Dockerfile.aapcli => Dockerfile (100%) diff --git a/Dockerfile.aapcli b/Dockerfile similarity index 100% rename from Dockerfile.aapcli rename to Dockerfile -- GitLab From 68ecc506c484c8c01a84cb06647041ab1dda6547 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 17 Feb 2021 13:11:18 -0800 Subject: [PATCH 004/134] Adding hardening_manifest.yaml --- hardening_manifest.yaml | 70 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 hardening_manifest.yaml diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..91369f0 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,70 @@ +--- + apiVersion: v1 + + # The repository name in registry1, excluding /ironbank/ + name: "diat/aap-cli" + + # List of tags to push for the repository in registry1 + # The most specific version should be the first tag and will be shown + # on ironbank.dso.mil + tags: + - "latest" + + # Build args passed to Dockerfile ARGs + args: + BASE_IMAGE: "ironbank/redhat/ubi/ubi8" + BASE_TAG: "8.3" + + # Docker image labels + labels: + # Name of the image + org.opencontainers.image.title: "aap-cli" + # Human-readable description of the software packaged in the image + org.opencontainers.image.description: "Command line interface tools for working with the Advanced Analytics Platform on Atlas" + # License(s) under which contained software is distributed + org.opencontainers.image.licenses: "AAP License" + # URL to find more information on the image + org.opencontainers.image.url: "https://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform" + # Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "aap-cli" + # Authoritative version of the software + org.opencontainers.image.version: "4.0" + # Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" + # This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + # Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "diat/aap-cli" + + # List of resources to make available to the offline build context + resources: {} + # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/mongodb-enterprise-operator-binaries-release-1.4.2.tar.gz" + # filename: "mongodb-files1.tar.gz" # [required field] desired staging name for the build context + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase + # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/second_dependency.tar.gz" + # filename: "mongodb-files2.tar.gz" + # validation: + # type: "sha256" + # value: "0clkc9ajdf92jk2f9jdij9gij9jwd9fj9diackjfa0d0928fbb64514306ech1l2" + # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/third_dependency.tar.gz" + # filename: "mongodb-files3.tar.gz" + # validation: + # type: "sha256" + # value: "lkdlf1kdfj19664197855c95ad07e2102b7cbcdfofiu29idj0gu1082486y340x" + # if the file you pull is from a github repo, make sure this is the official repo for that file, + # and indicate that in a comment in this file + + # List of project maintainers + maintainers: + - email: "wingkwan.lau1@navy.mil" + # The name of the current container owner + name: "WingKwan Lau" + # The gitlab username of the current container owner + username: "wlau" + cht_member: true # NOTE: Include if the maintainer is a member of CHT + - name: "WingKwan Lau" + username: "wlau" + email: "wingkwan.lau1@navy.mil" + \ No newline at end of file -- GitLab From 74d4dee53faca9ec307184a20674d9eb6f7573bf Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 17 Feb 2021 13:15:42 -0800 Subject: [PATCH 005/134] Adding required folder structure --- LICENSE | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e69de29 -- GitLab From 1c0a3c4ec99d48b4ef715ec4b47b2d1c5b519b58 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 17 Feb 2021 14:14:45 -0800 Subject: [PATCH 006/134] Updating hardening_manifest --- hardening_manifest.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 91369f0..2ec7695 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -12,6 +12,7 @@ # Build args passed to Dockerfile ARGs args: + BASE_REGISTRY: "registry1.dsop.io" BASE_IMAGE: "ironbank/redhat/ubi/ubi8" BASE_TAG: "8.3" -- GitLab From 604575e32b0e3761b51b246cfdab9fb6d1fa09c9 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 24 Feb 2021 16:18:52 -0800 Subject: [PATCH 007/134] added tag --- hardening_manifest.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 2ec7695..c0deafa 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,6 +8,7 @@ # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: + - "4.0" - "latest" # Build args passed to Dockerfile ARGs -- GitLab From 7b1774ab6f519dec512e93b9edbbbad929839beb Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 24 Feb 2021 16:35:41 -0800 Subject: [PATCH 008/134] Update docker file remove base image --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2f387ee..af0b24e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,4 @@ ARG BASE_REGISTRY=registry1.dsop.io -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 -ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -- GitLab From c82067d36dca08f678192857b194a28fe5b55a8f Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 24 Feb 2021 18:45:06 -0800 Subject: [PATCH 009/134] removed tag --- hardening_manifest.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c0deafa..2ec7695 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,6 @@ # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: - - "4.0" - "latest" # Build args passed to Dockerfile ARGs -- GitLab From 9dbb53a4859e4d938280bcebe84b42eaf841c3c4 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 24 Feb 2021 18:48:42 -0800 Subject: [PATCH 010/134] removed label --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index af0b24e..66f86f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,3 @@ -ARG BASE_REGISTRY=registry1.dsop.io - FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # Set necessary environment variables for python and python development environment -- GitLab From b6605f28a0024c852bd2e7adff8582eafaaa76e6 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 24 Feb 2021 18:52:39 -0800 Subject: [PATCH 011/134] added tag --- hardening_manifest.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 2ec7695..59be6f3 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,8 @@ # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: - - "latest" + - "4.0" + - "latest" # Build args passed to Dockerfile ARGs args: -- GitLab From 9009546b293c84fd066863fb21fee10a7ba4aacf Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 24 Feb 2021 19:00:54 -0800 Subject: [PATCH 012/134] updated hardening manifest --- hardening_manifest.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 59be6f3..a28b748 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 # The repository name in registry1, excluding /ironbank/ @@ -8,8 +7,8 @@ # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: - - "4.0" - - "latest" + - "4.0" + - "latest" # Build args passed to Dockerfile ARGs args: -- GitLab From 313438fc7fbd68dd0ad35b6380ebdb5007151382 Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 25 Feb 2021 15:07:03 -0800 Subject: [PATCH 013/134] debugging --- LICENSE | 0 README.md | 3 -- hardening_manifest.yaml | 71 ----------------------------------------- 3 files changed, 74 deletions(-) delete mode 100644 LICENSE delete mode 100644 README.md delete mode 100644 hardening_manifest.yaml diff --git a/LICENSE b/LICENSE deleted file mode 100644 index e69de29..0000000 diff --git a/README.md b/README.md deleted file mode 100644 index 5dc6fa6..0000000 --- a/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# - -Project template for all Iron Bank container repositories. \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml deleted file mode 100644 index a28b748..0000000 --- a/hardening_manifest.yaml +++ /dev/null @@ -1,71 +0,0 @@ - apiVersion: v1 - - # The repository name in registry1, excluding /ironbank/ - name: "diat/aap-cli" - - # List of tags to push for the repository in registry1 - # The most specific version should be the first tag and will be shown - # on ironbank.dso.mil - tags: - - "4.0" - - "latest" - - # Build args passed to Dockerfile ARGs - args: - BASE_REGISTRY: "registry1.dsop.io" - BASE_IMAGE: "ironbank/redhat/ubi/ubi8" - BASE_TAG: "8.3" - - # Docker image labels - labels: - # Name of the image - org.opencontainers.image.title: "aap-cli" - # Human-readable description of the software packaged in the image - org.opencontainers.image.description: "Command line interface tools for working with the Advanced Analytics Platform on Atlas" - # License(s) under which contained software is distributed - org.opencontainers.image.licenses: "AAP License" - # URL to find more information on the image - org.opencontainers.image.url: "https://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform" - # Name of the distributing entity, organization or individual - org.opencontainers.image.vendor: "aap-cli" - # Authoritative version of the software - org.opencontainers.image.version: "4.0" - # Keywords to help with search (ex. "cicd,gitops,golang") - mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" - # This value can be "opensource" or "commercial" - mil.dso.ironbank.image.type: "commercial" - # Product the image belongs to for grouping multiple images - mil.dso.ironbank.product.name: "diat/aap-cli" - - # List of resources to make available to the offline build context - resources: {} - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/mongodb-enterprise-operator-binaries-release-1.4.2.tar.gz" - # filename: "mongodb-files1.tar.gz" # [required field] desired staging name for the build context - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/second_dependency.tar.gz" - # filename: "mongodb-files2.tar.gz" - # validation: - # type: "sha256" - # value: "0clkc9ajdf92jk2f9jdij9gij9jwd9fj9diackjfa0d0928fbb64514306ech1l2" - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/third_dependency.tar.gz" - # filename: "mongodb-files3.tar.gz" - # validation: - # type: "sha256" - # value: "lkdlf1kdfj19664197855c95ad07e2102b7cbcdfofiu29idj0gu1082486y340x" - # if the file you pull is from a github repo, make sure this is the official repo for that file, - # and indicate that in a comment in this file - - # List of project maintainers - maintainers: - - email: "wingkwan.lau1@navy.mil" - # The name of the current container owner - name: "WingKwan Lau" - # The gitlab username of the current container owner - username: "wlau" - cht_member: true # NOTE: Include if the maintainer is a member of CHT - - name: "WingKwan Lau" - username: "wlau" - email: "wingkwan.lau1@navy.mil" - \ No newline at end of file -- GitLab From e525a9d35d7528161015269943f6c415dd5e708d Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 25 Feb 2021 15:12:31 -0800 Subject: [PATCH 014/134] debugging --- README.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..5dc6fa6 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# + +Project template for all Iron Bank container repositories. \ No newline at end of file -- GitLab From 11927649d49dbad08a0fefd9b87d59543cb59c5f Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 25 Feb 2021 16:51:05 -0800 Subject: [PATCH 015/134] debugging --- LICENSE | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e69de29 -- GitLab From 68258e3ba30f7792da3980c47aaa8f8810d45d1f Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 12:14:31 -0800 Subject: [PATCH 016/134] debugging --- hardening_manifest.yaml | 71 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 hardening_manifest.yaml diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..a28b748 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,71 @@ + apiVersion: v1 + + # The repository name in registry1, excluding /ironbank/ + name: "diat/aap-cli" + + # List of tags to push for the repository in registry1 + # The most specific version should be the first tag and will be shown + # on ironbank.dso.mil + tags: + - "4.0" + - "latest" + + # Build args passed to Dockerfile ARGs + args: + BASE_REGISTRY: "registry1.dsop.io" + BASE_IMAGE: "ironbank/redhat/ubi/ubi8" + BASE_TAG: "8.3" + + # Docker image labels + labels: + # Name of the image + org.opencontainers.image.title: "aap-cli" + # Human-readable description of the software packaged in the image + org.opencontainers.image.description: "Command line interface tools for working with the Advanced Analytics Platform on Atlas" + # License(s) under which contained software is distributed + org.opencontainers.image.licenses: "AAP License" + # URL to find more information on the image + org.opencontainers.image.url: "https://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform" + # Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "aap-cli" + # Authoritative version of the software + org.opencontainers.image.version: "4.0" + # Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" + # This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + # Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "diat/aap-cli" + + # List of resources to make available to the offline build context + resources: {} + # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/mongodb-enterprise-operator-binaries-release-1.4.2.tar.gz" + # filename: "mongodb-files1.tar.gz" # [required field] desired staging name for the build context + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase + # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/second_dependency.tar.gz" + # filename: "mongodb-files2.tar.gz" + # validation: + # type: "sha256" + # value: "0clkc9ajdf92jk2f9jdij9gij9jwd9fj9diackjfa0d0928fbb64514306ech1l2" + # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/third_dependency.tar.gz" + # filename: "mongodb-files3.tar.gz" + # validation: + # type: "sha256" + # value: "lkdlf1kdfj19664197855c95ad07e2102b7cbcdfofiu29idj0gu1082486y340x" + # if the file you pull is from a github repo, make sure this is the official repo for that file, + # and indicate that in a comment in this file + + # List of project maintainers + maintainers: + - email: "wingkwan.lau1@navy.mil" + # The name of the current container owner + name: "WingKwan Lau" + # The gitlab username of the current container owner + username: "wlau" + cht_member: true # NOTE: Include if the maintainer is a member of CHT + - name: "WingKwan Lau" + username: "wlau" + email: "wingkwan.lau1@navy.mil" + \ No newline at end of file -- GitLab From 142076cfc6a155421615ad21151eddc3ffbc00da Mon Sep 17 00:00:00 2001 From: "sean.melissari" Date: Fri, 26 Feb 2021 20:19:58 +0000 Subject: [PATCH 017/134] fix manifest --- hardening_manifest.yaml | 113 ++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 69 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a28b748..1170885 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,71 +1,46 @@ - apiVersion: v1 +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "diat/aap-cli" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dso.mil +tags: +- "4.0" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.3" + +# Docker image labels +labels: + # Name of the image + org.opencontainers.image.title: "aap-cli" + # Human-readable description of the software packaged in the image + org.opencontainers.image.description: "Command line interface tools for working with the Advanced Analytics Platform on Atlas" + # License(s) under which contained software is distributed + org.opencontainers.image.licenses: "AAP License" + # URL to find more information on the image + org.opencontainers.image.url: "https://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform" + # Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "aap-cli" + # Authoritative version of the software + org.opencontainers.image.version: "4.0" + # Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" + # This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + # Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "diat/aap-cli" - # The repository name in registry1, excluding /ironbank/ - name: "diat/aap-cli" +# List of resources to make available to the offline build context +resources: [] - # List of tags to push for the repository in registry1 - # The most specific version should be the first tag and will be shown - # on ironbank.dso.mil - tags: - - "4.0" - - "latest" - - # Build args passed to Dockerfile ARGs - args: - BASE_REGISTRY: "registry1.dsop.io" - BASE_IMAGE: "ironbank/redhat/ubi/ubi8" - BASE_TAG: "8.3" - - # Docker image labels - labels: - # Name of the image - org.opencontainers.image.title: "aap-cli" - # Human-readable description of the software packaged in the image - org.opencontainers.image.description: "Command line interface tools for working with the Advanced Analytics Platform on Atlas" - # License(s) under which contained software is distributed - org.opencontainers.image.licenses: "AAP License" - # URL to find more information on the image - org.opencontainers.image.url: "https://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform" - # Name of the distributing entity, organization or individual - org.opencontainers.image.vendor: "aap-cli" - # Authoritative version of the software - org.opencontainers.image.version: "4.0" - # Keywords to help with search (ex. "cicd,gitops,golang") - mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" - # This value can be "opensource" or "commercial" - mil.dso.ironbank.image.type: "commercial" - # Product the image belongs to for grouping multiple images - mil.dso.ironbank.product.name: "diat/aap-cli" - - # List of resources to make available to the offline build context - resources: {} - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/mongodb-enterprise-operator-binaries-release-1.4.2.tar.gz" - # filename: "mongodb-files1.tar.gz" # [required field] desired staging name for the build context - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/second_dependency.tar.gz" - # filename: "mongodb-files2.tar.gz" - # validation: - # type: "sha256" - # value: "0clkc9ajdf92jk2f9jdij9gij9jwd9fj9diackjfa0d0928fbb64514306ech1l2" - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/third_dependency.tar.gz" - # filename: "mongodb-files3.tar.gz" - # validation: - # type: "sha256" - # value: "lkdlf1kdfj19664197855c95ad07e2102b7cbcdfofiu29idj0gu1082486y340x" - # if the file you pull is from a github repo, make sure this is the official repo for that file, - # and indicate that in a comment in this file - - # List of project maintainers - maintainers: - - email: "wingkwan.lau1@navy.mil" - # The name of the current container owner - name: "WingKwan Lau" - # The gitlab username of the current container owner - username: "wlau" - cht_member: true # NOTE: Include if the maintainer is a member of CHT - - name: "WingKwan Lau" - username: "wlau" - email: "wingkwan.lau1@navy.mil" - \ No newline at end of file +# List of project maintainers +maintainers: +- email: "wingkwan.lau1@navy.mil" + name: "WingKwan Lau" + username: "wlau" -- GitLab From e83409036392cf845b5e932c569b27c34f4c98e4 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 12:31:16 -0800 Subject: [PATCH 018/134] debugging 2/26 1231 --- Dockerfile | 4 ++ hardening_manifest.yaml | 141 ++++++++++++++++++++-------------------- 2 files changed, 74 insertions(+), 71 deletions(-) diff --git a/Dockerfile b/Dockerfile index 66f86f1..0283045 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,7 @@ +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=redhat/ubi/ubi8 +ARG BASE_TAG=8.3 + FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # Set necessary environment variables for python and python development environment diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a28b748..98cfca5 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,71 +1,70 @@ - apiVersion: v1 - - # The repository name in registry1, excluding /ironbank/ - name: "diat/aap-cli" - - # List of tags to push for the repository in registry1 - # The most specific version should be the first tag and will be shown - # on ironbank.dso.mil - tags: - - "4.0" - - "latest" - - # Build args passed to Dockerfile ARGs - args: - BASE_REGISTRY: "registry1.dsop.io" - BASE_IMAGE: "ironbank/redhat/ubi/ubi8" - BASE_TAG: "8.3" - - # Docker image labels - labels: - # Name of the image - org.opencontainers.image.title: "aap-cli" - # Human-readable description of the software packaged in the image - org.opencontainers.image.description: "Command line interface tools for working with the Advanced Analytics Platform on Atlas" - # License(s) under which contained software is distributed - org.opencontainers.image.licenses: "AAP License" - # URL to find more information on the image - org.opencontainers.image.url: "https://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform" - # Name of the distributing entity, organization or individual - org.opencontainers.image.vendor: "aap-cli" - # Authoritative version of the software - org.opencontainers.image.version: "4.0" - # Keywords to help with search (ex. "cicd,gitops,golang") - mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" - # This value can be "opensource" or "commercial" - mil.dso.ironbank.image.type: "commercial" - # Product the image belongs to for grouping multiple images - mil.dso.ironbank.product.name: "diat/aap-cli" - - # List of resources to make available to the offline build context - resources: {} - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/mongodb-enterprise-operator-binaries-release-1.4.2.tar.gz" - # filename: "mongodb-files1.tar.gz" # [required field] desired staging name for the build context - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/second_dependency.tar.gz" - # filename: "mongodb-files2.tar.gz" - # validation: - # type: "sha256" - # value: "0clkc9ajdf92jk2f9jdij9gij9jwd9fj9diackjfa0d0928fbb64514306ech1l2" - # - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/third_dependency.tar.gz" - # filename: "mongodb-files3.tar.gz" - # validation: - # type: "sha256" - # value: "lkdlf1kdfj19664197855c95ad07e2102b7cbcdfofiu29idj0gu1082486y340x" - # if the file you pull is from a github repo, make sure this is the official repo for that file, - # and indicate that in a comment in this file - - # List of project maintainers - maintainers: - - email: "wingkwan.lau1@navy.mil" - # The name of the current container owner - name: "WingKwan Lau" - # The gitlab username of the current container owner - username: "wlau" - cht_member: true # NOTE: Include if the maintainer is a member of CHT - - name: "WingKwan Lau" - username: "wlau" - email: "wingkwan.lau1@navy.mil" - \ No newline at end of file +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "diat/aap-cli" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dso.mil +tags: +- "4.0" +- "latest" + +# Build args passed to Dockerfile ARGs +args: +BASE_REGISTRY: "registry1.dsop.io" +BASE_IMAGE: "redhat/ubi/ubi8" +BASE_TAG: "8.3" + +# Docker image labels +labels: +# Name of the image +org.opencontainers.image.title: "aap-cli" +# Human-readable description of the software packaged in the image +org.opencontainers.image.description: "Command line interface tools for working with the Advanced Analytics Platform on Atlas" +# License(s) under which contained software is distributed +org.opencontainers.image.licenses: "AAP License" +# URL to find more information on the image +org.opencontainers.image.url: "https://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform" +# Name of the distributing entity, organization or individual +org.opencontainers.image.vendor: "aap-cli" +# Authoritative version of the software +org.opencontainers.image.version: "4.0" +# Keywords to help with search (ex. "cicd,gitops,golang") +mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" +# This value can be "opensource" or "commercial" +mil.dso.ironbank.image.type: "commercial" +# Product the image belongs to for grouping multiple images +mil.dso.ironbank.product.name: "diat/aap-cli" + +# List of resources to make available to the offline build context +resources: {} +# - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/mongodb-enterprise-operator-binaries-release-1.4.2.tar.gz" +# filename: "mongodb-files1.tar.gz" # [required field] desired staging name for the build context +# validation: +# type: "sha256" # supported: sha256, sha512 +# value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase +# - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/second_dependency.tar.gz" +# filename: "mongodb-files2.tar.gz" +# validation: +# type: "sha256" +# value: "0clkc9ajdf92jk2f9jdij9gij9jwd9fj9diackjfa0d0928fbb64514306ech1l2" +# - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/third_dependency.tar.gz" +# filename: "mongodb-files3.tar.gz" +# validation: +# type: "sha256" +# value: "lkdlf1kdfj19664197855c95ad07e2102b7cbcdfofiu29idj0gu1082486y340x" + # if the file you pull is from a github repo, make sure this is the official repo for that file, + # and indicate that in a comment in this file + +# List of project maintainers +maintainers: +- email: "wingkwan.lau1@navy.mil" +# The name of the current container owner +name: "WingKwan Lau" +# The gitlab username of the current container owner +username: "wlau" +cht_member: true # NOTE: Include if the maintainer is a member of CHT +- name: "WingKwan Lau" +username: "wlau" +email: "wingkwan.lau1@navy.mil" -- GitLab From 852c1a7cd8919f17da6feaf10c2d270ef9ff4fa4 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 12:44:43 -0800 Subject: [PATCH 019/134] debugging 2/26 123144 --- hardening_manifest.yaml | 60 +---------------------------------------- 1 file changed, 1 insertion(+), 59 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 54cff79..a118fd9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -12,64 +12,7 @@ tags: # Build args passed to Dockerfile ARGs args: -<<<<<<< HEAD -BASE_REGISTRY: "registry1.dsop.io" -BASE_IMAGE: "redhat/ubi/ubi8" -BASE_TAG: "8.3" - -# Docker image labels -labels: -# Name of the image -org.opencontainers.image.title: "aap-cli" -# Human-readable description of the software packaged in the image -org.opencontainers.image.description: "Command line interface tools for working with the Advanced Analytics Platform on Atlas" -# License(s) under which contained software is distributed -org.opencontainers.image.licenses: "AAP License" -# URL to find more information on the image -org.opencontainers.image.url: "https://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform" -# Name of the distributing entity, organization or individual -org.opencontainers.image.vendor: "aap-cli" -# Authoritative version of the software -org.opencontainers.image.version: "4.0" -# Keywords to help with search (ex. "cicd,gitops,golang") -mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" -# This value can be "opensource" or "commercial" -mil.dso.ironbank.image.type: "commercial" -# Product the image belongs to for grouping multiple images -mil.dso.ironbank.product.name: "diat/aap-cli" - -# List of resources to make available to the offline build context -resources: {} -# - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/mongodb-enterprise-operator-binaries-release-1.4.2.tar.gz" -# filename: "mongodb-files1.tar.gz" # [required field] desired staging name for the build context -# validation: -# type: "sha256" # supported: sha256, sha512 -# value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase -# - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/second_dependency.tar.gz" -# filename: "mongodb-files2.tar.gz" -# validation: -# type: "sha256" -# value: "0clkc9ajdf92jk2f9jdij9gij9jwd9fj9diackjfa0d0928fbb64514306ech1l2" -# - url: "https://s3.amazonaws.com/ops-manager-kubernetes-build/releases/third_dependency.tar.gz" -# filename: "mongodb-files3.tar.gz" -# validation: -# type: "sha256" -# value: "lkdlf1kdfj19664197855c95ad07e2102b7cbcdfofiu29idj0gu1082486y340x" - # if the file you pull is from a github repo, make sure this is the official repo for that file, - # and indicate that in a comment in this file - -# List of project maintainers -maintainers: -- email: "wingkwan.lau1@navy.mil" -# The name of the current container owner -name: "WingKwan Lau" -# The gitlab username of the current container owner -username: "wlau" -cht_member: true # NOTE: Include if the maintainer is a member of CHT -- name: "WingKwan Lau" -username: "wlau" -email: "wingkwan.lau1@navy.mil" -======= + BASE_REGISTRY: "registry1.dsop.io" BASE_IMAGE: "redhat/ubi/ubi8" BASE_TAG: "8.3" @@ -102,4 +45,3 @@ maintainers: - email: "wingkwan.lau1@navy.mil" name: "WingKwan Lau" username: "wlau" ->>>>>>> 142076cfc6a155421615ad21151eddc3ffbc00da -- GitLab From 65221c5e3c5ae692146c4acf234cfe42b2a332ea Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 12:55:16 -0800 Subject: [PATCH 020/134] debugging 2/26 1255 --- Dockerfile | 36 ++++++++++++++++++------------------ hardening_manifest.yaml | 11 +++++++++++ 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0283045..cb28493 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,25 +29,25 @@ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html # https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html -ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ - DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ -building and running various Python $PYTHON_VERSION applications and frameworks. \ -Python is an easy to learn, powerful programming language. It has efficient high-level \ -data structures and a simple but effective approach to object-oriented programming. \ -Python's elegant syntax and dynamic typing, together with its interpreted nature, \ -make it an ideal language for scripting and rapid application development in many areas \ -on most platforms." +# ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ +# DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +# building and running various Python $PYTHON_VERSION applications and frameworks. \ +# Python is an easy to learn, powerful programming language. It has efficient high-level \ +# data structures and a simple but effective approach to object-oriented programming. \ +# Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +# make it an ideal language for scripting and rapid application development in many areas \ +# on most platforms." -LABEL summary="$SUMMARY" \ - description="$DESCRIPTION" \ - io.k8s.description="$DESCRIPTION" \ - io.k8s.display-name="Python 3.6" \ - io.openshift.tags="builder,python,python36,python-36,rh-python36" \ - com.redhat.component="ubi8-container" \ - name="ubi8/python-36" \ - version="1" \ - com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ - maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" +# LABEL summary="$SUMMARY" \ +# description="$DESCRIPTION" \ +# io.k8s.description="$DESCRIPTION" \ +# io.k8s.display-name="Python 3.6" \ +# io.openshift.tags="builder,python,python36,python-36,rh-python36" \ +# com.redhat.component="ubi8-container" \ +# name="ubi8/python-36" \ +# version="1" \ +# com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ +# maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" # Copy extra files to the image. COPY ./root / diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a118fd9..3edbd01 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -37,6 +37,17 @@ labels: # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "diat/aap-cli" + summary: "Platform for building and running Python 3.6 applications" + description: "Python 3.6 available as container is a base platform for building and running various Python 3.6 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms." + io.k8s.description: "Python 3.6 available as container is a base platform for building and running various Python 3.6 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms." + io.k8s.display-name: "Python 3.6" + io.openshift.tags: "builder,python,python36,python-36,rh-python36" + com.redhat.component: "ubi8-container" + name: "ubi8/python-36" + version: "1" + com.redhat.license_terms: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" + maintainer: "NAVAIR Advanced Analytics Platform (AAP) Product Team" + # List of resources to make available to the offline build context resources: [] -- GitLab From 721f5bdc799dfd13556fe3d31eeaf62b73be4a6f Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 13:55:53 -0800 Subject: [PATCH 021/134] debugging 2/26 1355 --- hardening_manifest.yaml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 3edbd01..a118fd9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -37,17 +37,6 @@ labels: # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "diat/aap-cli" - summary: "Platform for building and running Python 3.6 applications" - description: "Python 3.6 available as container is a base platform for building and running various Python 3.6 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms." - io.k8s.description: "Python 3.6 available as container is a base platform for building and running various Python 3.6 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms." - io.k8s.display-name: "Python 3.6" - io.openshift.tags: "builder,python,python36,python-36,rh-python36" - com.redhat.component: "ubi8-container" - name: "ubi8/python-36" - version: "1" - com.redhat.license_terms: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" - maintainer: "NAVAIR Advanced Analytics Platform (AAP) Product Team" - # List of resources to make available to the offline build context resources: [] -- GitLab From edb7e02d21430e24f7d99d85373d79375ad134f9 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 13:58:22 -0800 Subject: [PATCH 022/134] Added Label 2/26 1358 --- hardening_manifest.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a118fd9..2c9085c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -36,7 +36,10 @@ labels: mil.dso.ironbank.image.type: "commercial" # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "diat/aap-cli" - + + # Summary + summary: "Platform for building and running Python 3.6 applications" + # List of resources to make available to the offline build context resources: [] -- GitLab From 0f984dee19c54ad56bafe6eb6bd5cf7347867563 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 14:01:57 -0800 Subject: [PATCH 023/134] Added Label 2/26 1358 --- hardening_manifest.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 2c9085c..c681334 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -36,7 +36,6 @@ labels: mil.dso.ironbank.image.type: "commercial" # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "diat/aap-cli" - # Summary summary: "Platform for building and running Python 3.6 applications" -- GitLab From 721134fe137765c4967b08774339e7d4503d792e Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 14:03:10 -0800 Subject: [PATCH 024/134] removed Label 2/26 1404 --- hardening_manifest.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c681334..09c269b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -36,8 +36,6 @@ labels: mil.dso.ironbank.image.type: "commercial" # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "diat/aap-cli" - # Summary - summary: "Platform for building and running Python 3.6 applications" # List of resources to make available to the offline build context resources: [] -- GitLab From 7baba766235492ab153c59e2498f00e451e1375e Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 14:05:38 -0800 Subject: [PATCH 025/134] added Label 2/26 1405 --- hardening_manifest.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 09c269b..98d0d54 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -36,6 +36,8 @@ labels: mil.dso.ironbank.image.type: "commercial" # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "diat/aap-cli" + # Summary + org.opencontainers.image.summary: "Platform for building and running Python 3.6 applications" # List of resources to make available to the offline build context resources: [] -- GitLab From 36ae844afcb0a7bfe0bc561ab35247a4bae5e4f6 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 14:13:33 -0800 Subject: [PATCH 026/134] removed Label 2/26 1413 --- Dockerfile | 36 ++++++++++++++++++------------------ hardening_manifest.yaml | 2 -- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/Dockerfile b/Dockerfile index cb28493..34cc869 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,25 +29,25 @@ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html # https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html -# ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ -# DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ -# building and running various Python $PYTHON_VERSION applications and frameworks. \ -# Python is an easy to learn, powerful programming language. It has efficient high-level \ -# data structures and a simple but effective approach to object-oriented programming. \ -# Python's elegant syntax and dynamic typing, together with its interpreted nature, \ -# make it an ideal language for scripting and rapid application development in many areas \ -# on most platforms." +# # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ +# # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +# # building and running various Python $PYTHON_VERSION applications and frameworks. \ +# # Python is an easy to learn, powerful programming language. It has efficient high-level \ +# # data structures and a simple but effective approach to object-oriented programming. \ +# # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +# # make it an ideal language for scripting and rapid application development in many areas \ +# # on most platforms." -# LABEL summary="$SUMMARY" \ -# description="$DESCRIPTION" \ -# io.k8s.description="$DESCRIPTION" \ -# io.k8s.display-name="Python 3.6" \ -# io.openshift.tags="builder,python,python36,python-36,rh-python36" \ -# com.redhat.component="ubi8-container" \ -# name="ubi8/python-36" \ -# version="1" \ -# com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ -# maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" +# # LABEL summary="$SUMMARY" \ +# # description="$DESCRIPTION" \ +# # io.k8s.description="$DESCRIPTION" \ +# # io.k8s.display-name="Python 3.6" \ +# # io.openshift.tags="builder,python,python36,python-36,rh-python36" \ +# # com.redhat.component="ubi8-container" \ +# # name="ubi8/python-36" \ +# # version="1" \ +# # com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ +# # maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" # Copy extra files to the image. COPY ./root / diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 98d0d54..09c269b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -36,8 +36,6 @@ labels: mil.dso.ironbank.image.type: "commercial" # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "diat/aap-cli" - # Summary - org.opencontainers.image.summary: "Platform for building and running Python 3.6 applications" # List of resources to make available to the offline build context resources: [] -- GitLab From 1f13597c839b77d30bb900366ea9bd9f17d15dad Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 14:35:11 -0800 Subject: [PATCH 027/134] Modified Dockerfile 2/26 1435 --- Dockerfile | 118 ++++++++++++++++++++++++++--------------------------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/Dockerfile b/Dockerfile index 34cc869..45ca31e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,25 +29,25 @@ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html # https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html -# # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ -# # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ -# # building and running various Python $PYTHON_VERSION applications and frameworks. \ -# # Python is an easy to learn, powerful programming language. It has efficient high-level \ -# # data structures and a simple but effective approach to object-oriented programming. \ -# # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ -# # make it an ideal language for scripting and rapid application development in many areas \ -# # on most platforms." +# # # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ +# # # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +# # # building and running various Python $PYTHON_VERSION applications and frameworks. \ +# # # Python is an easy to learn, powerful programming language. It has efficient high-level \ +# # # data structures and a simple but effective approach to object-oriented programming. \ +# # # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +# # # make it an ideal language for scripting and rapid application development in many areas \ +# # # on most platforms." -# # LABEL summary="$SUMMARY" \ -# # description="$DESCRIPTION" \ -# # io.k8s.description="$DESCRIPTION" \ -# # io.k8s.display-name="Python 3.6" \ -# # io.openshift.tags="builder,python,python36,python-36,rh-python36" \ -# # com.redhat.component="ubi8-container" \ -# # name="ubi8/python-36" \ -# # version="1" \ -# # com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ -# # maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" +# # # LABEL summary="$SUMMARY" \ +# # # description="$DESCRIPTION" \ +# # # io.k8s.description="$DESCRIPTION" \ +# # # io.k8s.display-name="Python 3.6" \ +# # # io.openshift.tags="builder,python,python36,python-36,rh-python36" \ +# # # com.redhat.component="ubi8-container" \ +# # # name="ubi8/python-36" \ +# # # version="1" \ +# # # com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ +# # # maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" # Copy extra files to the image. COPY ./root / @@ -58,53 +58,53 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/py-enable && \ chmod a+x /usr/bin/aap -# Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ - yum -y update-minimal --setopt=tsflags=nodocs --security && \ - yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ - yum -y remove vim-minimal && \ - rpm -V $INSTALL_PKGS && \ - yum -y clean all --enablerepo="*" +# # Install packages +# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ +# yum -y update-minimal --setopt=tsflags=nodocs --security && \ +# yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ +# yum -y remove vim-minimal && \ +# rpm -V $INSTALL_PKGS && \ +# yum -y clean all --enablerepo="*" -# Install the OpenShift command line tool, oc -RUN curl -kv --output ./oc.tar https://downloads-openshift-console.apps.unity.services.nres.navy.mil/amd64/linux/oc.tar && \ - tar xvf oc.tar && \ - mv ./oc /usr/bin/ && \ - rm -f oc.tar +# # Install the OpenShift command line tool, oc +# RUN curl -kv --output ./oc.tar https://downloads-openshift-console.apps.unity.services.nres.navy.mil/amd64/linux/oc.tar && \ +# tar xvf oc.tar && \ +# mv ./oc /usr/bin/ && \ +# rm -f oc.tar -# Install mongodb shell (client) -RUN curl -kv --output ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ - yum -y install ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ - rm -f mongodb-org-shell-3.6.18-1.el8.x86_64.rpm +# # Install mongodb shell (client) +# RUN curl -kv --output ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ +# yum -y install ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ +# rm -f mongodb-org-shell-3.6.18-1.el8.x86_64.rpm -# Instal jq (to parse openshift api query results) -RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ - mv ./jq /usr/bin/ && \ - chmod a+x /usr/bin/jq +# # Instal jq (to parse openshift api query results) +# RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ +# mv ./jq /usr/bin/ && \ +# chmod a+x /usr/bin/jq -# Instal helm -RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ - mv ./helm /usr/bin/ && \ - chmod a+x /usr/bin/helm +# # Instal helm +# RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ +# mv ./helm /usr/bin/ && \ +# chmod a+x /usr/bin/helm -# - Create a Python virtual environment for use by any application to avoid -# potential conflicts with Python packages preinstalled in the main Python -# installation. -# - In order to drop the root user, we have to make some directories world -# writable as multi-tenant Kubernetes clusters' default security model -# should run the container under a random UID. -# - For any python applications use this default user -#RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ +# # - Create a Python virtual environment for use by any application to avoid +# # potential conflicts with Python packages preinstalled in the main Python +# # installation. +# # - In order to drop the root user, we have to make some directories world +# # writable as multi-tenant Kubernetes clusters' default security model +# # should run the container under a random UID. +# # - For any python applications use this default user +# #RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ -# Set up container user and adjust permissions to run in OpenShift environment -WORKDIR ${HOME} -RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P && \ - fix-permissions ${HOME} -P && \ - rpm-file-permissions +# # Set up container user and adjust permissions to run in OpenShift environment +# WORKDIR ${HOME} +# RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ +# -c "Default Application User" default && \ +# fix-permissions ${APP_ROOT} -P && \ +# fix-permissions ${HOME} -P && \ +# rpm-file-permissions -ENTRYPOINT ["/usr/bin/container-entrypoint"] -USER 1001 +# ENTRYPOINT ["/usr/bin/container-entrypoint"] +# USER 1001 HEALTHCHECK CMD python --version -- GitLab From 59968a8b34fdce5dff52368e2c987a79c666568d Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 14:43:08 -0800 Subject: [PATCH 028/134] Added root folder 2/26 1435 --- root/usr/bin/aap | 23 +++++++++++++++++++++++ root/usr/bin/container-entrypoint | 9 +++++++++ root/usr/bin/fix-permissions | 28 ++++++++++++++++++++++++++++ root/usr/bin/generate-container-user | 20 ++++++++++++++++++++ root/usr/bin/py-enable | 6 ++++++ root/usr/bin/rpm-file-permissions | 22 ++++++++++++++++++++++ 6 files changed, 108 insertions(+) create mode 100644 root/usr/bin/aap create mode 100644 root/usr/bin/container-entrypoint create mode 100644 root/usr/bin/fix-permissions create mode 100644 root/usr/bin/generate-container-user create mode 100644 root/usr/bin/py-enable create mode 100644 root/usr/bin/rpm-file-permissions diff --git a/root/usr/bin/aap b/root/usr/bin/aap new file mode 100644 index 0000000..546c5d0 --- /dev/null +++ b/root/usr/bin/aap @@ -0,0 +1,23 @@ +#!/bin/bash + +echo -e "\e[38;5;1m ___\e[38;5;208m ___\e[38;5;226m ____\033[97m ________ ____" +echo -e "\e[38;5;1m / |\e[38;5;208m / |\e[38;5;226m / __ \ \033[97m / ____/ / / _/" +echo -e "\e[38;5;1m / /| |\e[38;5;208m / /| |\e[38;5;226m / /_/ /\033[97m / / / / / / " +echo -e "\e[38;5;1m / ___ |\e[38;5;208m/ ___ |\e[38;5;226m/ ____/\033[97m / /___/ /____/ / " +echo -e "\e[38;5;1m/_/ |_\e[38;5;208m/_/ |_\e[38;5;226m/_/ \033[97m \____/_____/___/ " +echo +echo -e "\033[37mCommand line interface for the Advanced Analytics Platform" +echo -e "\033[94mhttps://wiki.navair1.navy.mil/display/Analytics/Advanced+Analytics+Platform\033[37m" +echo -e "Red Hat Universal Base Image 8 (ubi8) with additions: git, helm, mongo, oc, python, vim\033[97m" +echo + +if [ ! -f ~/bin/python ]; then + virtualenv-$PYTHON_VERSION ${APP_ROOT} +fi + +if [ ! -f ~/.bashrc ]; then + echo "alias vi='vim'" >> ~/.bashrc + echo "alias ll='ls -lah --color'" >> ~/.bashrc +fi + +. ~/.bashrc diff --git a/root/usr/bin/container-entrypoint b/root/usr/bin/container-entrypoint new file mode 100644 index 0000000..339a74c --- /dev/null +++ b/root/usr/bin/container-entrypoint @@ -0,0 +1,9 @@ +#!/bin/bash + +# temp: hard coding "hero" as container username (todo: fix to use env vars for username and homedir) +if [ `id -u` -ge 1 ]; then + echo "hero:x:`id -u`:`id -g`:here:/opt/app-root:/bin/bash" >> /etc/passwd +fi + +exec "$@" + diff --git a/root/usr/bin/fix-permissions b/root/usr/bin/fix-permissions new file mode 100644 index 0000000..827eeb5 --- /dev/null +++ b/root/usr/bin/fix-permissions @@ -0,0 +1,28 @@ +#!/bin/sh + +# Allow this script to fail without failing a build +set +e + +SYMLINK_OPT=${2:--L} + +# Fix permissions on the given directory or file to allow group read/write of +# regular files and execute of directories. + +[ $(id -u) -ne 0 ] && CHECK_OWNER=" -uid $(id -u)" + +# If argument does not exist, script will still exit with 0, +# but at least we'll see something went wrong in the log +if ! [ -e "$1" ] ; then + echo "ERROR: File or directory $1 does not exist." >&2 + # We still want to end successfully + exit 0 +fi + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -gid 0 -exec chgrp 0 {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} \! -perm -g+rw -exec chmod g+rw {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} -perm /u+x -a \! -perm /g+x -exec chmod g+x {} + +find $SYMLINK_OPT "$1" ${CHECK_OWNER} -type d \! -perm /g+x -exec chmod g+x {} + + +# Always end successfully +exit 0 + diff --git a/root/usr/bin/generate-container-user b/root/usr/bin/generate-container-user new file mode 100644 index 0000000..f092c51 --- /dev/null +++ b/root/usr/bin/generate-container-user @@ -0,0 +1,20 @@ +# Set current user in nss_wrapper +USER_ID=$(id -u) +GROUP_ID=$(id -g) + +if [ x"$USER_ID" != x"0" -a x"$USER_ID" != x"1001" ]; then + + NSS_WRAPPER_PASSWD=/opt/app-root/etc/passwd + NSS_WRAPPER_GROUP=/etc/group + + cat /etc/passwd | sed -e 's/^default:/builder:/' > $NSS_WRAPPER_PASSWD + + echo "default:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/sbin/nologin" >> $NSS_WRAPPER_PASSWD + + export NSS_WRAPPER_PASSWD + export NSS_WRAPPER_GROUP + + LD_PRELOAD=libnss_wrapper.so + export LD_PRELOAD +fi + diff --git a/root/usr/bin/py-enable b/root/usr/bin/py-enable new file mode 100644 index 0000000..9d1443b --- /dev/null +++ b/root/usr/bin/py-enable @@ -0,0 +1,6 @@ +# IMPORTANT: Do not add more content to this file unless you know what you are +# doing. This file is sourced everytime the shell session is opened. +# This will make the python libraries work out of the box. +unset BASH_ENV PROMPT_COMMAND ENV +source /opt/app-root/bin/activate + diff --git a/root/usr/bin/rpm-file-permissions b/root/usr/bin/rpm-file-permissions new file mode 100644 index 0000000..e96e705 --- /dev/null +++ b/root/usr/bin/rpm-file-permissions @@ -0,0 +1,22 @@ +#!/bin/sh + +CHECK_DIRS="/ /opt /etc /usr /usr/bin /usr/lib /usr/lib64 /usr/share /usr/libexec" + +rpm_format="[%{FILESTATES:fstate} %7{FILEMODES:octal} %{FILENAMES:shescape}\n]" + +rpm -q --qf "$rpm_format" filesystem | while read line +do + eval "set -- $line" + + case $1 in + normal) ;; + *) continue ;; + esac + + case " $CHECK_DIRS " in + *" $3 "*) + chmod "${2: -4}" "$3" + ;; + esac +done + -- GitLab From 30843c78d781c2f9605d2128a3fff17e252cb308 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Feb 2021 14:52:06 -0800 Subject: [PATCH 029/134] Install packages 2/26 1452 --- Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 45ca31e..cff1971 100644 --- a/Dockerfile +++ b/Dockerfile @@ -58,13 +58,13 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/py-enable && \ chmod a+x /usr/bin/aap -# # Install packages -# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -# yum -y update-minimal --setopt=tsflags=nodocs --security && \ -# yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ -# yum -y remove vim-minimal && \ -# rpm -V $INSTALL_PKGS && \ -# yum -y clean all --enablerepo="*" +# Install packages +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ + yum -y update-minimal --setopt=tsflags=nodocs --security && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + yum -y remove vim-minimal && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo="*" # # Install the OpenShift command line tool, oc # RUN curl -kv --output ./oc.tar https://downloads-openshift-console.apps.unity.services.nres.navy.mil/amd64/linux/oc.tar && \ -- GitLab From 113762931657ca70bce1f9527b99ffcddbd3c3b5 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 13:57:08 -0800 Subject: [PATCH 030/134] Install packages 3/1 1356 --- hardening_manifest.yaml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 09c269b..5d28cfc 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -36,10 +36,21 @@ labels: mil.dso.ironbank.image.type: "commercial" # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "diat/aap-cli" - + # List of resources to make available to the offline build context -resources: [] - +resources: + - url: "https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm" + filename: "mongodb-org-shell-3.6.18-1.el8.x86_64.rpm" + validation: + type: "sha256" # supported: sha256, sha512 + value: "889b9edf920b4dd7a9952eaa8b62541dcbc1c135cfa264a16887394c807a1b1c" # must be lowercase + +# # Install mongodb shell (client) +# RUN curl -kv --output ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ +# yum -y install ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ +# rm -f mongodb-org-shell-3.6.18-1.el8.x86_64.rpm + + # List of project maintainers maintainers: - email: "wingkwan.lau1@navy.mil" -- GitLab From 4cceecb38b56285d5e2c4ef72b92cc4e1efa6c66 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:04:36 -0800 Subject: [PATCH 031/134] Install packages 3/1 1356 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 5d28cfc..a4fb45c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,7 +39,7 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm" + - url: " https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.6/x86_64/RPMS/mongodb-org-shell-3.6.22-1.el7.x86_64.rpm" filename: "mongodb-org-shell-3.6.18-1.el8.x86_64.rpm" validation: type: "sha256" # supported: sha256, sha512 -- GitLab From 8cc5fd35ba0a0d831b341b5824cf8426cc92c6ba Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:07:29 -0800 Subject: [PATCH 032/134] Install packages 3/1 1407 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a4fb45c..0a77f16 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,7 +39,7 @@ labels: # List of resources to make available to the offline build context resources: - - url: " https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.6/x86_64/RPMS/mongodb-org-shell-3.6.22-1.el7.x86_64.rpm" + - url: "https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.6/x86_64/RPMS/mongodb-org-shell-3.6.22-1.el7.x86_64.rpm" filename: "mongodb-org-shell-3.6.18-1.el8.x86_64.rpm" validation: type: "sha256" # supported: sha256, sha512 -- GitLab From b3514e3cdd36b7796d38ad997aa79aabca0d6717 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:10:56 -0800 Subject: [PATCH 033/134] Install packages 3/1 1410 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 0a77f16..48efd64 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,7 +39,7 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.6/x86_64/RPMS/mongodb-org-shell-3.6.22-1.el7.x86_64.rpm" + - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-server-4.4.4-1.el8.x86_64.rpm" filename: "mongodb-org-shell-3.6.18-1.el8.x86_64.rpm" validation: type: "sha256" # supported: sha256, sha512 -- GitLab From a3a384af334106cac49d496e3334d562c0fd7387 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:14:11 -0800 Subject: [PATCH 034/134] Install packages 3/1 14140 --- Dockerfile | 6 +++--- hardening_manifest.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index cff1971..0b4f800 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,9 +73,9 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # rm -f oc.tar # # Install mongodb shell (client) -# RUN curl -kv --output ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ -# yum -y install ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ -# rm -f mongodb-org-shell-3.6.18-1.el8.x86_64.rpm +# RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ +RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ + rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 48efd64..7887b7b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,8 +39,8 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-server-4.4.4-1.el8.x86_64.rpm" - filename: "mongodb-org-shell-3.6.18-1.el8.x86_64.rpm" + - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" validation: type: "sha256" # supported: sha256, sha512 value: "889b9edf920b4dd7a9952eaa8b62541dcbc1c135cfa264a16887394c807a1b1c" # must be lowercase -- GitLab From 109da20a8be4be40f5a696e36c4806d1618584a2 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:18:01 -0800 Subject: [PATCH 035/134] Update Mongo Installation 3/1 1417 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 7887b7b..49295f2 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -43,7 +43,7 @@ resources: filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" validation: type: "sha256" # supported: sha256, sha512 - value: "889b9edf920b4dd7a9952eaa8b62541dcbc1c135cfa264a16887394c807a1b1c" # must be lowercase + value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ -- GitLab From 3ecbda3e0ee852ca7453473d71e905caec51a204 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:24:26 -0800 Subject: [PATCH 036/134] Update jq Installation 3/1 1423 --- Dockerfile | 4 ++-- hardening_manifest.yaml | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0b4f800..8b76f15 100644 --- a/Dockerfile +++ b/Dockerfile @@ -79,8 +79,8 @@ RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ -# mv ./jq /usr/bin/ && \ -# chmod a+x /usr/bin/jq +RUN mv ./jq /usr/bin/ && \ + chmod a+x /usr/bin/jq # # Instal helm # RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 49295f2..8533553 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -44,12 +44,13 @@ resources: validation: type: "sha256" # supported: sha256, sha512 value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase + - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" + filename: "jq" + validation: + type: "sha256" # supported: sha256, sha512 + value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase -# # Install mongodb shell (client) -# RUN curl -kv --output ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ -# yum -y install ./mongodb-org-shell-3.6.18-1.el8.x86_64.rpm && \ -# rm -f mongodb-org-shell-3.6.18-1.el8.x86_64.rpm - + # List of project maintainers maintainers: -- GitLab From 6ac77d4dc92410d8d22f252ada3c702b455051a2 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:28:35 -0800 Subject: [PATCH 037/134] Update jq Installation debug 3/1 1428 --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8b76f15..653ead5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -74,13 +74,15 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ +RUN ls -la + RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ -RUN mv ./jq /usr/bin/ && \ - chmod a+x /usr/bin/jq +# RUN mv ./jq /usr/bin/ && \ +# chmod a+x /usr/bin/jq # # Instal helm # RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ -- GitLab From 493f57902b3d601a9c7e580b9cbfa01cfe8244dd Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:35:58 -0800 Subject: [PATCH 038/134] Update jq Installation debug 3/1 1435 --- Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 653ead5..ea33bef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,6 +24,9 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" +RUN ls -la ci-artifacts/import-artifacts + + # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html @@ -74,11 +77,12 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -RUN ls -la RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - + + + # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ # RUN mv ./jq /usr/bin/ && \ -- GitLab From b5ff14cc493eec1f3aac78d9dd54953cade5112e Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 14:54:21 -0800 Subject: [PATCH 039/134] Update jq Installation debug 3/1 1454 --- Dockerfile | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index ea33bef..22d6914 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,9 +24,6 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -RUN ls -la ci-artifacts/import-artifacts - - # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html @@ -78,11 +75,9 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ +RUN yum -y install mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - - # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ # RUN mv ./jq /usr/bin/ && \ -- GitLab From 316257be64bd62350cba7fbd80611fa95378ede5 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 15:17:43 -0800 Subject: [PATCH 040/134] Update jq Installation debug 3/1 1517 --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 22d6914..74a5c15 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,8 +75,9 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -RUN yum -y install mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ - rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && +# \ +# rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ -- GitLab From 479a0d1b6b09aaf4e396b6f977fbe104b9dabbed Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 1 Mar 2021 16:21:47 -0800 Subject: [PATCH 041/134] Update jq Installation debug 3/1 2021 --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 74a5c15..2156b30 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,10 +75,12 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && +RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # \ # rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm + + # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ # RUN mv ./jq /usr/bin/ && \ -- GitLab From 829084bc0e3ea7802bf8ef22b7300dc631c0fed5 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 08:18:20 -0800 Subject: [PATCH 042/134] Update jq Installation debug 3/2 0818 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2156b30..e53392b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,7 +75,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # \ # rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm @@ -83,8 +83,8 @@ RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ -# RUN mv ./jq /usr/bin/ && \ -# chmod a+x /usr/bin/jq +RUN mv ./jq /usr/bin/ && \ + chmod a+x /usr/bin/jq # # Instal helm # RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ -- GitLab From 87cea47361f8377728166b58733f5930e06b2786 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 09:25:02 -0800 Subject: [PATCH 043/134] Update jq Installation debug 3/2 0924 --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index e53392b..408e26e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,6 +24,8 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" +RUN ls -la + # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html -- GitLab From 07a616df09f335d3961637721ed89f96056193dc Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 09:40:26 -0800 Subject: [PATCH 044/134] Update jq Installation debug 3/2 0940 --- Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Dockerfile b/Dockerfile index 408e26e..4c8200a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,6 +25,13 @@ ENV PYTHON_VERSION=3.6 \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" RUN ls -la +RUN ls -la dev +RUN ls -la etc +RUN ls -la run +RUN ls -la tmp + + + # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -- GitLab From a87f346d49b7a3ae189a435d31f3f1deabf49b73 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 12:33:26 -0800 Subject: [PATCH 045/134] Update mongo Installation debug 3/2 1233 --- Dockerfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4c8200a..34d582f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -88,12 +88,18 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # \ # rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +ARG TARBALL1=mongodb-linux-x86_64-rhel80-4.4.4.tgz +COPY ["${TARBALL1}", "/opt/"] +RUN tar -zxf ./${TARBALL1} && rm -fv ./${TARBALL1} && \ + mv ./mongodb-enterprise-operator /usr/local/bin/ && \ + rm -rfv /opt/* /var/cache/yum + # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ -RUN mv ./jq /usr/bin/ && \ - chmod a+x /usr/bin/jq +# RUN mv ./jq /usr/bin/ && \ +# chmod a+x /usr/bin/jq # # Instal helm # RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ -- GitLab From 6bc26f27e3b02cee366f588fd3872a5b3ee1e6b3 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 12:41:08 -0800 Subject: [PATCH 046/134] Update mongo Installation debug 3/2 1241 --- Dockerfile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 34d582f..8045b8a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,11 +24,7 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -RUN ls -la -RUN ls -la dev -RUN ls -la etc -RUN ls -la run -RUN ls -la tmp +RUN ls -la /builds/dsop/diat/aap-cli/ -- GitLab From 08e2c68814047252bb7ec88c2e355728ab2e794f Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 12:44:36 -0800 Subject: [PATCH 047/134] Update mongo Installation debug 3/2 1241 --- Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8045b8a..1cfdca8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,9 +26,6 @@ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" RUN ls -la /builds/dsop/diat/aap-cli/ - - - # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html -- GitLab From b9a66a9516b15bff57708622f08d89d7a2aabce6 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 12:50:56 -0800 Subject: [PATCH 048/134] Update mongo Installation debug 3/2 1250 --- Dockerfile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1cfdca8..34d582f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,14 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -RUN ls -la /builds/dsop/diat/aap-cli/ +RUN ls -la +RUN ls -la dev +RUN ls -la etc +RUN ls -la run +RUN ls -la tmp + + + # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -- GitLab From 702b7ea3350dc78807a00d47dea92028eec12c7e Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 13:40:37 -0800 Subject: [PATCH 049/134] Update mongo Installation debug 3/2 1340 --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 34d582f..e87f7fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,8 +31,6 @@ RUN ls -la run RUN ls -la tmp - - # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html -- GitLab From 0b4e45b725c7134a9bc0b7d6345856e2392c3b51 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 13:50:34 -0800 Subject: [PATCH 050/134] Update mongo Installation debug 3/2 1350 --- hardening_manifest.yaml | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 8533553..152e96d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -38,18 +38,23 @@ labels: mil.dso.ironbank.product.name: "diat/aap-cli" # List of resources to make available to the offline build context -resources: - - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - validation: - type: "sha256" # supported: sha256, sha512 - value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase - - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" - filename: "jq" - validation: - type: "sha256" # supported: sha256, sha512 - value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase - +resources: [] + # - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + # filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase + # - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" + # filename: "jq" + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase + # - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" + # filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase + # List of project maintainers -- GitLab From 87afc21b02835b576d4708ecf1b936e3a1440748 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 13:54:48 -0800 Subject: [PATCH 051/134] Update mongo Installation debug 3/2 1354 --- hardening_manifest.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 152e96d..bfc28f9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -38,7 +38,7 @@ labels: mil.dso.ironbank.product.name: "diat/aap-cli" # List of resources to make available to the offline build context -resources: [] +resources: # - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" # filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" # validation: @@ -49,11 +49,11 @@ resources: [] # validation: # type: "sha256" # supported: sha256, sha512 # value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase - # - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" - # filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase + - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" + filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context + validation: + type: "sha256" # supported: sha256, sha512 + value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase -- GitLab From f8fe1ad1f41dc6fedb237e59520f5608abab51b6 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 14:00:35 -0800 Subject: [PATCH 052/134] Update mongo Installation debug 3/2 1400 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index bfc28f9..05df689 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -53,7 +53,7 @@ resources: filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context validation: type: "sha256" # supported: sha256, sha512 - value: "3d6b4cfca92067edd5c860c212ff5153d1e162b8791408bc671900309eb555ec" # must be lowercase + value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase -- GitLab From 80025ca03ead647b17364ecb366237e549bac5c6 Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 14:15:53 -0800 Subject: [PATCH 053/134] Update mongo Installation debug 3/2 1415 --- hardening_manifest.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 05df689..062d815 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,21 +39,21 @@ labels: # List of resources to make available to the offline build context resources: - # - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - # filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase + - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + validation: + type: "sha256" # supported: sha256, sha512 + value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase # - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" # filename: "jq" # validation: # type: "sha256" # supported: sha256, sha512 # value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase - - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" - filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context - validation: - type: "sha256" # supported: sha256, sha512 - value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase + # - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" + # filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase -- GitLab From cb9bbf7484343d2db772869eb619a2417ca0985a Mon Sep 17 00:00:00 2001 From: wlau Date: Tue, 2 Mar 2021 16:15:06 -0800 Subject: [PATCH 054/134] Update mongo Installation debug 3/2 1615 --- hardening_manifest.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 062d815..c19cb24 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -54,7 +54,6 @@ resources: # validation: # type: "sha256" # supported: sha256, sha512 # value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase - # List of project maintainers -- GitLab From 3f90b0632d90fbf0eab7fd9801e1f3c15035962e Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 08:37:29 -0800 Subject: [PATCH 055/134] Update mongo Installation debug 3/3 0837 --- hardening_manifest.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c19cb24..d6404de 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -49,11 +49,11 @@ resources: # validation: # type: "sha256" # supported: sha256, sha512 # value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase - # - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" - # filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase + - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" + filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context + validation: + type: "sha256" # supported: sha256, sha512 + value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase # List of project maintainers -- GitLab From 16f69c38f7b5863a4384c1aacbf1da8e023cb1ba Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 08:44:03 -0800 Subject: [PATCH 056/134] Update mongo Installation debug 3/3 0844 --- hardening_manifest.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index d6404de..e8ee29c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - validation: - type: "sha256" # supported: sha256, sha512 - value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase + # - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + # filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase # - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" # filename: "jq" # validation: -- GitLab From 25e6c71e1e502117c129ed44692d5b2585abe93d Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 08:52:50 -0800 Subject: [PATCH 057/134] Update mongo Installation debug 3/3 0852 --- Dockerfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index e87f7fd..80ec119 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,7 @@ RUN ls -la dev RUN ls -la etc RUN ls -la run RUN ls -la tmp +RUN ls -la /builds/dsop/diat/aap-cli/ # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script @@ -86,11 +87,11 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # \ # rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -ARG TARBALL1=mongodb-linux-x86_64-rhel80-4.4.4.tgz -COPY ["${TARBALL1}", "/opt/"] -RUN tar -zxf ./${TARBALL1} && rm -fv ./${TARBALL1} && \ - mv ./mongodb-enterprise-operator /usr/local/bin/ && \ - rm -rfv /opt/* /var/cache/yum +# ARG TARBALL1=mongodb-linux-x86_64-rhel80-4.4.4.tgz +# COPY ["${TARBALL1}", "/opt/"] +# RUN tar -zxf ./${TARBALL1} && rm -fv ./${TARBALL1} && \ +# mv ./mongodb-enterprise-operator /usr/local/bin/ && \ +# rm -rfv /opt/* /var/cache/yum -- GitLab From 64c7322e4e8abb49020336242643bbc3d6cb424e Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 12:15:28 -0800 Subject: [PATCH 058/134] Update mongo Installation debug 3/3 1215 --- Dockerfile | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 80ec119..89790a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,13 +24,9 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -RUN ls -la -RUN ls -la dev -RUN ls -la etc -RUN ls -la run -RUN ls -la tmp -RUN ls -la /builds/dsop/diat/aap-cli/ - +RUN ls -la /opt +RUN find . -name "mongodb-linux-x86_64-rhel80-4.4.4.tgz" +RUN find . -name "*.tgz" # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -- GitLab From 8d0289fe8affdec971c69a36d86fa2ac069155dd Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 12:38:57 -0800 Subject: [PATCH 059/134] Update mongo Installation debug 3/3 1238 --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 89790a8..b23b7df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,9 +24,7 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -RUN ls -la /opt -RUN find . -name "mongodb-linux-x86_64-rhel80-4.4.4.tgz" -RUN find . -name "*.tgz" +RUN ls -la /builds # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -- GitLab From c3bda542249bd954e43ecffc9c53cb6e95ef5e66 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 13:04:05 -0800 Subject: [PATCH 060/134] Update mongo Installation debug 3/3 1304 --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b23b7df..1c9353d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,8 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -RUN ls -la /builds +RUN ls -la dev +RUN ls -la proc # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -- GitLab From b6bd0052a2656b1dc73e95bdb9ffa6153754ccb5 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 13:13:39 -0800 Subject: [PATCH 061/134] Update mongo Installation debug 3/3 1304 --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 1c9353d..e4ae54c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,6 +24,7 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" +RUN pwd RUN ls -la dev RUN ls -la proc -- GitLab From f20900cf677b07808285f20fe8cf7d5bf00eb77e Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 13:37:59 -0800 Subject: [PATCH 062/134] Update mongo Installation debug 3/3 1337 --- Dockerfile | 6 +----- hardening_manifest.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index e4ae54c..7e4a81c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,10 +24,6 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -RUN pwd -RUN ls -la dev -RUN ls -la proc - # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html @@ -79,7 +75,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -# RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # \ # rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index e8ee29c..d6404de 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - # - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - # filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase + - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + validation: + type: "sha256" # supported: sha256, sha512 + value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase # - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" # filename: "jq" # validation: -- GitLab From 0d8f8acf0d48bb7cad2f8866f4ae9bd7193f3352 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 13:44:06 -0800 Subject: [PATCH 063/134] Update mongo Installation debug 3/3 1344 --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7e4a81c..11680e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,7 +75,8 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # # Install mongodb shell (client) # RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -RUN yum -y install ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /opt +RUN yum -y install /opt/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # \ # rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -- GitLab From a56f6fe39b3e9a6917aa01ca5ad57ab899d99874 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 13:56:17 -0800 Subject: [PATCH 064/134] Update mongo Installation debug 3/3 1356 --- Dockerfile | 12 ------------ config/key.asc | 30 ++++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 12 deletions(-) create mode 100644 config/key.asc diff --git a/Dockerfile b/Dockerfile index 11680e2..8945ed8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,20 +73,8 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # rm -f oc.tar # # Install mongodb shell (client) -# RUN curl -kv --output ./mongodb-org-shell-4.4.4-1.el8.x86_64.rpm https://nexus00.unity.services.nres.navy.mil/repository/raw/mongo/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ - COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /opt RUN yum -y install /opt/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# \ -# rm -f mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - -# ARG TARBALL1=mongodb-linux-x86_64-rhel80-4.4.4.tgz -# COPY ["${TARBALL1}", "/opt/"] -# RUN tar -zxf ./${TARBALL1} && rm -fv ./${TARBALL1} && \ -# mv ./mongodb-enterprise-operator /usr/local/bin/ && \ -# rm -rfv /opt/* /var/cache/yum - - # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ diff --git a/config/key.asc b/config/key.asc new file mode 100644 index 0000000..6911973 --- /dev/null +++ b/config/key.asc @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBFzteqwBEADSirbLWsjgkQmdWr06jXPN8049MCqXQIZ2ovy9uJPyLkHgOCta +8dmX+8Fkk5yNOLScjB1HUGJxAWJG+AhldW1xQGeo6loDfTW1mlfetq/zpW7CKbUp +qve9eYYulneAy/81M/UoUZSzHqj6XY39wzJCH20H+Qx3WwcqXgSU7fSFXyJ4EBYs +kWybbrAra5v29LUTBd7OvvS+Swovdh4T31YijUOUUL/gJkBI9UneVyV7/8DdUoVJ +a8ym2pZ6ALy+GZrWBHcCKD/rQjEkXJnDglu+FSUI50SzaC9YX31TTzEMJijiPi6I +MIZJMXLH7GpCIDcvyrLWIRYVJAQRoYJB4rmp42HTyed4eg4RnSiFrxVV5xQaDnSl +/8zSOdVMBVewp8ipv34VeRXgNTgRkhA2JmL+KlALMkPo7MbRkJF01DiOOsIdz3Iu +43oYg3QYmqxZI6kZNtXpUMnJeuRmMQJJN8yc9ZdOA9Ll2TTcIql8XEsjGcM7IWM9 +CP6zGwCcbrv72Ka+h/bGaLpwLbpkr5I8PjjSECn9fBcgnVX6HfKH7u3y11+Va1nh +a8ZEE1TuOqRxnVDQ+K4iwaZFgFYsBMKo2ghoU2ZbZxu14vs6Eksn6UFsm8DpPwfy +jtLtdje8jrbYAqAy5zIMLoW+I6Rb5sU3Olh9nI7NW4T5qQeemBcuRAwB4QARAQAB +tDdNb25nb0RCIDQuNCBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u +Z29kYi5jb20+iQI+BBMBAgAoBQJc7XqsAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsE +FgIDAQIeAQIXgAAKCRBlZAjjkM+x9SKmD/9BzdjFAgBPPkUnD5pJQgsBQKUEkDsu +cht6Q0Y4M635K7okpqJvXtZV5Mo+ajWZjUeHn4wPdVgzF2ItwVLRjjak3tIZfe3+ +ME5Y27Aej3LeqQC3Q5g6SnpeZwVEhWzU35CnyhQecP4AhDG3FO0gKUn3GkEgmsd6 +rnXAQLEw3VUYO8boxqBF3zjmFLIIaODYNmO1bLddJgvZlefUC62lWBBUs6Z7PBnl +q7qBQFhz9qV9zXZwCT2/vgGLg5JcwVdcJXwAsQSr1WCVd7Y79+JcA7BZiSg9FAQd +4t2dCkkctoUKgXsAH5fPwErGNj5L6iUnhFODPvdDJ7l35UcIZ2h74lqfEh+jh8eo +UgxkcI2y2FY/lPapcPPKe0FHzCxG2U/NRdM+sqrIfp9+s88Bj+Eub7OhW4dF3AlL +bh/BGHL9R8xAJRDLv8v7nsKkZWUnJaskeDFCKX3rjcTyTRWTG7EuMCmCn0Ou1hKc +R3ECvIq0pVfVh+qk0hu+A5Dvj6k3QDcTfse+KfSAJkYvRKiuRuq5KgYcX3YSzL6K +aZitMyu18XsQxKavpIGzaDhWyrVAig3XXF//zxowYVwuOikr5czgqizu87cqjpyn +S0vVG4Q3+LswH4xVTn3UWadY/9FkM167ecouu4g3op29VDi7hCKsMeFvFP6OOIls +G4vQ/QbzucK77Q== +=eD3N +-----END PGP PUBLIC KEY BLOCK----- -- GitLab From 6152cf410bf3efbea18ea1615078841d45219f12 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 13:57:34 -0800 Subject: [PATCH 065/134] Update key 3/3 1356 --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8945ed8..ebb6075 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,8 +73,9 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # rm -f oc.tar # # Install mongodb shell (client) -COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /opt -RUN yum -y install /opt/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +COPY key.asc /tmp/key.asc +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp +RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ -- GitLab From 00fea7eb8a1aac343a6e094a0811d7dc0bf2ef6a Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 14:04:54 -0800 Subject: [PATCH 066/134] Update key 3/3 1404 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ebb6075..7819860 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,7 +73,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # rm -f oc.tar # # Install mongodb shell (client) -COPY key.asc /tmp/key.asc +COPY config/key.asc /tmp/key.asc COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -- GitLab From 870336d6fe39f70aa488646137872a7fe0667fda Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 14:15:51 -0800 Subject: [PATCH 067/134] Use Mongo tgz 3/3 1415 --- Dockerfile | 11 ++++++++--- hardening_manifest.yaml | 10 +++++----- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7819860..925d83d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,6 +24,12 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" + +# testing.... +COPY config/key.asc /tmp/key.asc +COPY mongodb-linux-x86_64-rhel80-4.4.4.tgz /tmp/mongodb-linux-x86_64-rhel80-4.4.4.tgz + + # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html @@ -73,9 +79,8 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # rm -f oc.tar # # Install mongodb shell (client) -COPY config/key.asc /tmp/key.asc -COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp -RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN tar -zxvf /tmp/mongodb-linux-x86_64-rhel80-4.4.4.tgz # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index d6404de..e8ee29c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - validation: - type: "sha256" # supported: sha256, sha512 - value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase + # - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + # filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase # - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" # filename: "jq" # validation: -- GitLab From 180d5d6e42d8a45f4b67b08ebf7a292649fee21b Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 14:17:35 -0800 Subject: [PATCH 068/134] Try import key 4 Mongo 3/3 1415 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 925d83d..e8d712a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" # testing.... COPY config/key.asc /tmp/key.asc -COPY mongodb-linux-x86_64-rhel80-4.4.4.tgz /tmp/mongodb-linux-x86_64-rhel80-4.4.4.tgz +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script @@ -79,8 +79,8 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # rm -f oc.tar # # Install mongodb shell (client) -# RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -RUN tar -zxvf /tmp/mongodb-linux-x86_64-rhel80-4.4.4.tgz +RUN rpm --import /tmp/key.asc +RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # # Instal jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ -- GitLab From 366ee76ef8bc0b1333441e2da27081f55b246848 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 14:26:21 -0800 Subject: [PATCH 069/134] Mongo rpm 3/3 1426 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e8d712a..51b1ecb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" # testing.... COPY config/key.asc /tmp/key.asc -COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script -- GitLab From 37f06fddf701f8a9134f59430f4b7cb3b6ace939 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 14:40:41 -0800 Subject: [PATCH 070/134] Mongo rpm 3/3 1440 --- Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 51b1ecb..954243c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,10 +25,6 @@ ENV PYTHON_VERSION=3.6 \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -# testing.... -COPY config/key.asc /tmp/key.asc -COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. @@ -79,6 +75,8 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # rm -f oc.tar # # Install mongodb shell (client) +COPY config/key.asc /tmp/key.asc +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm RUN rpm --import /tmp/key.asc RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -- GitLab From 4c40452227f13c28caad7e1cfa3a9b27f184a94b Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 15:03:26 -0800 Subject: [PATCH 071/134] Mongo rpm 3/3 1503 --- hardening_manifest.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index e8ee29c..c19cb24 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,21 +39,21 @@ labels: # List of resources to make available to the offline build context resources: - # - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - # filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase + - url: "https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" + validation: + type: "sha256" # supported: sha256, sha512 + value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase # - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" # filename: "jq" # validation: # type: "sha256" # supported: sha256, sha512 # value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase - - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" - filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context - validation: - type: "sha256" # supported: sha256, sha512 - value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase + # - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" + # filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context + # validation: + # type: "sha256" # supported: sha256, sha512 + # value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase # List of project maintainers -- GitLab From a9941aba23b4be27df3fca2bbc66ea03cd0f73f2 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 15:16:18 -0800 Subject: [PATCH 072/134] Install JQ 3/3 1516 --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 954243c..cad0d29 100644 --- a/Dockerfile +++ b/Dockerfile @@ -80,10 +80,11 @@ COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8 RUN rpm --import /tmp/key.asc RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# # Instal jq (to parse openshift api query results) +# # Install jq (to parse openshift api query results) # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ # RUN mv ./jq /usr/bin/ && \ # chmod a+x /usr/bin/jq +RUN install jq # # Instal helm # RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ -- GitLab From a905abb1da329404517faa47e2df8e41a3fff8c3 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 15:22:43 -0800 Subject: [PATCH 073/134] Install jq & helm 3/3 1522 --- Dockerfile | 6 +++++- hardening_manifest.yaml | 10 +++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index cad0d29..9adbf14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -84,12 +84,16 @@ RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ # RUN mv ./jq /usr/bin/ && \ # chmod a+x /usr/bin/jq -RUN install jq +RUN yum -y install jq # # Instal helm # RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ # mv ./helm /usr/bin/ && \ # chmod a+x /usr/bin/helm +COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +RUN tar /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ + mv linux-amd64/helm /usr/local/bin/helm && \ + chmod a+x /usr/bin/helm # # - Create a Python virtual environment for use by any application to avoid # # potential conflicts with Python packages preinstalled in the main Python diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c19cb24..3f54cd7 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -49,11 +49,11 @@ resources: # validation: # type: "sha256" # supported: sha256, sha512 # value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase - # - url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel80-4.4.4.tgz" - # filename: "mongodb-linux-x86_64-rhel80-4.4.4.tgz" # [required field] desired staging name for the build context - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "c7fbba1fb93df867f6679251aa205a4fbb6dd33bcefb2409a559fe059f7630fb" # must be lowercase + - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" + filename: "helm-v3.5.2-linux-amd64.tar.gz" # [required field] desired staging name for the build context + validation: + type: "sha256" # supported: sha256, sha512 + value: "01b317c506f8b6ad60b11b1dc3f093276bb703281cb1ae01132752253ec706a2" # must be lowercase # List of project maintainers -- GitLab From 60db25bf17d20adcf0a20e566153670d66a7b250 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 15:32:07 -0800 Subject: [PATCH 074/134] Install jq & helm 3/3 1532 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9adbf14..97d8219 100644 --- a/Dockerfile +++ b/Dockerfile @@ -91,7 +91,7 @@ RUN yum -y install jq # mv ./helm /usr/bin/ && \ # chmod a+x /usr/bin/helm COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -RUN tar /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ +RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ mv linux-amd64/helm /usr/local/bin/helm && \ chmod a+x /usr/bin/helm -- GitLab From 393f44cc699ee223e6c1fc4dbfc743de7f235565 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 15:40:07 -0800 Subject: [PATCH 075/134] Install jq & helm 3/3 1540 --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 97d8219..3fecb27 100644 --- a/Dockerfile +++ b/Dockerfile @@ -91,9 +91,10 @@ RUN yum -y install jq # mv ./helm /usr/bin/ && \ # chmod a+x /usr/bin/helm COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ - mv linux-amd64/helm /usr/local/bin/helm && \ - chmod a+x /usr/bin/helm +RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz +# && \ +# mv linux-amd64/helm /usr/local/bin/helm && \ +# chmod a+x /usr/bin/helm # # - Create a Python virtual environment for use by any application to avoid # # potential conflicts with Python packages preinstalled in the main Python -- GitLab From a8d624b5f28601d8ad5a0dc97ce2f1a204ab8a68 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 15:49:30 -0800 Subject: [PATCH 076/134] Install helm 3/3 1549 --- Dockerfile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3fecb27..8cd1a15 100644 --- a/Dockerfile +++ b/Dockerfile @@ -91,10 +91,9 @@ RUN yum -y install jq # mv ./helm /usr/bin/ && \ # chmod a+x /usr/bin/helm COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz -# && \ -# mv linux-amd64/helm /usr/local/bin/helm && \ -# chmod a+x /usr/bin/helm +RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ + mv linux-amd64/helm /usr/bin/helm && \ + chmod a+x /usr/bin/helm # # - Create a Python virtual environment for use by any application to avoid # # potential conflicts with Python packages preinstalled in the main Python -- GitLab From 1a5ef9aa44278b267588144c4535e12fd4d4435c Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 16:01:49 -0800 Subject: [PATCH 077/134] Install OC 3/3 1601 --- Dockerfile | 10 +++++----- hardening_manifest.yaml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8cd1a15..d94d043 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,6 +73,9 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # tar xvf oc.tar && \ # mv ./oc /usr/bin/ && \ # rm -f oc.tar +RUN tar xvf openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz && \ + mv ./oc /usr/bin/ && \ + rm -f oc.tar # # Install mongodb shell (client) COPY config/key.asc /tmp/key.asc @@ -81,9 +84,6 @@ RUN rpm --import /tmp/key.asc RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # # Install jq (to parse openshift api query results) -# RUN curl -kv --output ./jq https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/jq-linux64 && \ -# RUN mv ./jq /usr/bin/ && \ -# chmod a+x /usr/bin/jq RUN yum -y install jq # # Instal helm @@ -112,7 +112,7 @@ RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ # fix-permissions ${HOME} -P && \ # rpm-file-permissions -# ENTRYPOINT ["/usr/bin/container-entrypoint"] -# USER 1001 +ENTRYPOINT ["/usr/bin/container-entrypoint"] +USER 1001 HEALTHCHECK CMD python --version diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 3f54cd7..3d2cfab 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -44,11 +44,11 @@ resources: validation: type: "sha256" # supported: sha256, sha512 value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase - # - url: "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" - # filename: "jq" - # validation: - # type: "sha256" # supported: sha256, sha512 - # value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase + - url: "https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz" + filename: "openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz" + validation: + type: "sha256" # supported: sha256, sha512 + value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" filename: "helm-v3.5.2-linux-amd64.tar.gz" # [required field] desired staging name for the build context validation: -- GitLab From cbbccaa61aa0e402de33246025eb7fead186adb9 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 16:04:35 -0800 Subject: [PATCH 078/134] oc sha update 3/3 1601 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 3d2cfab..9ac55d5 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -48,7 +48,7 @@ resources: filename: "openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz" validation: type: "sha256" # supported: sha256, sha512 - value: "af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44" # must be lowercase + value: "9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc" # must be lowercase - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" filename: "helm-v3.5.2-linux-amd64.tar.gz" # [required field] desired staging name for the build context validation: -- GitLab From d8cebb0d8f45419f2125dcfd92e6ef86902a1206 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 16:11:07 -0800 Subject: [PATCH 079/134] oc cli install 3/3 1611 --- Dockerfile | 2 ++ hardening_manifest.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d94d043..472a99f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -77,6 +77,8 @@ RUN tar xvf openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz && \ mv ./oc /usr/bin/ && \ rm -f oc.tar +RUN # subscription-manager register + # # Install mongodb shell (client) COPY config/key.asc /tmp/key.asc COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 9ac55d5..4240e13 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -50,7 +50,7 @@ resources: type: "sha256" # supported: sha256, sha512 value: "9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc" # must be lowercase - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" - filename: "helm-v3.5.2-linux-amd64.tar.gz" # [required field] desired staging name for the build context + filename: "helm-v3.5.2-linux-amd64.tar.gz" validation: type: "sha256" # supported: sha256, sha512 value: "01b317c506f8b6ad60b11b1dc3f093276bb703281cb1ae01132752253ec706a2" # must be lowercase -- GitLab From 62e6aa8f7cc30f90a59c1bfe6fe176893583a4b9 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 17:42:32 -0800 Subject: [PATCH 080/134] oc cli install 3/3 1742 --- Dockerfile | 4 ++-- hardening_manifest.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 472a99f..ca92109 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,11 +73,11 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # tar xvf oc.tar && \ # mv ./oc /usr/bin/ && \ # rm -f oc.tar -RUN tar xvf openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz && \ +RUN tar xvf oc.tar.gz && \ mv ./oc /usr/bin/ && \ rm -f oc.tar -RUN # subscription-manager register +RUN # subscription-manager registervc # # Install mongodb shell (client) COPY config/key.asc /tmp/key.asc diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 4240e13..8a0621f 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -44,8 +44,8 @@ resources: validation: type: "sha256" # supported: sha256, sha512 value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase - - url: "https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz" - filename: "openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz" + - url: "https://mirror.openshift.com/pub/openshift-v4/clients/oc/4.5/linux/oc.tar.gz" + filename: "oc.tar.gz" validation: type: "sha256" # supported: sha256, sha512 value: "9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc" # must be lowercase -- GitLab From 17f8f8244fc0f018168ad7b75af9308b3124ffed Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 20:06:03 -0800 Subject: [PATCH 081/134] update oc sha --- Dockerfile | 2 +- hardening_manifest.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca92109..04f735f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,7 +75,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # rm -f oc.tar RUN tar xvf oc.tar.gz && \ mv ./oc /usr/bin/ && \ - rm -f oc.tar + rm -f oc.tar.gz RUN # subscription-manager registervc diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 8a0621f..e7279bf 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -48,7 +48,7 @@ resources: filename: "oc.tar.gz" validation: type: "sha256" # supported: sha256, sha512 - value: "9bfcd70df56d902b2cd39dea06e73f4c5451ef9e2ad0e8d6d5b27a92af8503fc" # must be lowercase + value: "ebc478b617a57085837ceabb7dc3c714b985838d9b3282b9bac7f6f8472df571" # must be lowercase - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" filename: "helm-v3.5.2-linux-amd64.tar.gz" validation: -- GitLab From d5e19f8df9bca6f58277c6419b4cba22e2959070 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 3 Mar 2021 20:15:56 -0800 Subject: [PATCH 082/134] correct oc tar file location 3/3 2015 --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 04f735f..4ed91ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,9 +73,10 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # tar xvf oc.tar && \ # mv ./oc /usr/bin/ && \ # rm -f oc.tar -RUN tar xvf oc.tar.gz && \ +COPY oc.tar.gz /tmp/oc.tar.gz +RUN tar xvf /tmp/oc.tar.gz && \ mv ./oc /usr/bin/ && \ - rm -f oc.tar.gz + rm -f /tmp/oc.tar.gz RUN # subscription-manager registervc -- GitLab From 600a985522d88deb476cc7187256af3a7cd1b267 Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 4 Mar 2021 08:37:35 -0800 Subject: [PATCH 083/134] update dockerfile 3/4 0837 --- Dockerfile | 58 ++++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4ed91ab..9be1925 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,8 +24,6 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" - - # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html @@ -68,11 +66,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" -# # Install the OpenShift command line tool, oc -# RUN curl -kv --output ./oc.tar https://downloads-openshift-console.apps.unity.services.nres.navy.mil/amd64/linux/oc.tar && \ -# tar xvf oc.tar && \ -# mv ./oc /usr/bin/ && \ -# rm -f oc.tar +# Install the OpenShift command line tool, oc COPY oc.tar.gz /tmp/oc.tar.gz RUN tar xvf /tmp/oc.tar.gz && \ mv ./oc /usr/bin/ && \ @@ -80,40 +74,40 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# # Install mongodb shell (client) +# Install mongodb shell (client) COPY config/key.asc /tmp/key.asc COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -RUN rpm --import /tmp/key.asc -RUN yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN rpm --import /tmp/key.asc && \ + yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ + rm -f /tmp/key.asc && \ + rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# # Install jq (to parse openshift api query results) +# Install jq (to parse openshift api query results) RUN yum -y install jq # # Instal helm -# RUN curl -kv --output ./helm https://nexus00.unity.services.nres.navy.mil/repository/raw/tools/helm-linux-amd64 && \ -# mv ./helm /usr/bin/ && \ -# chmod a+x /usr/bin/helm COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ mv linux-amd64/helm /usr/bin/helm && \ - chmod a+x /usr/bin/helm - -# # - Create a Python virtual environment for use by any application to avoid -# # potential conflicts with Python packages preinstalled in the main Python -# # installation. -# # - In order to drop the root user, we have to make some directories world -# # writable as multi-tenant Kubernetes clusters' default security model -# # should run the container under a random UID. -# # - For any python applications use this default user -# #RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ - -# # Set up container user and adjust permissions to run in OpenShift environment -# WORKDIR ${HOME} -# RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ -# -c "Default Application User" default && \ -# fix-permissions ${APP_ROOT} -P && \ -# fix-permissions ${HOME} -P && \ -# rpm-file-permissions + chmod a+x /usr/bin/helm && \ + rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz + +# - Create a Python virtual environment for use by any application to avoid +# potential conflicts with Python packages preinstalled in the main Python +# installation. +# - In order to drop the root user, we have to make some directories world +# writable as multi-tenant Kubernetes clusters' default security model +# should run the container under a random UID. +# - For any python applications use this default user +#RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ + +# Set up container user and adjust permissions to run in OpenShift environment +WORKDIR ${HOME} +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions ENTRYPOINT ["/usr/bin/container-entrypoint"] USER 1001 -- GitLab From 118e63f9aacbacb06f2211c21fe84a2c24abdf54 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 08:38:51 -0800 Subject: [PATCH 084/134] update dockerfile 3/10 0838 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9be1925..f1044ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.3 - + FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # Set necessary environment variables for python and python development environment -- GitLab From 1ef53458ebf886c0ffc51229784c11c887e8865c Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 09:00:53 -0800 Subject: [PATCH 085/134] update dockerfile 3/10 0900 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f1044ab..9be1925 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.3 - + FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # Set necessary environment variables for python and python development environment -- GitLab From ccba35c0fc240d5c4f81b72696296531094b7917 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 09:07:10 -0800 Subject: [PATCH 086/134] added folders 3/10 0906 --- documentation/Documentation.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 documentation/Documentation.txt diff --git a/documentation/Documentation.txt b/documentation/Documentation.txt new file mode 100644 index 0000000..e69de29 -- GitLab From 771c092668e5ead3e3d761b3717145c3faa623e2 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 13:06:45 -0800 Subject: [PATCH 087/134] added folders 3/10 0906 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9be1925..2d29022 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - + # Set necessary environment variables for python and python development environment ARG APP_ROOT=/opt/app-root ENV PYTHON_VERSION=3.6 \ -- GitLab From 581053afeb439af6ae462542b7f801c3ae860b3c Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 13:34:08 -0800 Subject: [PATCH 088/134] DEBUG pipeline 3/10 1333 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2d29022..9be1925 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - + # Set necessary environment variables for python and python development environment ARG APP_ROOT=/opt/app-root ENV PYTHON_VERSION=3.6 \ -- GitLab From f388477d612de9aacf0fb5d08b1ac56bc8383388 Mon Sep 17 00:00:00 2001 From: "gavin.scallon" Date: Wed, 10 Mar 2021 21:44:03 +0000 Subject: [PATCH 089/134] Update Dockerfile --- Dockerfile | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9be1925..259e512 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,17 +38,6 @@ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" # # # make it an ideal language for scripting and rapid application development in many areas \ # # # on most platforms." -# # # LABEL summary="$SUMMARY" \ -# # # description="$DESCRIPTION" \ -# # # io.k8s.description="$DESCRIPTION" \ -# # # io.k8s.display-name="Python 3.6" \ -# # # io.openshift.tags="builder,python,python36,python-36,rh-python36" \ -# # # com.redhat.component="ubi8-container" \ -# # # name="ubi8/python-36" \ -# # # version="1" \ -# # # com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ -# # # maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" - # Copy extra files to the image. COPY ./root / RUN chmod a+x /usr/bin/container-entrypoint && \ -- GitLab From 71f6eed3aae3963d01504399afbb8bc66f68bcb8 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 13:44:39 -0800 Subject: [PATCH 090/134] Removed label comment 3/10 1344 --- Dockerfile | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9be1925..259e512 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,17 +38,6 @@ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" # # # make it an ideal language for scripting and rapid application development in many areas \ # # # on most platforms." -# # # LABEL summary="$SUMMARY" \ -# # # description="$DESCRIPTION" \ -# # # io.k8s.description="$DESCRIPTION" \ -# # # io.k8s.display-name="Python 3.6" \ -# # # io.openshift.tags="builder,python,python36,python-36,rh-python36" \ -# # # com.redhat.component="ubi8-container" \ -# # # name="ubi8/python-36" \ -# # # version="1" \ -# # # com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \ -# # # maintainer="NAVAIR Advanced Analytics Platform (AAP) Product Team" - # Copy extra files to the image. COPY ./root / RUN chmod a+x /usr/bin/container-entrypoint && \ -- GitLab From 0d9b23356faa9e3b76243e7bf02d4a1f6109c393 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 13:50:13 -0800 Subject: [PATCH 091/134] Update Mongo 3/10 1350 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index e7279bf..175ebf6 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -43,7 +43,7 @@ resources: filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" validation: type: "sha256" # supported: sha256, sha512 - value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase + value: "ebc478b617a57085837ceabb7dc3c714b985838d9b3282b9bac7f6f8472df571" # must be lowercase - url: "https://mirror.openshift.com/pub/openshift-v4/clients/oc/4.5/linux/oc.tar.gz" filename: "oc.tar.gz" validation: -- GitLab From b490cb19282b3d5787add7000dd0de009a592cba Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 13:53:37 -0800 Subject: [PATCH 092/134] Update Mongo 3/10 1353 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 175ebf6..e7279bf 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -43,7 +43,7 @@ resources: filename: "mongodb-org-shell-4.4.4-1.el8.x86_64.rpm" validation: type: "sha256" # supported: sha256, sha512 - value: "ebc478b617a57085837ceabb7dc3c714b985838d9b3282b9bac7f6f8472df571" # must be lowercase + value: "4954fe92d5642056752561b7f4c5278a4f47619cf7b488d1676c016c714744b3" # must be lowercase - url: "https://mirror.openshift.com/pub/openshift-v4/clients/oc/4.5/linux/oc.tar.gz" filename: "oc.tar.gz" validation: -- GitLab From 185d43cf85262cbd107e6e61070158dcc8f00334 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 13:57:04 -0800 Subject: [PATCH 093/134] Update Mongo 3/10 1357 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index e7279bf..c0883f6 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -48,7 +48,7 @@ resources: filename: "oc.tar.gz" validation: type: "sha256" # supported: sha256, sha512 - value: "ebc478b617a57085837ceabb7dc3c714b985838d9b3282b9bac7f6f8472df571" # must be lowercase + value: "6a81c950091860ca5eec52a67215cf9d7e953a094d15bafc8a36e9487bb8d644" # must be lowercase - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" filename: "helm-v3.5.2-linux-amd64.tar.gz" validation: -- GitLab From 9bac279484ad4261372911981e0da6c40d83f8c7 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 10 Mar 2021 17:10:42 -0800 Subject: [PATCH 094/134] remove mongo 0310 1710 --- Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 259e512..493ae3b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,13 +63,13 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# Install mongodb shell (client) -COPY config/key.asc /tmp/key.asc -COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -RUN rpm --import /tmp/key.asc && \ - yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ - rm -f /tmp/key.asc && \ - rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# # Install mongodb shell (client) +# COPY config/key.asc /tmp/key.asc +# COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# RUN rpm --import /tmp/key.asc && \ +# yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ +# rm -f /tmp/key.asc && \ +# rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # Install jq (to parse openshift api query results) RUN yum -y install jq -- GitLab From 53fb41ea030ff1a6a845e3bee54c2c00a5024678 Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 10:12:54 -0800 Subject: [PATCH 095/134] Base image only 311 1012 --- Dockerfile | 178 ++++++++++++++++++++++++++--------------------------- 1 file changed, 89 insertions(+), 89 deletions(-) diff --git a/Dockerfile b/Dockerfile index 493ae3b..e32961b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,64 +4,64 @@ ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -# Set necessary environment variables for python and python development environment -ARG APP_ROOT=/opt/app-root -ENV PYTHON_VERSION=3.6 \ - APP_ROOT=$APP_ROOT \ - USER_NAME=hero \ - HOME=${APP_ROOT} \ - PATH=$HOME/.local/bin/:/opt/app-root/src/bin:/opt/app-root/bin:$PATH \ - EDITOR=/usr/bin/vim \ - PS1="AAP \W\$ " \ - PYTHONUNBUFFERED=1 \ - PYTHONIOENCODING=UTF-8 \ - PIP_NO_CACHE_DIR=off \ - LANG="en_US.UTF-8" - -# - Enable the virtual python environment and default interactive and non-interactive -# shell environment upon container startup -#ENV BASH_ENV=/usr/bin/py-enable \ -# ENV=/usr/bin/py-enable \ -ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" - -# ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script -# ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -# https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html -# https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html - -# # # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ -# # # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ -# # # building and running various Python $PYTHON_VERSION applications and frameworks. \ -# # # Python is an easy to learn, powerful programming language. It has efficient high-level \ -# # # data structures and a simple but effective approach to object-oriented programming. \ -# # # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ -# # # make it an ideal language for scripting and rapid application development in many areas \ -# # # on most platforms." - -# Copy extra files to the image. -COPY ./root / -RUN chmod a+x /usr/bin/container-entrypoint && \ - chmod a+x /usr/bin/fix-permissions && \ - chmod a+x /usr/bin/rpm-file-permissions && \ - chmod a+x /usr/bin/generate-container-user && \ - chmod a+x /usr/bin/py-enable && \ - chmod a+x /usr/bin/aap - -# Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ - yum -y update-minimal --setopt=tsflags=nodocs --security && \ - yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ - yum -y remove vim-minimal && \ - rpm -V $INSTALL_PKGS && \ - yum -y clean all --enablerepo="*" - -# Install the OpenShift command line tool, oc -COPY oc.tar.gz /tmp/oc.tar.gz -RUN tar xvf /tmp/oc.tar.gz && \ - mv ./oc /usr/bin/ && \ - rm -f /tmp/oc.tar.gz - -RUN # subscription-manager registervc +# # Set necessary environment variables for python and python development environment +# ARG APP_ROOT=/opt/app-root +# ENV PYTHON_VERSION=3.6 \ +# APP_ROOT=$APP_ROOT \ +# USER_NAME=hero \ +# HOME=${APP_ROOT} \ +# PATH=$HOME/.local/bin/:/opt/app-root/src/bin:/opt/app-root/bin:$PATH \ +# EDITOR=/usr/bin/vim \ +# PS1="AAP \W\$ " \ +# PYTHONUNBUFFERED=1 \ +# PYTHONIOENCODING=UTF-8 \ +# PIP_NO_CACHE_DIR=off \ +# LANG="en_US.UTF-8" + +# # - Enable the virtual python environment and default interactive and non-interactive +# # shell environment upon container startup +# #ENV BASH_ENV=/usr/bin/py-enable \ +# # ENV=/usr/bin/py-enable \ +# ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" + +# # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script +# # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. +# # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html +# # https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html + +# # # # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ +# # # # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +# # # # building and running various Python $PYTHON_VERSION applications and frameworks. \ +# # # # Python is an easy to learn, powerful programming language. It has efficient high-level \ +# # # # data structures and a simple but effective approach to object-oriented programming. \ +# # # # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +# # # # make it an ideal language for scripting and rapid application development in many areas \ +# # # # on most platforms." + +# # Copy extra files to the image. +# COPY ./root / +# RUN chmod a+x /usr/bin/container-entrypoint && \ +# chmod a+x /usr/bin/fix-permissions && \ +# chmod a+x /usr/bin/rpm-file-permissions && \ +# chmod a+x /usr/bin/generate-container-user && \ +# chmod a+x /usr/bin/py-enable && \ +# chmod a+x /usr/bin/aap + +# # Install packages +# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ +# yum -y update-minimal --setopt=tsflags=nodocs --security && \ +# yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ +# yum -y remove vim-minimal && \ +# rpm -V $INSTALL_PKGS && \ +# yum -y clean all --enablerepo="*" + +# # Install the OpenShift command line tool, oc +# COPY oc.tar.gz /tmp/oc.tar.gz +# RUN tar xvf /tmp/oc.tar.gz && \ +# mv ./oc /usr/bin/ && \ +# rm -f /tmp/oc.tar.gz + +# RUN # subscription-manager registervc # # Install mongodb shell (client) # COPY config/key.asc /tmp/key.asc @@ -71,34 +71,34 @@ RUN # subscription-manager registervc # rm -f /tmp/key.asc && \ # rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# Install jq (to parse openshift api query results) -RUN yum -y install jq - -# # Instal helm -COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ - mv linux-amd64/helm /usr/bin/helm && \ - chmod a+x /usr/bin/helm && \ - rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz - -# - Create a Python virtual environment for use by any application to avoid -# potential conflicts with Python packages preinstalled in the main Python -# installation. -# - In order to drop the root user, we have to make some directories world -# writable as multi-tenant Kubernetes clusters' default security model -# should run the container under a random UID. -# - For any python applications use this default user -#RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ - -# Set up container user and adjust permissions to run in OpenShift environment -WORKDIR ${HOME} -RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P && \ - fix-permissions ${HOME} -P && \ - rpm-file-permissions - -ENTRYPOINT ["/usr/bin/container-entrypoint"] -USER 1001 - -HEALTHCHECK CMD python --version +# # Install jq (to parse openshift api query results) +# RUN yum -y install jq + +# # # Instal helm +# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ +# mv linux-amd64/helm /usr/bin/helm && \ +# chmod a+x /usr/bin/helm && \ +# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz + +# # - Create a Python virtual environment for use by any application to avoid +# # potential conflicts with Python packages preinstalled in the main Python +# # installation. +# # - In order to drop the root user, we have to make some directories world +# # writable as multi-tenant Kubernetes clusters' default security model +# # should run the container under a random UID. +# # - For any python applications use this default user +# #RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ + +# # Set up container user and adjust permissions to run in OpenShift environment +# WORKDIR ${HOME} +# RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ +# -c "Default Application User" default && \ +# fix-permissions ${APP_ROOT} -P && \ +# fix-permissions ${HOME} -P && \ +# rpm-file-permissions + +# ENTRYPOINT ["/usr/bin/container-entrypoint"] +# USER 1001 + +# HEALTHCHECK CMD python --version -- GitLab From 168d163ad775c7aa24b760a69b5f8b08d3cdc8b8 Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 10:16:15 -0800 Subject: [PATCH 096/134] Update oc sha again 311 1016 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c0883f6..62903eb 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -48,7 +48,7 @@ resources: filename: "oc.tar.gz" validation: type: "sha256" # supported: sha256, sha512 - value: "6a81c950091860ca5eec52a67215cf9d7e953a094d15bafc8a36e9487bb8d644" # must be lowercase + value: "855d702aff48843379d24fda72363f4ca3880371f9b5cf3418bc672eaf37c8c1" # must be lowercase - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" filename: "helm-v3.5.2-linux-amd64.tar.gz" validation: -- GitLab From 0594d6bf28e4268b59c4deaa482bf63147babd61 Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 13:49:40 -0800 Subject: [PATCH 097/134] Hardening... 311 1349 --- Dockerfile | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index e32961b..a81f733 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,19 +4,19 @@ ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -# # Set necessary environment variables for python and python development environment -# ARG APP_ROOT=/opt/app-root -# ENV PYTHON_VERSION=3.6 \ -# APP_ROOT=$APP_ROOT \ -# USER_NAME=hero \ -# HOME=${APP_ROOT} \ -# PATH=$HOME/.local/bin/:/opt/app-root/src/bin:/opt/app-root/bin:$PATH \ -# EDITOR=/usr/bin/vim \ -# PS1="AAP \W\$ " \ -# PYTHONUNBUFFERED=1 \ -# PYTHONIOENCODING=UTF-8 \ -# PIP_NO_CACHE_DIR=off \ -# LANG="en_US.UTF-8" +# Set necessary environment variables for python and python development environment +ARG APP_ROOT=/opt/app-root +ENV PYTHON_VERSION=3.6 \ + APP_ROOT=$APP_ROOT \ + USER_NAME=hero \ + HOME=${APP_ROOT} \ + PATH=$HOME/.local/bin/:/opt/app-root/src/bin:/opt/app-root/bin:$PATH \ + EDITOR=/usr/bin/vim \ + PS1="AAP \W\$ " \ + PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + PIP_NO_CACHE_DIR=off \ + LANG="en_US.UTF-8" # # - Enable the virtual python environment and default interactive and non-interactive # # shell environment upon container startup -- GitLab From e345de2899c72e0d610febe20af01bac73905613 Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 14:01:28 -0800 Subject: [PATCH 098/134] Hardening... 311 1401 --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index a81f733..c8af2d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,11 +18,11 @@ ENV PYTHON_VERSION=3.6 \ PIP_NO_CACHE_DIR=off \ LANG="en_US.UTF-8" -# # - Enable the virtual python environment and default interactive and non-interactive -# # shell environment upon container startup -# #ENV BASH_ENV=/usr/bin/py-enable \ -# # ENV=/usr/bin/py-enable \ -# ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" +# - Enable the virtual python environment and default interactive and non-interactive +# shell environment upon container startup +#ENV BASH_ENV=/usr/bin/py-enable \ +# ENV=/usr/bin/py-enable \ +ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" # # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script # # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -- GitLab From e1835f1b0d2981bb51c877274d326d2c0e3bb95b Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 15:03:41 -0800 Subject: [PATCH 099/134] Hardening... 311 1503 --- Dockerfile | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8af2d7..bea6763 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,28 +24,28 @@ ENV PYTHON_VERSION=3.6 \ # ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -# # ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script -# # ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -# # https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html -# # https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html - -# # # # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ -# # # # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ -# # # # building and running various Python $PYTHON_VERSION applications and frameworks. \ -# # # # Python is an easy to learn, powerful programming language. It has efficient high-level \ -# # # # data structures and a simple but effective approach to object-oriented programming. \ -# # # # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ -# # # # make it an ideal language for scripting and rapid application development in many areas \ -# # # # on most platforms." - -# # Copy extra files to the image. -# COPY ./root / -# RUN chmod a+x /usr/bin/container-entrypoint && \ -# chmod a+x /usr/bin/fix-permissions && \ -# chmod a+x /usr/bin/rpm-file-permissions && \ -# chmod a+x /usr/bin/generate-container-user && \ -# chmod a+x /usr/bin/py-enable && \ -# chmod a+x /usr/bin/aap +# ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script +# ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. +# https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html +# https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html + +# # # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ +# # # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +# # # building and running various Python $PYTHON_VERSION applications and frameworks. \ +# # # Python is an easy to learn, powerful programming language. It has efficient high-level \ +# # # data structures and a simple but effective approach to object-oriented programming. \ +# # # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +# # # make it an ideal language for scripting and rapid application development in many areas \ +# # # on most platforms." + +# Copy extra files to the image. +COPY ./root / +RUN chmod a+x /usr/bin/container-entrypoint && \ + chmod a+x /usr/bin/fix-permissions && \ + chmod a+x /usr/bin/rpm-file-permissions && \ + chmod a+x /usr/bin/generate-container-user && \ + chmod a+x /usr/bin/py-enable && \ + chmod a+x /usr/bin/aap # # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -- GitLab From 01f1619f027fec99b8dbe70ed48f9f13b8eb64d2 Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 15:15:13 -0800 Subject: [PATCH 100/134] Hardening... 311 1515 --- Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index bea6763..46114b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,13 +47,13 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/py-enable && \ chmod a+x /usr/bin/aap -# # Install packages -# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -# yum -y update-minimal --setopt=tsflags=nodocs --security && \ -# yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ -# yum -y remove vim-minimal && \ -# rpm -V $INSTALL_PKGS && \ -# yum -y clean all --enablerepo="*" +# Install packages +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ + yum -y update-minimal --setopt=tsflags=nodocs --security && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + yum -y remove vim-minimal && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo="*" # # Install the OpenShift command line tool, oc # COPY oc.tar.gz /tmp/oc.tar.gz -- GitLab From b2268ae8aeac24fba3c1c012544b50ba0175c72a Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 15:30:47 -0800 Subject: [PATCH 101/134] Hardening... 311 1530 --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 46114b4..bbbfbda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,7 +48,8 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/aap # Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ +# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ +RUN INSTALL_PKGS="vim-enhanced" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From 12a8e2484876ee5240f37548ad4b073807b9cf1b Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 15:46:05 -0800 Subject: [PATCH 102/134] Hardening... 311 1546 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bbbfbda..4ffc3f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced" && \ +RUN INSTALL_PKGS="vim-enhanced rsync" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From 4fd31bbbfb06dcae1f79567879523a42158d5a2a Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 11 Mar 2021 16:01:12 -0800 Subject: [PATCH 103/134] Hardening... 311 1601 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4ffc3f6..215832f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced rsync" && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From df6883656c04ec51c996af09e41e2f584518dfb2 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 08:16:31 -0800 Subject: [PATCH 104/134] hardening 3/12 0816 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 215832f..c0f973b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced rsync iputils" && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From 0efc28e5457457fe52fbd85c3fba7fd6c0068ed6 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 08:37:14 -0800 Subject: [PATCH 105/134] hardening 3/12 0837 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c0f973b..6b175e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils" && \ +RUN INSTALL_PKGS="vim-enhanced " && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From b14a8da0f7e91d85d905e29bf3f52d246f45dbf4 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 08:56:04 -0800 Subject: [PATCH 106/134] added vim iputils 3/12 0856 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6b175e4..c6be86a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced " && \ +RUN INSTALL_PKGS="vim-enhanced iputils" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From 6b46c497e04ba4088a6c2cb7f1cb68a0cef6f6ce Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 09:18:41 -0800 Subject: [PATCH 107/134] added bind 3/12 0918 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c6be86a..969f9e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced iputils" && \ +RUN INSTALL_PKGS="vim-enhanced iputils bind-utils" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From c4827902c1fb18807c5893d8f0c6eb2c6f92dc59 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 09:38:58 -0800 Subject: [PATCH 108/134] added git remove bind 3/12 0938 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 969f9e1..5f256b6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced iputils bind-utils" && \ +RUN INSTALL_PKGS="vim-enhanced iputils git" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From b26a1bcd291b7a0d82bd9fa02664627a31925911 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 09:54:45 -0800 Subject: [PATCH 109/134] added python36 remove git 3/12 0954 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5f256b6..64d262e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced iputils git" && \ +RUN INSTALL_PKGS="vim-enhanced iputils python36" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From 0b5da44ee7662a543e1a2afd3fb2388864f912de Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 10:07:42 -0800 Subject: [PATCH 110/134] added oc remove python 3/12 1007 --- Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 64d262e..1643d80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,18 +49,18 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages # RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced iputils python36" && \ +RUN INSTALL_PKGS="vim-enhanced iputils" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" -# # Install the OpenShift command line tool, oc -# COPY oc.tar.gz /tmp/oc.tar.gz -# RUN tar xvf /tmp/oc.tar.gz && \ -# mv ./oc /usr/bin/ && \ -# rm -f /tmp/oc.tar.gz +# Install the OpenShift command line tool, oc +COPY oc.tar.gz /tmp/oc.tar.gz +RUN tar xvf /tmp/oc.tar.gz && \ + mv ./oc /usr/bin/ && \only + rm -f /tmp/oc.tar.gz # RUN # subscription-manager registervc -- GitLab From f8247e11a1ee088c950b24a48bb7741db5ad8f80 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 11:01:19 -0800 Subject: [PATCH 111/134] added oc remove python 3/12 1101 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1643d80..82616d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -59,7 +59,7 @@ RUN INSTALL_PKGS="vim-enhanced iputils" && \ # Install the OpenShift command line tool, oc COPY oc.tar.gz /tmp/oc.tar.gz RUN tar xvf /tmp/oc.tar.gz && \ - mv ./oc /usr/bin/ && \only + mv ./oc /usr/bin/ && \ rm -f /tmp/oc.tar.gz # RUN # subscription-manager registervc -- GitLab From f008f70f7a68312d2bfa81ea87c1b94fbdc3551a Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 11:46:24 -0800 Subject: [PATCH 112/134] added mongo 3/12 1146 --- Dockerfile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 82616d1..b5dc57a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,15 +62,15 @@ RUN tar xvf /tmp/oc.tar.gz && \ mv ./oc /usr/bin/ && \ rm -f /tmp/oc.tar.gz -# RUN # subscription-manager registervc - -# # Install mongodb shell (client) -# COPY config/key.asc /tmp/key.asc -# COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# RUN rpm --import /tmp/key.asc && \ -# yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -# rm -f /tmp/key.asc && \ -# rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN # subscription-manager registervc + +# Install mongodb shell (client) +COPY config/key.asc /tmp/key.asc +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN rpm --import /tmp/key.asc && \ + yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ + rm -f /tmp/key.asc && \ + rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm # # Install jq (to parse openshift api query results) # RUN yum -y install jq -- GitLab From f5ecd6b2aa6b9d9e5da480a242ec6501bf45eb30 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 11:59:59 -0800 Subject: [PATCH 113/134] added jq removed mongo 3/12 1159 --- Dockerfile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index b5dc57a..7bdf089 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,16 +64,16 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# Install mongodb shell (client) -COPY config/key.asc /tmp/key.asc -COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -RUN rpm --import /tmp/key.asc && \ - yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ - rm -f /tmp/key.asc && \ - rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - -# # Install jq (to parse openshift api query results) -# RUN yum -y install jq +# # Install mongodb shell (client) +# COPY config/key.asc /tmp/key.asc +# COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# RUN rpm --import /tmp/key.asc && \ +# yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ +# rm -f /tmp/key.asc && \ +# rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm + +# Install jq (to parse openshift api query results) +RUN yum -y install jq # # # Instal helm # COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -- GitLab From 963e2bbcf469b2d32d93caae34b716fa60cd2272 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 12:37:29 -0800 Subject: [PATCH 114/134] added helm removed jq 3/12 1237 --- Dockerfile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7bdf089..f760cc4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -72,15 +72,15 @@ RUN # subscription-manager registervc # rm -f /tmp/key.asc && \ # rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# Install jq (to parse openshift api query results) -RUN yum -y install jq - -# # # Instal helm -# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ -# mv linux-amd64/helm /usr/bin/helm && \ -# chmod a+x /usr/bin/helm && \ -# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz +# # Install jq (to parse openshift api query results) +# RUN yum -y install jq + +# # Instal helm +COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ + mv linux-amd64/helm /usr/bin/helm && \ + chmod a+x /usr/bin/helm && \ + rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz # # - Create a Python virtual environment for use by any application to avoid # # potential conflicts with Python packages preinstalled in the main Python -- GitLab From 92c83343960eba14a865b947ded1687272195a3c Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 12:55:02 -0800 Subject: [PATCH 115/134] added clean up removed helm 3/12 1254 --- Dockerfile | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/Dockerfile b/Dockerfile index f760cc4..a3e4dcf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,29 +75,29 @@ RUN # subscription-manager registervc # # Install jq (to parse openshift api query results) # RUN yum -y install jq -# # Instal helm -COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ - mv linux-amd64/helm /usr/bin/helm && \ - chmod a+x /usr/bin/helm && \ - rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz - -# # - Create a Python virtual environment for use by any application to avoid -# # potential conflicts with Python packages preinstalled in the main Python -# # installation. -# # - In order to drop the root user, we have to make some directories world -# # writable as multi-tenant Kubernetes clusters' default security model -# # should run the container under a random UID. -# # - For any python applications use this default user -# #RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ - -# # Set up container user and adjust permissions to run in OpenShift environment -# WORKDIR ${HOME} -# RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ -# -c "Default Application User" default && \ -# fix-permissions ${APP_ROOT} -P && \ -# fix-permissions ${HOME} -P && \ -# rpm-file-permissions +# # # Instal helm +# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ +# mv linux-amd64/helm /usr/bin/helm && \ +# chmod a+x /usr/bin/helm && \ +# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz + +# - Create a Python virtual environment for use by any application to avoid +# potential conflicts with Python packages preinstalled in the main Python +# installation. +# - In order to drop the root user, we have to make some directories world +# writable as multi-tenant Kubernetes clusters' default security model +# should run the container under a random UID. +# - For any python applications use this default user +#RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ + +# Set up container user and adjust permissions to run in OpenShift environment +WORKDIR ${HOME} +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions # ENTRYPOINT ["/usr/bin/container-entrypoint"] # USER 1001 -- GitLab From a998f23bd01abd072f503e36faa081f67ed24ede Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 13:24:17 -0800 Subject: [PATCH 116/134] remove clean up 3/12 1324 --- Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index a3e4dcf..29994bc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -92,12 +92,12 @@ RUN # subscription-manager registervc #RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ # Set up container user and adjust permissions to run in OpenShift environment -WORKDIR ${HOME} -RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P && \ - fix-permissions ${HOME} -P && \ - rpm-file-permissions +# WORKDIR ${HOME} +# RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ +# -c "Default Application User" default && \ +# fix-permissions ${APP_ROOT} -P && \ +# fix-permissions ${HOME} -P && \ +# rpm-file-permissions # ENTRYPOINT ["/usr/bin/container-entrypoint"] # USER 1001 -- GitLab From 9954bc83dcce20d25a08fd05981f7495258a62b7 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 13:39:59 -0800 Subject: [PATCH 117/134] added workdir 3/12 1339 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 29994bc..b7069da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -92,7 +92,7 @@ RUN # subscription-manager registervc #RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ # Set up container user and adjust permissions to run in OpenShift environment -# WORKDIR ${HOME} +WORKDIR ${HOME} # RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ # -c "Default Application User" default && \ # fix-permissions ${APP_ROOT} -P && \ -- GitLab From d428c690f2237d44f2966804a653831fad695496 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 13:53:17 -0800 Subject: [PATCH 118/134] added workdir 3/12 1353 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index b7069da..db3d00a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -99,7 +99,7 @@ WORKDIR ${HOME} # fix-permissions ${HOME} -P && \ # rpm-file-permissions -# ENTRYPOINT ["/usr/bin/container-entrypoint"] -# USER 1001 +ENTRYPOINT ["/usr/bin/container-entrypoint"] +USER 1001 -# HEALTHCHECK CMD python --version +HEALTHCHECK CMD python --version -- GitLab From 3dc49828f4a9b7104ab53d2e48586d0acb7f3187 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 14:06:12 -0800 Subject: [PATCH 119/134] cleanup 3/12 1406 --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index db3d00a..81ee5ef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -93,8 +93,9 @@ RUN # subscription-manager registervc # Set up container user and adjust permissions to run in OpenShift environment WORKDIR ${HOME} -# RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ -# -c "Default Application User" default && \ +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default + #&& \ # fix-permissions ${APP_ROOT} -P && \ # fix-permissions ${HOME} -P && \ # rpm-file-permissions -- GitLab From 5a4336cf55a6e75863c8d4980c988aef6e61086c Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 12 Mar 2021 15:05:33 -0800 Subject: [PATCH 120/134] FIX PERMISSIONS APP-ROOT 3/12 1506 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 81ee5ef..09ed92e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -94,9 +94,9 @@ RUN # subscription-manager registervc # Set up container user and adjust permissions to run in OpenShift environment WORKDIR ${HOME} RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default - #&& \ -# fix-permissions ${APP_ROOT} -P && \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P +# && \ # fix-permissions ${HOME} -P && \ # rpm-file-permissions -- GitLab From 705c100eb2ae2f940b370d3d19dc771805be52a2 Mon Sep 17 00:00:00 2001 From: wlau Date: Wed, 17 Mar 2021 09:37:17 -0700 Subject: [PATCH 121/134] update docker file 3/17 --- Dockerfile | 50 ++++++++++++++++++++------------------------------ test.py | 0 2 files changed, 20 insertions(+), 30 deletions(-) create mode 100644 test.py diff --git a/Dockerfile b/Dockerfile index 09ed92e..fc73ffe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,41 +64,31 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# # Install mongodb shell (client) -# COPY config/key.asc /tmp/key.asc -# COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# RUN rpm --import /tmp/key.asc && \ -# yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -# rm -f /tmp/key.asc && \ -# rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - -# # Install jq (to parse openshift api query results) -# RUN yum -y install jq - -# # # Instal helm -# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ -# mv linux-amd64/helm /usr/bin/helm && \ -# chmod a+x /usr/bin/helm && \ -# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz - -# - Create a Python virtual environment for use by any application to avoid -# potential conflicts with Python packages preinstalled in the main Python -# installation. -# - In order to drop the root user, we have to make some directories world -# writable as multi-tenant Kubernetes clusters' default security model -# should run the container under a random UID. -# - For any python applications use this default user -#RUN virtualenv-$PYTHON_VERSION ${APP_ROOT} && \ +# Install mongodb shell (client) +COPY config/key.asc /tmp/key.asc +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN rpm --import /tmp/key.asc && \ + yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ + rm -f /tmp/key.asc && \ + rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm + +# Install jq (to parse openshift api query results) +RUN yum -y install jq + +# # Instal helm +COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ + mv linux-amd64/helm /usr/bin/helm && \ + chmod a+x /usr/bin/helm && \ + rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz # Set up container user and adjust permissions to run in OpenShift environment WORKDIR ${HOME} RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P -# && \ -# fix-permissions ${HOME} -P && \ -# rpm-file-permissions + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions ENTRYPOINT ["/usr/bin/container-entrypoint"] USER 1001 diff --git a/test.py b/test.py new file mode 100644 index 0000000..e69de29 -- GitLab From 5a43ebe092e81f2ba702adbe16e6b3771b4fc749 Mon Sep 17 00:00:00 2001 From: wlau Date: Thu, 18 Mar 2021 16:28:37 -0700 Subject: [PATCH 122/134] full aapcli --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index fc73ffe..7df489d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,8 +48,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/aap # Install packages -# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced iputils" && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ -- GitLab From 03cd4ce9d3d7e13a344b9a01f443f5868c3ceced Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 22 Mar 2021 08:20:02 -0700 Subject: [PATCH 123/134] full aapcli 3/22 --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 7df489d..1637178 100644 --- a/Dockerfile +++ b/Dockerfile @@ -93,3 +93,4 @@ ENTRYPOINT ["/usr/bin/container-entrypoint"] USER 1001 HEALTHCHECK CMD python --version + -- GitLab From 443d3831d387f512652915119ec077ab8d7cf986 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 22 Mar 2021 08:31:38 -0700 Subject: [PATCH 124/134] full aapcli 3/22 0831 --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 62903eb..081a2f3 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -48,7 +48,7 @@ resources: filename: "oc.tar.gz" validation: type: "sha256" # supported: sha256, sha512 - value: "855d702aff48843379d24fda72363f4ca3880371f9b5cf3418bc672eaf37c8c1" # must be lowercase + value: "4fccebb411e7579aeb025a9780d0e35f8d220487a5cf203387442f1e40fa179c" # must be lowercase - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" filename: "helm-v3.5.2-linux-amd64.tar.gz" validation: -- GitLab From f908d4112fc91c2ebded346d407dbe5f067d2e6c Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 22 Mar 2021 09:15:01 -0700 Subject: [PATCH 125/134] remove from aapcli 3/22 0914 --- Dockerfile | 53 +++++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1637178..e6cb1a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,7 +48,8 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/aap # Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ +# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ +RUN INSTALL_PKGS="vim-enhanced" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ @@ -63,31 +64,31 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# Install mongodb shell (client) -COPY config/key.asc /tmp/key.asc -COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -RUN rpm --import /tmp/key.asc && \ - yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ - rm -f /tmp/key.asc && \ - rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - -# Install jq (to parse openshift api query results) -RUN yum -y install jq - -# # Instal helm -COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ - mv linux-amd64/helm /usr/bin/helm && \ - chmod a+x /usr/bin/helm && \ - rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz - -# Set up container user and adjust permissions to run in OpenShift environment -WORKDIR ${HOME} -RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P && \ - fix-permissions ${HOME} -P && \ - rpm-file-permissions +# # # Install mongodb shell (client) +# # COPY config/key.asc /tmp/key.asc +# # COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# # RUN rpm --import /tmp/key.asc && \ +# # yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ +# # rm -f /tmp/key.asc && \ +# # rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm + +# # # Install jq (to parse openshift api query results) +# # RUN yum -y install jq + +# # # # Instal helm +# # COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +# # RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ +# # mv linux-amd64/helm /usr/bin/helm && \ +# # chmod a+x /usr/bin/helm && \ +# # rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz + +# # # Set up container user and adjust permissions to run in OpenShift environment +# # WORKDIR ${HOME} +# # RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ +# # -c "Default Application User" default && \ +# # fix-permissions ${APP_ROOT} -P && \ +# # fix-permissions ${HOME} -P && \ +# # rpm-file-permissions ENTRYPOINT ["/usr/bin/container-entrypoint"] USER 1001 -- GitLab From 3086bb41916a89a66f4d1fe67826ee8e7edb7b66 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 22 Mar 2021 13:33:13 -0700 Subject: [PATCH 126/134] mongo 3/22 1333 --- Dockerfile | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index e6cb1a5..ae1c61d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,31 +64,31 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# # # Install mongodb shell (client) -# # COPY config/key.asc /tmp/key.asc -# # COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# # RUN rpm --import /tmp/key.asc && \ -# # yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -# # rm -f /tmp/key.asc && \ -# # rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - -# # # Install jq (to parse openshift api query results) -# # RUN yum -y install jq - -# # # # Instal helm -# # COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -# # RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ -# # mv linux-amd64/helm /usr/bin/helm && \ -# # chmod a+x /usr/bin/helm && \ -# # rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz - -# # # Set up container user and adjust permissions to run in OpenShift environment -# # WORKDIR ${HOME} -# # RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ -# # -c "Default Application User" default && \ -# # fix-permissions ${APP_ROOT} -P && \ -# # fix-permissions ${HOME} -P && \ -# # rpm-file-permissions +# Install mongodb shell (client) +COPY config/key.asc /tmp/key.asc +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN rpm --import /tmp/key.asc && \ + yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ + rm -f /tmp/key.asc && \ + rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm + +# # Install jq (to parse openshift api query results) +# RUN yum -y install jq + +# # # Instal helm +# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ +# mv linux-amd64/helm /usr/bin/helm && \ +# chmod a+x /usr/bin/helm && \ +# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz + +# # Set up container user and adjust permissions to run in OpenShift environment +# WORKDIR ${HOME} +# RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ +# -c "Default Application User" default && \ +# fix-permissions ${APP_ROOT} -P && \ +# fix-permissions ${HOME} -P && \ +# rpm-file-permissions ENTRYPOINT ["/usr/bin/container-entrypoint"] USER 1001 -- GitLab From 6cc3941d1512c4c88b9eaa3a20b73c72b1626dbf Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 22 Mar 2021 14:49:21 -0700 Subject: [PATCH 127/134] mongo 3/22 1449 --- Dockerfile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index ae1c61d..d2ebba2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -64,16 +64,16 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# Install mongodb shell (client) -COPY config/key.asc /tmp/key.asc -COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -RUN rpm --import /tmp/key.asc && \ - yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ - rm -f /tmp/key.asc && \ - rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - -# # Install jq (to parse openshift api query results) -# RUN yum -y install jq +# # Install mongodb shell (client) +# COPY config/key.asc /tmp/key.asc +# COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# RUN rpm --import /tmp/key.asc && \ +# yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ +# rm -f /tmp/key.asc && \ +# rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm + +# Install jq (to parse openshift api query results) +RUN yum -y install jq # # # Instal helm # COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -- GitLab From 17457678b13bdaae3f6ba3347c299bf223c5199d Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 22 Mar 2021 15:03:18 -0700 Subject: [PATCH 128/134] helm 3/22 1503 --- Dockerfile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index d2ebba2..579b656 100644 --- a/Dockerfile +++ b/Dockerfile @@ -72,15 +72,15 @@ RUN # subscription-manager registervc # rm -f /tmp/key.asc && \ # rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# Install jq (to parse openshift api query results) -RUN yum -y install jq - -# # # Instal helm -# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ -# mv linux-amd64/helm /usr/bin/helm && \ -# chmod a+x /usr/bin/helm && \ -# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz +# # Install jq (to parse openshift api query results) +# RUN yum -y install jq + +# # Instal helm +COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ + mv linux-amd64/helm /usr/bin/helm && \ + chmod a+x /usr/bin/helm && \ + rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz # # Set up container user and adjust permissions to run in OpenShift environment # WORKDIR ${HOME} -- GitLab From c708efd924ab452eec54208abface547bed585a4 Mon Sep 17 00:00:00 2001 From: wlau Date: Mon, 22 Mar 2021 15:13:49 -0700 Subject: [PATCH 129/134] working dir 3/22 1513 --- Dockerfile | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 579b656..5cd1065 100644 --- a/Dockerfile +++ b/Dockerfile @@ -75,20 +75,20 @@ RUN # subscription-manager registervc # # Install jq (to parse openshift api query results) # RUN yum -y install jq -# # Instal helm -COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ - mv linux-amd64/helm /usr/bin/helm && \ - chmod a+x /usr/bin/helm && \ - rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz - -# # Set up container user and adjust permissions to run in OpenShift environment -# WORKDIR ${HOME} -# RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ -# -c "Default Application User" default && \ -# fix-permissions ${APP_ROOT} -P && \ -# fix-permissions ${HOME} -P && \ -# rpm-file-permissions +# # # Instal helm +# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ +# mv linux-amd64/helm /usr/bin/helm && \ +# chmod a+x /usr/bin/helm && \ +# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz + +# Set up container user and adjust permissions to run in OpenShift environment +WORKDIR ${HOME} +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions ENTRYPOINT ["/usr/bin/container-entrypoint"] USER 1001 -- GitLab From cf8090b0cbef526ff4b59a1bff0379e583054069 Mon Sep 17 00:00:00 2001 From: Luke Cervantes Date: Wed, 24 Mar 2021 21:38:56 +0000 Subject: [PATCH 130/134] Delete test.py --- test.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 test.py diff --git a/test.py b/test.py deleted file mode 100644 index e69de29..0000000 -- GitLab From 6b2c2ad89badd9cb34db92f39f3467cb5f99723a Mon Sep 17 00:00:00 2001 From: Luke Cervantes Date: Wed, 24 Mar 2021 21:41:22 +0000 Subject: [PATCH 131/134] Removed Comments to be more in compliance. --- Dockerfile | 43 +++---------------------------------------- 1 file changed, 3 insertions(+), 40 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5cd1065..f56e207 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,27 +18,9 @@ ENV PYTHON_VERSION=3.6 \ PIP_NO_CACHE_DIR=off \ LANG="en_US.UTF-8" -# - Enable the virtual python environment and default interactive and non-interactive -# shell environment upon container startup -#ENV BASH_ENV=/usr/bin/py-enable \ -# ENV=/usr/bin/py-enable \ -ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" - -# ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script -# ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -# https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html -# https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html -# # # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ -# # # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ -# # # building and running various Python $PYTHON_VERSION applications and frameworks. \ -# # # Python is an easy to learn, powerful programming language. It has efficient high-level \ -# # # data structures and a simple but effective approach to object-oriented programming. \ -# # # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ -# # # make it an ideal language for scripting and rapid application development in many areas \ -# # # on most platforms." +ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -# Copy extra files to the image. COPY ./root / RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/fix-permissions && \ @@ -47,8 +29,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/py-enable && \ chmod a+x /usr/bin/aap -# Install packages -# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ +python3-virtualenv" && \ RUN INSTALL_PKGS="vim-enhanced" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ @@ -56,7 +37,7 @@ RUN INSTALL_PKGS="vim-enhanced" && \ rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" -# Install the OpenShift command line tool, oc + COPY oc.tar.gz /tmp/oc.tar.gz RUN tar xvf /tmp/oc.tar.gz && \ mv ./oc /usr/bin/ && \ @@ -64,25 +45,7 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# # Install mongodb shell (client) -# COPY config/key.asc /tmp/key.asc -# COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# RUN rpm --import /tmp/key.asc && \ -# yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -# rm -f /tmp/key.asc && \ -# rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm - -# # Install jq (to parse openshift api query results) -# RUN yum -y install jq - -# # # Instal helm -# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ -# mv linux-amd64/helm /usr/bin/helm && \ -# chmod a+x /usr/bin/helm && \ -# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz -# Set up container user and adjust permissions to run in OpenShift environment WORKDIR ${HOME} RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ -c "Default Application User" default && \ -- GitLab From 612abff787336827a4dc01837f6c568166f55dae Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Mar 2021 14:32:55 -0700 Subject: [PATCH 132/134] reverse change --- Dockerfile | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index f56e207..8307c39 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,9 +18,27 @@ ENV PYTHON_VERSION=3.6 \ PIP_NO_CACHE_DIR=off \ LANG="en_US.UTF-8" - +# - Enable the virtual python environment and default interactive and non-interactive +# shell environment upon container startup +#ENV BASH_ENV=/usr/bin/py-enable \ +# ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" +# ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script +# ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. +# https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html +# https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html + +# # # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ +# # # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ +# # # building and running various Python $PYTHON_VERSION applications and frameworks. \ +# # # Python is an easy to learn, powerful programming language. It has efficient high-level \ +# # # data structures and a simple but effective approach to object-oriented programming. \ +# # # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ +# # # make it an ideal language for scripting and rapid application development in many areas \ +# # # on most platforms." + +# Copy extra files to the image. COPY ./root / RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/fix-permissions && \ @@ -29,7 +47,8 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/py-enable && \ chmod a+x /usr/bin/aap -python3-virtualenv" && \ +# Install packages +# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ RUN INSTALL_PKGS="vim-enhanced" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ @@ -37,7 +56,7 @@ RUN INSTALL_PKGS="vim-enhanced" && \ rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" - +# Install the OpenShift command line tool, oc COPY oc.tar.gz /tmp/oc.tar.gz RUN tar xvf /tmp/oc.tar.gz && \ mv ./oc /usr/bin/ && \ @@ -45,7 +64,25 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc +# # Install mongodb shell (client) +# COPY config/key.asc /tmp/key.asc +# COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# RUN rpm --import /tmp/key.asc && \ +# yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ +# rm -f /tmp/key.asc && \ +# rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# # Install jq (to parse openshift api query results) +# RUN yum -y install jq + +# # # Instal helm +# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ +# mv linux-amd64/helm /usr/bin/helm && \ +# chmod a+x /usr/bin/helm && \ +# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz + +# Set up container user and adjust permissions to run in OpenShift environment WORKDIR ${HOME} RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ -c "Default Application User" default && \ @@ -57,4 +94,3 @@ ENTRYPOINT ["/usr/bin/container-entrypoint"] USER 1001 HEALTHCHECK CMD python --version - -- GitLab From 9d5bc5dfd86bcbb1a82a6b38d1774d7ee1e1f021 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Mar 2021 14:53:54 -0700 Subject: [PATCH 133/134] fixing pipeline --- Dockerfile | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8307c39..1637178 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,8 +48,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/aap # Install packages -# RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ -RUN INSTALL_PKGS="vim-enhanced" && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-devel python3-setuptools python3-pip python3-virtualenv" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ @@ -64,23 +63,23 @@ RUN tar xvf /tmp/oc.tar.gz && \ RUN # subscription-manager registervc -# # Install mongodb shell (client) -# COPY config/key.asc /tmp/key.asc -# COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# RUN rpm --import /tmp/key.asc && \ -# yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ -# rm -f /tmp/key.asc && \ -# rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +# Install mongodb shell (client) +COPY config/key.asc /tmp/key.asc +COPY mongodb-org-shell-4.4.4-1.el8.x86_64.rpm /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm +RUN rpm --import /tmp/key.asc && \ + yum -y install /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm && \ + rm -f /tmp/key.asc && \ + rm -f /tmp/mongodb-org-shell-4.4.4-1.el8.x86_64.rpm -# # Install jq (to parse openshift api query results) -# RUN yum -y install jq +# Install jq (to parse openshift api query results) +RUN yum -y install jq -# # # Instal helm -# COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz -# RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ -# mv linux-amd64/helm /usr/bin/helm && \ -# chmod a+x /usr/bin/helm && \ -# rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz +# # Instal helm +COPY helm-v3.5.2-linux-amd64.tar.gz /tmp/helm-v3.5.2-linux-amd64.tar.gz +RUN tar -zxvf /tmp/helm-v3.5.2-linux-amd64.tar.gz && \ + mv linux-amd64/helm /usr/bin/helm && \ + chmod a+x /usr/bin/helm && \ + rm -f /tmp/helm-v3.5.2-linux-amd64.tar.gz # Set up container user and adjust permissions to run in OpenShift environment WORKDIR ${HOME} @@ -94,3 +93,4 @@ ENTRYPOINT ["/usr/bin/container-entrypoint"] USER 1001 HEALTHCHECK CMD python --version + -- GitLab From 3035f83a91fa69aab418687406dab9cbce3b3950 Mon Sep 17 00:00:00 2001 From: wlau Date: Fri, 26 Mar 2021 15:36:27 -0700 Subject: [PATCH 134/134] remove comments --- Dockerfile | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1637178..db71de8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,24 +20,8 @@ ENV PYTHON_VERSION=3.6 \ # - Enable the virtual python environment and default interactive and non-interactive # shell environment upon container startup -#ENV BASH_ENV=/usr/bin/py-enable \ -# ENV=/usr/bin/py-enable \ ENV PROMPT_COMMAND=". /usr/bin/aap && unset PROMPT_COMMAND" -# ^^^ BASH_ENV and ENV provide the name of a startup file to read before bash is used to execute a script -# ^^^ Bash provides an environment variable called PROMPT_COMMAND. The contents of this variable are executed as a regular Bash command just before Bash displays a prompt. -# https://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x264.html -# https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html - -# # # ENV SUMMARY="Platform for building and running Python $PYTHON_VERSION applications" \ -# # # DESCRIPTION="Python $PYTHON_VERSION available as container is a base platform for \ -# # # building and running various Python $PYTHON_VERSION applications and frameworks. \ -# # # Python is an easy to learn, powerful programming language. It has efficient high-level \ -# # # data structures and a simple but effective approach to object-oriented programming. \ -# # # Python's elegant syntax and dynamic typing, together with its interpreted nature, \ -# # # make it an ideal language for scripting and rapid application development in many areas \ -# # # on most platforms." - # Copy extra files to the image. COPY ./root / RUN chmod a+x /usr/bin/container-entrypoint && \ -- GitLab