From c097ebe7abe9ade5f58c26ca4a3680252c79f86f Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 23:12:57 +0000 Subject: [PATCH 1/6] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 7e6a5a9..1de8cc5 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -48,7 +48,7 @@ resources: filename: "oc.tar.gz" validation: type: "sha256" # supported: sha256, sha512 - value: "06dbfb7f29e56a98246519ed33a6119a1c01d363aecdb0d2cfd21c9f69dc4ebc" # must be lowercase + value: "19709565c53a496605c41faa410a6a73ccae4bfe91fbe66cf0a7d581a68aa706" # must be lowercase - url: "https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz" filename: "helm-v3.5.2-linux-amd64.tar.gz" validation: -- GitLab From 57f1230e3445e3cde6a49d0b7e2d0fcddc10fdba Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 29 Jul 2021 12:57:34 +0000 Subject: [PATCH 2/6] Updating base image to use ubi 8.4 --- Dockerfile | 2 +- hardening_manifest.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6a97b46..3fbc838 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.3 +ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1de8cc5..1c9e7de 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -7,14 +7,14 @@ name: "diat/aap-cli" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "4.0" +- "14.0" - "latest" # Build args passed to Dockerfile ARGs args: BASE_REGISTRY: "registry1.dsop.io" BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_TAG: "8.4" # Docker image labels labels: @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "aap-cli" # Authoritative version of the software - org.opencontainers.image.version: "4.0" + org.opencontainers.image.version: "14.0" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "aap,cli,aapcli,aap-cli,client,atlas,diat" # This value can be "opensource" or "commercial" -- GitLab From e931fe7a183779d877874b6685208daf1694d6e7 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 29 Jul 2021 21:44:24 +0000 Subject: [PATCH 3/6] Update Dockerfile --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 3fbc838..5d88e7a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,6 +39,10 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" +# yum Updates +RUN yum update -y +RUN yum update --cve CVE-2019-19246 + # Install the OpenShift command line tool, oc COPY oc.tar.gz /tmp/oc.tar.gz RUN tar xvf /tmp/oc.tar.gz && \ -- GitLab From 81be4fca5fdcc2bf948a5eec8b0df5c22742f9d1 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 29 Jul 2021 21:58:30 +0000 Subject: [PATCH 4/6] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5d88e7a..4c217b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,7 +41,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # yum Updates RUN yum update -y -RUN yum update --cve CVE-2019-19246 +RUN yum update php # Install the OpenShift command line tool, oc COPY oc.tar.gz /tmp/oc.tar.gz -- GitLab From 6602fa015fc4747564ac32705e921cfbb0d1daca Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 29 Jul 2021 22:25:48 +0000 Subject: [PATCH 5/6] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1c9e7de..f78d79a 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -7,7 +7,7 @@ name: "diat/aap-cli" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "14.0" +- "14.1" - "latest" # Build args passed to Dockerfile ARGs -- GitLab From b7d8059129217c5e090d6d728ff248186fd17df5 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 29 Jul 2021 23:25:20 +0000 Subject: [PATCH 6/6] Update Dockerfile --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4c217b9..923017e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,7 +41,6 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python36 python36-de # yum Updates RUN yum update -y -RUN yum update php # Install the OpenShift command line tool, oc COPY oc.tar.gz /tmp/oc.tar.gz -- GitLab