diff --git a/Dockerfile b/Dockerfile index 482930e04678a45fc372e462b1448866d1c34a65..f970335db99b5c541e74e253f280c3348f0ac715 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,9 +4,6 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -# yum Update -RUN yum update -y - # Set necessary environment variables for python and python development environment ARG APP_ROOT=/opt/app-root ENV PYTHON_VERSION=3.8 \ @@ -33,15 +30,18 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/generate-container-user && \ chmod a+x /usr/bin/py-enable - # Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip " && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" +# yum Updates +RUN yum update -y +RUN yum update systemd-239-45.el8_4.2 + # - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages # preinstalled in the main Python installation. RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable @@ -54,6 +54,10 @@ RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ fix-permissions ${HOME} -P && \ rpm-file-permissions +USER 1001 + ENTRYPOINT ["/usr/bin/container-entrypoint"] HEALTHCHECK CMD python --version + + diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 873532bb876c282b3432421e0206b7ac16efc19a..8089eed849b64419ddfbf3f1245a85123a034de7 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -7,14 +7,14 @@ name: "diat/aap-python" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "14.0" +- "14.1" - "latest" # Build args passed to Dockerfile ARGs args: BASE_REGISTRY: "registry1.dsop.io" BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_TAG: "8.4" # Docker image labels labels: @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "aap-python" # Authoritative version of the software - org.opencontainers.image.version: "14.0" + org.opencontainers.image.version: "14.1" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "aap,python,aappython,aap-python,pythonent,atlas,diat" # This value can be "opensource" or "commercial"