From c45e9b4715648d3ab0bc36b541b24b0af25047ea Mon Sep 17 00:00:00 2001
From: WingKwan Lau <wingkwan.lau1@navy.mil>
Date: Wed, 28 Jul 2021 21:07:20 +0000
Subject: [PATCH] Wingkwan.lau development patch 60189

---
 Dockerfile              | 14 +++++++++-----
 hardening_manifest.yaml |  6 +++---
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 482930e..f970335 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,9 +4,6 @@ ARG BASE_TAG=8.4
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
-# yum Update
-RUN yum update -y
-
 # Set necessary environment variables for python and python development environment
 ARG APP_ROOT=/opt/app-root
 ENV PYTHON_VERSION=3.8 \
@@ -33,15 +30,18 @@ RUN chmod a+x /usr/bin/container-entrypoint && \
     chmod a+x /usr/bin/generate-container-user && \
     chmod a+x /usr/bin/py-enable 
 
-
 # Install packages
-RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip " && \
+RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \
     yum -y update-minimal --setopt=tsflags=nodocs --security && \
     yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \
     yum -y remove vim-minimal && \
     rpm -V $INSTALL_PKGS && \
     yum -y clean all --enablerepo="*"
 
+# yum Updates
+RUN yum update -y
+RUN yum update systemd-239-45.el8_4.2
+
 # - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages 
 #   preinstalled in the main Python installation.
 RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable
@@ -54,6 +54,10 @@ RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \
     fix-permissions ${HOME} -P && \
     rpm-file-permissions
 
+USER 1001
+
 ENTRYPOINT ["/usr/bin/container-entrypoint"]
 
 HEALTHCHECK CMD python --version
+
+
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 873532b..8089eed 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -7,14 +7,14 @@ name: "diat/aap-python"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
-- "14.0"
+- "14.1"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
 args:
   BASE_REGISTRY: "registry1.dsop.io"
   BASE_IMAGE: "redhat/ubi/ubi8"
-  BASE_TAG: "8.3"
+  BASE_TAG: "8.4"
 
 # Docker image labels
 labels:
@@ -29,7 +29,7 @@ labels:
   # Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "aap-python"
   # Authoritative version of the software
-  org.opencontainers.image.version: "14.0"
+  org.opencontainers.image.version: "14.1"
   # Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "aap,python,aappython,aap-python,pythonent,atlas,diat"
   # This value can be "opensource" or "commercial"
-- 
GitLab