Wingkwan.lau development patch 60189

c45e9b47 · WingKwan Lau · kwami.delali · cf225ff7 · c45e9b47 · c45e9b47
Commit c45e9b47 authored Jul 28, 2021 by WingKwan Lau Committed by kwami.delali Jul 28, 2021
Show whitespace changes
Inline Side-by-side

Showing with 12 additions and 8 deletions

Dockerfile Dockerfile +9 -5

hardening_manifest.yaml hardening_manifest.yaml +3 -3

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,9 +4,6 @@ ARG BASE_TAG=8.4

 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}

-# yum Update
-RUN yum update -y
-
 # Set necessary environment variables for python and python development environment
 ARG APP_ROOT=/opt/app-root
 ENV PYTHON_VERSION=3.8 \
@@ -33,15 +30,18 @@ RUN chmod a+x /usr/bin/container-entrypoint && \
    chmod a+x /usr/bin/generate-container-user && \
    chmod a+x /usr/bin/py-enable 

-
 # Install packages
-RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip " && \
+RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \
    yum -y update-minimal --setopt=tsflags=nodocs --security && \
    yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \
    yum -y remove vim-minimal && \
    rpm -V $INSTALL_PKGS && \
    yum -y clean all --enablerepo="*"

+# yum Updates
+RUN yum update -y
+RUN yum update systemd-239-45.el8_4.2
+
 # - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages 
 #   preinstalled in the main Python installation.
 RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable
@@ -54,6 +54,10 @@ RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \
    fix-permissions ${HOME} -P && \
    rpm-file-permissions

+USER 1001
+
 ENTRYPOINT ["/usr/bin/container-entrypoint"]

 HEALTHCHECK CMD python --version
+
+
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -7,14 +7,14 @@ name: "diat/aap-python"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
- "14.0"
+- "14.1"
 - "latest"

 # Build args passed to Dockerfile ARGs
 args:
  BASE_REGISTRY: "registry1.dsop.io"
  BASE_IMAGE: "redhat/ubi/ubi8"
-  BASE_TAG: "8.3"
+  BASE_TAG: "8.4"

 # Docker image labels
 labels:
@@ -29,7 +29,7 @@ labels:
  # Name of the distributing entity, organization or individual
  org.opencontainers.image.vendor: "aap-python"
  # Authoritative version of the software
-  org.opencontainers.image.version: "14.0"
+  org.opencontainers.image.version: "14.1"
  # Keywords to help with search (ex. "cicd,gitops,golang")
  mil.dso.ironbank.image.keywords: "aap,python,aappython,aap-python,pythonent,atlas,diat"
  # This value can be "opensource" or "commercial"