From 4df9c168f9262ae09df60517bcc43f3c51207f7b Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 22 Jul 2021 20:03:01 +0000 Subject: [PATCH 01/24] Update Dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 482930e..e43b573 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,6 +6,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # yum Update RUN yum update -y +RUN yum update yum update systemd # Set necessary environment variables for python and python development environment ARG APP_ROOT=/opt/app-root -- GitLab From e9bef49a5a54a9ddbae4029f54e472ef207f55c8 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 22 Jul 2021 20:07:04 +0000 Subject: [PATCH 02/24] Update hardening_manifest.yaml, Dockerfile files --- Dockerfile | 2 +- hardening_manifest.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e43b573..6ecdcff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,7 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ # Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip " && \ +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ yum -y remove vim-minimal && \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 873532b..6184d9d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -7,7 +7,7 @@ name: "diat/aap-python" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "14.0" +- "14.1" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "aap-python" # Authoritative version of the software - org.opencontainers.image.version: "14.0" + org.opencontainers.image.version: "14.1" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "aap,python,aappython,aap-python,pythonent,atlas,diat" # This value can be "opensource" or "commercial" -- GitLab From 7d1c4f2a70d47e93fd5eedb06a6139989e02b7a7 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 22 Jul 2021 21:27:20 +0000 Subject: [PATCH 03/24] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6ecdcff..02f7a8f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # yum Update RUN yum update -y -RUN yum update yum update systemd +RUN yum update systemd # Set necessary environment variables for python and python development environment ARG APP_ROOT=/opt/app-root -- GitLab From c7781d24e7992c6f0f85f6af94209b6e72361ca5 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 22 Jul 2021 22:10:10 +0000 Subject: [PATCH 04/24] Update Dockerfile --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 02f7a8f..f20b842 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,6 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -# yum Update -RUN yum update -y -RUN yum update systemd - # Set necessary environment variables for python and python development environment ARG APP_ROOT=/opt/app-root ENV PYTHON_VERSION=3.8 \ @@ -34,7 +30,6 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/generate-container-user && \ chmod a+x /usr/bin/py-enable - # Install packages RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ yum -y update-minimal --setopt=tsflags=nodocs --security && \ @@ -43,6 +38,11 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-de rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" +# yum Update +RUN yum update -y +RUN yum update systemd +yum update --cve CVE-2021-33910 + # - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages # preinstalled in the main Python installation. RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable -- GitLab From fd847a44d5a57ba029ea44d59fcc3c56dd38b98c Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 22 Jul 2021 22:16:48 +0000 Subject: [PATCH 05/24] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f20b842..ef79f0f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,7 +41,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-de # yum Update RUN yum update -y RUN yum update systemd -yum update --cve CVE-2021-33910 +RUN yum update --cve CVE-2021-33910 # - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages # preinstalled in the main Python installation. -- GitLab From fe35f95ff11c1b9c02b81c58b5d6bf0d019f669e Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Thu, 22 Jul 2021 22:48:46 +0000 Subject: [PATCH 06/24] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 6184d9d..8089eed 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: args: BASE_REGISTRY: "registry1.dsop.io" BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_TAG: "8.4" # Docker image labels labels: -- GitLab From e9e5fc548c228d2596cc504d4c469efacc54308b Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Mon, 26 Jul 2021 16:59:15 +0000 Subject: [PATCH 07/24] Update Dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ef79f0f..fcd3cec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,8 +40,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-de # yum Update RUN yum update -y -RUN yum update systemd -RUN yum update --cve CVE-2021-33910 +RUN yum update systemd-239-45.el8_4.2 # - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages # preinstalled in the main Python installation. -- GitLab From 3e056a4e917e2d58d48f5caeb0742d09950c9d9b Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Mon, 26 Jul 2021 18:15:31 +0000 Subject: [PATCH 08/24] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fcd3cec..231e593 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,7 +38,7 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-de rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" -# yum Update +# yum Updates RUN yum update -y RUN yum update systemd-239-45.el8_4.2 -- GitLab From 5a6370b671d2b72d73247cc6fea13d5e95be81a2 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 27 Jul 2021 18:07:53 +0000 Subject: [PATCH 09/24] testing root user --- Dockerfile | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/Dockerfile b/Dockerfile index 231e593..1d7351d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,37 +22,7 @@ ENV PYTHON_VERSION=3.8 \ # shell environment upon container startup ENV PROMPT_COMMAND="" -# Copy extra files to the image. -COPY ./scripts /usr/bin -RUN chmod a+x /usr/bin/container-entrypoint && \ - chmod a+x /usr/bin/fix-permissions && \ - chmod a+x /usr/bin/rpm-file-permissions && \ - chmod a+x /usr/bin/generate-container-user && \ - chmod a+x /usr/bin/py-enable -# Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ - yum -y update-minimal --setopt=tsflags=nodocs --security && \ - yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ - yum -y remove vim-minimal && \ - rpm -V $INSTALL_PKGS && \ - yum -y clean all --enablerepo="*" - -# yum Updates -RUN yum update -y -RUN yum update systemd-239-45.el8_4.2 - -# - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages -# preinstalled in the main Python installation. -RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable - -# Set up container user and adjust permissions to run in OpenShift environment -WORKDIR ${HOME} -RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P && \ - fix-permissions ${HOME} -P && \ - rpm-file-permissions ENTRYPOINT ["/usr/bin/container-entrypoint"] -- GitLab From 8e0d975ab98f12e67c63c67f5bfc375110d66719 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 27 Jul 2021 18:22:58 +0000 Subject: [PATCH 10/24] Update Dockerfile --- Dockerfile | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1d7351d..e03b1c7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,24 +4,6 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -# Set necessary environment variables for python and python development environment -ARG APP_ROOT=/opt/app-root -ENV PYTHON_VERSION=3.8 \ - APP_ROOT=$APP_ROOT \ - USER_NAME=hero \ - HOME=${APP_ROOT} \ - PATH=$HOME/.local/bin/:$APP_ROOT/.local/bin:/opt/app-root/src/bin:/opt/app-root/bin:$PATH: \ - EDITOR=/usr/bin/vim \ - PS1="AAP \W\$ " \ - PYTHONUNBUFFERED=1 \ - PYTHONIOENCODING=UTF-8 \ - PIP_NO_CACHE_DIR=off \ - LANG="en_US.UTF-8" - -# - Enable the virtual python environment and default interactive and non-interactive -# shell environment upon container startup -ENV PROMPT_COMMAND="" - ENTRYPOINT ["/usr/bin/container-entrypoint"] -- GitLab From 54ce30f27d9cb8dc842fd6199ac10e5699bff290 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 27 Jul 2021 20:23:02 +0000 Subject: [PATCH 11/24] Update Dockerfile --- Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index e03b1c7..9e68904 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,3 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -ENTRYPOINT ["/usr/bin/container-entrypoint"] - -HEALTHCHECK CMD python --version -- GitLab From 114b3182bc67ff22e4e85c3399df1d3da6ab19d9 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 27 Jul 2021 20:33:32 +0000 Subject: [PATCH 12/24] Update Dockerfile --- Dockerfile | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9e68904..a0d91de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,4 +4,52 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +# Set necessary environment variables for python and python development environment +ARG APP_ROOT=/opt/app-root +ENV PYTHON_VERSION=3.8 \ + APP_ROOT=$APP_ROOT \ + USER_NAME=hero \ + HOME=${APP_ROOT} \ + PATH=$HOME/.local/bin/:$APP_ROOT/.local/bin:/opt/app-root/src/bin:/opt/app-root/bin:$PATH: \ + EDITOR=/usr/bin/vim \ + PS1="AAP \W\$ " \ + PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + PIP_NO_CACHE_DIR=off \ + LANG="en_US.UTF-8" +# - Enable the virtual python environment and default interactive and non-interactive +# shell environment upon container startup +ENV PROMPT_COMMAND="" + +# Copy extra files to the image. +COPY ./scripts /usr/bin +RUN chmod a+x /usr/bin/container-entrypoint && \ + chmod a+x /usr/bin/fix-permissions && \ + chmod a+x /usr/bin/rpm-file-permissions && \ + chmod a+x /usr/bin/generate-container-user && \ + chmod a+x /usr/bin/py-enable + +# Install packages +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ + yum -y update-minimal --setopt=tsflags=nodocs --security && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + yum -y remove vim-minimal && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo="*" + +# yum Updates +RUN yum update -y +RUN yum update systemd-239-45.el8_4.2 + +# - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages +# preinstalled in the main Python installation. +RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable + +# Set up container user and adjust permissions to run in OpenShift environment +WORKDIR ${HOME} +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions -- GitLab From f244dbf9c0b4cdde11317be888a5d2860b0029f9 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 27 Jul 2021 21:20:33 +0000 Subject: [PATCH 13/24] Update Dockerfile --- Dockerfile | 36 ------------------------------------ 1 file changed, 36 deletions(-) diff --git a/Dockerfile b/Dockerfile index a0d91de..838fb9a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,39 +17,3 @@ ENV PYTHON_VERSION=3.8 \ PYTHONIOENCODING=UTF-8 \ PIP_NO_CACHE_DIR=off \ LANG="en_US.UTF-8" - -# - Enable the virtual python environment and default interactive and non-interactive -# shell environment upon container startup -ENV PROMPT_COMMAND="" - -# Copy extra files to the image. -COPY ./scripts /usr/bin -RUN chmod a+x /usr/bin/container-entrypoint && \ - chmod a+x /usr/bin/fix-permissions && \ - chmod a+x /usr/bin/rpm-file-permissions && \ - chmod a+x /usr/bin/generate-container-user && \ - chmod a+x /usr/bin/py-enable - -# Install packages -RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ - yum -y update-minimal --setopt=tsflags=nodocs --security && \ - yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ - yum -y remove vim-minimal && \ - rpm -V $INSTALL_PKGS && \ - yum -y clean all --enablerepo="*" - -# yum Updates -RUN yum update -y -RUN yum update systemd-239-45.el8_4.2 - -# - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages -# preinstalled in the main Python installation. -RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable - -# Set up container user and adjust permissions to run in OpenShift environment -WORKDIR ${HOME} -RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ - -c "Default Application User" default && \ - fix-permissions ${APP_ROOT} -P && \ - fix-permissions ${HOME} -P && \ - rpm-file-permissions -- GitLab From 070e92db08ea3f2cd1460b29b2ead1f258dae0ea Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 27 Jul 2021 21:38:48 +0000 Subject: [PATCH 14/24] 1 --- Dockerfile | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 838fb9a..9e68904 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,16 +4,4 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -# Set necessary environment variables for python and python development environment -ARG APP_ROOT=/opt/app-root -ENV PYTHON_VERSION=3.8 \ - APP_ROOT=$APP_ROOT \ - USER_NAME=hero \ - HOME=${APP_ROOT} \ - PATH=$HOME/.local/bin/:$APP_ROOT/.local/bin:/opt/app-root/src/bin:/opt/app-root/bin:$PATH: \ - EDITOR=/usr/bin/vim \ - PS1="AAP \W\$ " \ - PYTHONUNBUFFERED=1 \ - PYTHONIOENCODING=UTF-8 \ - PIP_NO_CACHE_DIR=off \ - LANG="en_US.UTF-8" + -- GitLab From 8a359a8f9acd4df1cf22d2a9fcdc563851e2b47a Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 27 Jul 2021 21:47:04 +0000 Subject: [PATCH 15/24] Update Dockerfile --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9e68904..e6c68fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,4 +4,6 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +# Set necessary environment variables for python and python development environment +ARG APP_ROOT=/opt/app-root -- GitLab From f955ea974b923f0d89c6041c968e9394ca2a1c7e Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Tue, 27 Jul 2021 22:11:05 +0000 Subject: [PATCH 16/24] Update Dockerfile --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e6c68fe..9e68904 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,4 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -# Set necessary environment variables for python and python development environment -ARG APP_ROOT=/opt/app-root -- GitLab From 9d4473ca2e6b26a4b6ed8aae0330136ac695d24a Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 00:21:32 +0000 Subject: [PATCH 17/24] Update Dockerfile --- Dockerfile | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9e68904..72951d0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,4 +4,30 @@ ARG BASE_TAG=8.4 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +# Set necessary environment variables for python and python development environment +ARG APP_ROOT=/opt/app-root +ENV PYTHON_VERSION=3.8 \ + APP_ROOT=$APP_ROOT \ + USER_NAME=hero \ + HOME=${APP_ROOT} \ + PATH=$HOME/.local/bin/:$APP_ROOT/.local/bin:/opt/app-root/src/bin:/opt/app-root/bin:$PATH: \ + EDITOR=/usr/bin/vim \ + PS1="AAP \W\$ " \ + PYTHONUNBUFFERED=1 \ + PYTHONIOENCODING=UTF-8 \ + PIP_NO_CACHE_DIR=off \ + LANG="en_US.UTF-8" + +# - Enable the virtual python environment and default interactive and non-interactive +# shell environment upon container startup +ENV PROMPT_COMMAND="" + +# Copy extra files to the image. +COPY ./scripts /usr/bin +RUN chmod a+x /usr/bin/container-entrypoint && \ + chmod a+x /usr/bin/fix-permissions && \ + chmod a+x /usr/bin/rpm-file-permissions && \ + chmod a+x /usr/bin/generate-container-user && \ + chmod a+x /usr/bin/py-enable + -- GitLab From 9eecf20b57e3904252c733c05dc96c8d8a4d6365 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 15:50:49 +0000 Subject: [PATCH 18/24] 39 --- Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index 72951d0..f772879 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,4 +30,12 @@ RUN chmod a+x /usr/bin/container-entrypoint && \ chmod a+x /usr/bin/generate-container-user && \ chmod a+x /usr/bin/py-enable +# Install packages +RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-devel python38-setuptools python38-pip gcc" && \ + yum -y update-minimal --setopt=tsflags=nodocs --security && \ + yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS && \ + yum -y remove vim-minimal && \ + rpm -V $INSTALL_PKGS && \ + yum -y clean all --enablerepo="*" + -- GitLab From 43da5dd5382ac1a90cc6bdb3a12b4d7a137ed8c2 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 16:03:36 +0000 Subject: [PATCH 19/24] Update Dockerfile --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index f772879..8c21d74 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,4 +38,8 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-de rpm -V $INSTALL_PKGS && \ yum -y clean all --enablerepo="*" +# yum Updates +RUN yum update -y +RUN yum update systemd-239-45.el8_4.2 + -- GitLab From 5f739cffeb3adf597d9f6abfb6b1ee42d7c6680a Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 16:27:35 +0000 Subject: [PATCH 20/24] 47 --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 8c21d74..e9366bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,4 +42,8 @@ RUN INSTALL_PKGS="vim-enhanced rsync iputils bind-utils git python38 python38-de RUN yum update -y RUN yum update systemd-239-45.el8_4.2 +# - Create a Python virtual environment for use by any application to avoid potential conflicts with Python packages +# preinstalled in the main Python installation. +RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable + -- GitLab From 3e5d7defd1195369c121c220ee9a435d4a160ec8 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 16:40:39 +0000 Subject: [PATCH 21/24] 55 --- Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Dockerfile b/Dockerfile index e9366bb..a4fd0da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,4 +46,11 @@ RUN yum update systemd-239-45.el8_4.2 # preinstalled in the main Python installation. RUN python$PYTHON_VERSION -m venv ${APP_ROOT} && /usr/bin/py-enable +# Set up container user and adjust permissions to run in OpenShift environment +WORKDIR ${HOME} +RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ + -c "Default Application User" default && \ + fix-permissions ${APP_ROOT} -P && \ + fix-permissions ${HOME} -P && \ + rpm-file-permissions -- GitLab From 4d74945eff4125e4c7ed4fa266fb18cd1a39d392 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 17:28:13 +0000 Subject: [PATCH 22/24] Update Dockerfile --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index a4fd0da..ad8f344 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,3 +54,8 @@ RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ fix-permissions ${HOME} -P && \ rpm-file-permissions +ENTRYPOINT ["/usr/bin/container-entrypoint"] + +HEALTHCHECK CMD python --version + + -- GitLab From 1c048d8fc1a92f20000ee9f2214e6ffa2ce3a9f0 Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 20:42:22 +0000 Subject: [PATCH 23/24] Update Dockerfile --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index ad8f344..80d916e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,6 +54,8 @@ RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ fix-permissions ${HOME} -P && \ rpm-file-permissions +RUN user 1001 + ENTRYPOINT ["/usr/bin/container-entrypoint"] HEALTHCHECK CMD python --version -- GitLab From d0706730851c9d54874c107c2e24b57d159466ef Mon Sep 17 00:00:00 2001 From: WingKwan Lau Date: Wed, 28 Jul 2021 20:49:13 +0000 Subject: [PATCH 24/24] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 80d916e..f970335 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,7 +54,7 @@ RUN useradd -u 1001 -r -g 0 -d ${HOME} -s /sbin/nologin \ fix-permissions ${HOME} -P && \ rpm-file-permissions -RUN user 1001 +USER 1001 ENTRYPOINT ["/usr/bin/container-entrypoint"] -- GitLab