diff --git a/.gitignore b/.gitignore index 62e009c65681dba039f60d3a9b05906d9b9db2ae..fd2a1cd2cfe848cd1e3983c7476fd5d9080dd21f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ # Ignore any locally downloaded or dropped releases *.tar.gz -dumb-init \ No newline at end of file +tinit +jq diff --git a/Dockerfile b/Dockerfile index 36692047998f0a982f9d4520fbb7aadeefdc04b1..48a26aa0cdaabc4e1c8e28360bd1665705fa40d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as prep_files -ARG ELASTIC_STACK=7.10.0 +ARG ELASTIC_STACK=7.10.2 ARG ELASTIC_PRODUCT=filebeat ARG OS_AND_ARCH=linux-x86_64 @@ -45,9 +45,8 @@ ARG ELASTIC_PRODUCT=filebeat COPY LICENSE /licenses/elastic-${ELASTIC_PRODUCT} # Add a dumb init process -WORKDIR /usr/local/bin -COPY dumb-init /usr/local/bin/dumb-init -RUN chmod +x /usr/local/bin/dumb-init +COPY tinit /tinit +RUN chmod +x /tinit # Bring in product from the initial stage. COPY --from=prep_files --chown=1000:0 /usr/share/${ELASTIC_PRODUCT} /usr/share/${ELASTIC_PRODUCT} @@ -75,15 +74,7 @@ RUN groupadd --gid 1000 ${ELASTIC_PRODUCT} && useradd --uid 1000 --gid 1000 --gr USER ${ELASTIC_PRODUCT} ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} -LABEL org.label-schema.schema-version="1.0" \ - org.label-schema.vendor="Elastic" \ - org.label-schema.name="${ELASTIC_PRODUCT}" \ - org.label-schema.version="${ELASTIC_STACK}" \ - org.label-schema.url="https://www.elastic.co/products/beats/${ELASTIC_PRODUCT}" \ - org.label-schema.vcs-url="https://github.com/elastic/${ELASTIC_PRODUCT}" \ - org.label-schema.license="Elastic License" license="Elastic License" - -ENTRYPOINT ["/usr/local/bin/dumb-init", "--", "/usr/share/filebeat/filebeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/filebeat/data/filebeat.sock"] +ENTRYPOINT ["/tinit", "--", "/usr/share/filebeat/filebeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/filebeat/data/filebeat.sock"] CMD ["-environment", "container"] # see https://www.elastic.co/guide/en/beats/filebeat/current/http-endpoint.html diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index f60d67a16f97c28d8a3e13b718cf7462a86748c8..0000000000000000000000000000000000000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: '7.10.0') diff --git a/download.json b/download.json deleted file mode 100644 index e604fc258d548ff74b9638c519cb9ce9a76842f5..0000000000000000000000000000000000000000 --- a/download.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "resources": [ - { - "url": "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.0-linux-x86_64.tar.gz", - "filename": "filebeat-7.10.0-linux-x86_64.tar.gz", - "validation": { - "type": "sha512", - "value": "509f0d7f2a16d70850c127dd20bea7c735fc749f8d90f8e797196d11887ceccf32d8d71e1177ae9dbe7c8d081133b7d75e431997123512fc17ee1e04e96a6bc5" - } - }, - { - "url": "https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64", - "filename": "dumb-init", - "validation": { - "type": "sha256", - "value": "37f2c1f0372a45554f1b89924fbb134fc24c3756efaedf11e07f599494e0eff9" - } - } - ] -} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000000000000000000000000000000000000..963b3029a245a551a5be3885ec11ffeb998aea8d --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "elastic/beats/filebeat" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "7.10.2" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.3" + BASE_REGISTRY: registry1.dsop.io + ELASTIC_STACK: "7.10.2" + ELASTIC_PRODUCT: "filebeat" + +# Docker image labels +labels: + org.opencontainers.image.title: "filebeat" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "filebeat Lightweight shipper for logs" + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Elastic License" + ## URL to find more information on the image + org.opencontainers.image.url: "https://www.elastic.co/products/beats/filebeat" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Elastic" + org.opencontainers.image.version: "7.10.2" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "log,observabilty,o11y,oblt,beats,elastic,elasticsearch,golang" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "beats" + +# List of resources to make available to the offline build context +resources: +- filename: filebeat-7.10.2-linux-x86_64.tar.gz + url: https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.2-linux-x86_64.tar.gz + validation: + type: sha512 + value: 975cfae19d0f32af3b937b74633bf0ca0106071482d5e8b0bd7607d9ae09f2ee55f8f438f98ada30cda76799f2136131c5f11abf03ca5b13e8d81962d4257bb7 +- filename: tinit + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64 + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "nassim.kammah@elastic.co" + name: Nassim Kammah +- email: "ivan.fernandez@elastic.co" + name: Ivan Fernandez Calvo +# # The name of the current container owner +# name: "FIXME" +# # The gitlab username of the current container owner +# username: "FIXME" +# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +# - name: "FIXME" +# username: "FIXME" +# email: "FIXME"