From 6f5ece8bc1be9aca7a4600070e48612db77a8df5 Mon Sep 17 00:00:00 2001 From: ironbank-bot Date: Thu, 10 Dec 2020 01:06:27 +0000 Subject: [PATCH 1/5] Migrate to hardening_manifest.yaml --- Dockerfile | 1 - Jenkinsfile | 2 -- download.json | 20 ------------- hardening_manifest.yaml | 63 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 23 deletions(-) delete mode 100644 Jenkinsfile delete mode 100644 download.json create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile index 80cac2d..2b21cf7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -66,7 +66,6 @@ RUN find / -xdev -perm -4000 -exec chmod u-s {} + RUN groupadd --gid 1000 kibana && useradd --uid 1000 --gid 1000 --home-dir /usr/share/kibana --no-create-home kibana USER kibana -LABEL org.label-schema.schema-version="1.0" org.label-schema.vendor="Elastic" org.label-schema.name="kibana" org.label-schema.version="7.10.0" org.label-schema.url="https://www.elastic.co/products/kibana" org.label-schema.vcs-url="https://github.com/elastic/kibana" org.label-schema.license="Elastic License" license="Elastic License" ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index f60d67a..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: '7.10.0') diff --git a/download.json b/download.json deleted file mode 100644 index 4dc3748..0000000 --- a/download.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "resources": [ - { - "url": "https://artifacts.elastic.co/downloads/kibana/kibana-7.10.0-linux-x86_64.tar.gz", - "filename": "kibana-7.10.0-linux-x86_64.tar.gz", - "validation": { - "type": "sha512", - "value": "385fe5d875ba074e0931a1e9ebbac8e3d91d300ca478f589da06b01c68e4694c5953a538afd6c385bdccec0f0d3cda1a5dc39f1b56e41d584cdcab8fba466677" - } - }, - { - "url": "https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64", - "filename": "dumb-init", - "validation": { - "type": "sha256", - "value": "37f2c1f0372a45554f1b89924fbb134fc24c3756efaedf11e07f599494e0eff9" - } - } - ] -} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..ad3044e --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "elastic/kibana/kibana" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "7.10.0" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.3" + +# Docker image labels +labels: + org.opencontainers.image.title: "kibana" + ## Human-readable description of the software packaged in the image + # org.opencontainers.image.description: "FIXME" + ## License(s) under which contained software is distributed + # org.opencontainers.image.licenses: "FIXME" + ## URL to find more information on the image + # org.opencontainers.image.url: "FIXME" + ## Name of the distributing entity, organization or individual + # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.version: "7.10.0" + ## Keywords to help with search (ex. "cicd,gitops,golang") + # mil.dso.ironbank.image.keywords: "FIXME" + ## This value can be "opensource" or "commercial" + # mil.dso.ironbank.image.type: "FIXME" + ## Product the image belongs to for grouping multiple images + # mil.dso.ironbank.product.name: "FIXME" + +# List of resources to make available to the offline build context +resources: +- filename: kibana-7.10.0-linux-x86_64.tar.gz + url: https://artifacts.elastic.co/downloads/kibana/kibana-7.10.0-linux-x86_64.tar.gz + validation: + type: sha512 + value: 385fe5d875ba074e0931a1e9ebbac8e3d91d300ca478f589da06b01c68e4694c5953a538afd6c385bdccec0f0d3cda1a5dc39f1b56e41d584cdcab8fba466677 +- filename: dumb-init + url: https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64 + validation: + type: sha256 + value: 37f2c1f0372a45554f1b89924fbb134fc24c3756efaedf11e07f599494e0eff9 + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "nassim.kammah@elastic.co" +# # The name of the current container owner +# name: "FIXME" +# # The gitlab username of the current container owner +# username: "FIXME" +# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +# - name: "FIXME" +# username: "FIXME" +# email: "FIXME" -- GitLab From 225a83d95d714170394040100756fd01d7adbe6b Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Thu, 14 Jan 2021 12:23:03 -0800 Subject: [PATCH 2/5] Updates labels/maintainers Signed-off-by: Tyler Smalley --- hardening_manifest.yaml | 38 ++++++++++++-------------------------- 1 file changed, 12 insertions(+), 26 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ad3044e..5f1fd19 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -19,21 +19,14 @@ args: # Docker image labels labels: org.opencontainers.image.title: "kibana" - ## Human-readable description of the software packaged in the image - # org.opencontainers.image.description: "FIXME" - ## License(s) under which contained software is distributed - # org.opencontainers.image.licenses: "FIXME" - ## URL to find more information on the image - # org.opencontainers.image.url: "FIXME" - ## Name of the distributing entity, organization or individual - # org.opencontainers.image.vendor: "FIXME" - org.opencontainers.image.version: "7.10.0" - ## Keywords to help with search (ex. "cicd,gitops,golang") - # mil.dso.ironbank.image.keywords: "FIXME" - ## This value can be "opensource" or "commercial" - # mil.dso.ironbank.image.type: "FIXME" - ## Product the image belongs to for grouping multiple images - # mil.dso.ironbank.product.name: "FIXME" + org.opencontainers.image.description: "Your window into the Elastic Stack." + org.opencontainers.image.licenses: "Elastic License" + org.opencontainers.image.url: "https://www.elastic.co/products/kibana" + org.opencontainers.image.vendor: "Elastic" + org.opencontainers.image.version: "7.10.1" + # mil.dso.ironbank.image.keywords: "" + # mil.dso.ironbank.image.type: "commercial" + mil.dso.ironbank.product.name: "Kibana" # List of resources to make available to the offline build context resources: @@ -49,15 +42,8 @@ resources: value: 37f2c1f0372a45554f1b89924fbb134fc24c3756efaedf11e07f599494e0eff9 # List of project maintainers -# FIXME: Fill in the following details for the current container owner in the whitelist -# FIXME: Include any other vendor information if applicable maintainers: -- email: "nassim.kammah@elastic.co" -# # The name of the current container owner -# name: "FIXME" -# # The gitlab username of the current container owner -# username: "FIXME" -# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT -# - name: "FIXME" -# username: "FIXME" -# email: "FIXME" +- name: "Tyler Smalley" + email: "tyler.smalley@elastic.co" + username: "tylersmalley" + cht_member: false -- GitLab From 43e1eb37ac0cf220c0ce6bc48065ecfedf4717c2 Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Thu, 14 Jan 2021 12:23:18 -0800 Subject: [PATCH 3/5] Updates resources for 7.10.1 Signed-off-by: Tyler Smalley --- hardening_manifest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 5f1fd19..697880d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -30,11 +30,11 @@ labels: # List of resources to make available to the offline build context resources: -- filename: kibana-7.10.0-linux-x86_64.tar.gz - url: https://artifacts.elastic.co/downloads/kibana/kibana-7.10.0-linux-x86_64.tar.gz +- filename: kibana-7.10.1-linux-x86_64.tar.gz + url: https://artifacts.elastic.co/downloads/kibana/kibana-7.10.1-linux-x86_64.tar.gz validation: type: sha512 - value: 385fe5d875ba074e0931a1e9ebbac8e3d91d300ca478f589da06b01c68e4694c5953a538afd6c385bdccec0f0d3cda1a5dc39f1b56e41d584cdcab8fba466677 + value: bf332b3c13c4d71d3e6a1e8b68cca85b215151b5130f862ea14c548f72bca0978829cd49af8d8e9ce1bc46098c65add7d8a0cf5ec4767b219a0cd7474ec78f11 - filename: dumb-init url: https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64 validation: -- GitLab From 58adb819eb0f1cd8a6c9629d3e95c5de68fc565b Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Thu, 14 Jan 2021 12:30:02 -0800 Subject: [PATCH 4/5] Update tag to reflect 7.10.1 Signed-off-by: Tyler Smalley --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 697880d..20c040a 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "elastic/kibana/kibana" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "7.10.0" +- "7.10.1" - "latest" # Build args passed to Dockerfile ARGs -- GitLab From 093b9c2f0888acb7b2077686885d4e5e53e03528 Mon Sep 17 00:00:00 2001 From: "alexander.klepal" Date: Fri, 15 Jan 2021 15:20:21 +0000 Subject: [PATCH 5/5] Update hardening_manifest.yaml --- hardening_manifest.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 20c040a..7be6f06 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -43,7 +43,12 @@ resources: # List of project maintainers maintainers: -- name: "Tyler Smalley" - email: "tyler.smalley@elastic.co" +- email: "tyler.smalley@elastic.co" + name: "Tyler Smalley" username: "tylersmalley" cht_member: false +- email: "klepal_alexander@bah.com" + name: "Alexander Klepal" + username: "alexander.klepal" + cht_member: true + -- GitLab