From 25c786f7a1fc868cf53cca48ac53ec1f3110236f Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Thu, 6 May 2021 16:28:09 -1000 Subject: [PATCH 1/4] updating to package script and manifest. --- hardening_manifest.yaml | 8 +++---- scripts/Dockerfile.packages | 19 +++++++-------- scripts/repackage.sh | 47 +++++++++++++++++++++++-------------- 3 files changed, 42 insertions(+), 32 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 4b138ae..2de0363 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "galvanize/galvanize/java-code-evaluator" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "0.1.0" +- "0.1.1" - "latest" # Build args passed to Dockerfile ARGs @@ -23,7 +23,7 @@ labels: org.opencontainers.image.licenses: "proprietary" org.opencontainers.image.url: "https://www.galvanize.com" org.opencontainers.image.vendor: "Galvanize" - org.opencontainers.image.version: "0.1.0" + org.opencontainers.image.version: "0.1.1" mil.dso.ironbank.image.keywords: "lms,learn,galvanize,online,classes,remote,learning" mil.dso.ironbank.image.type: "commercial" mil.dso.ironbank.product.name: "Learn" @@ -34,11 +34,11 @@ resources: type: s3 id: galvanize region: us-gov-west-1 - url: s3://learn-dependencies/java-evaluator/redis-cli.tar.gz + url: s3://learn-dependencies/java-evaluator/redis-cli-0.1.1.tar.gz filename: redis-cli.tar.gz validation: type: sha256 - value: 656bf2fc3f4e63bb4ee96744a550a875b316e3f99da241a378a63db47b91e1ee + value: 2d5327e9f604d11db807680bdcd1ac487348682986bda0626742944e63fa64d6 - auth: type: s3 id: galvanize diff --git a/scripts/Dockerfile.packages b/scripts/Dockerfile.packages index 1460416..5fb5ceb 100644 --- a/scripts/Dockerfile.packages +++ b/scripts/Dockerfile.packages @@ -16,18 +16,15 @@ RUN dnf update -y \ # Setup our environment WORKDIR /app -# Redis +# Download Redis. RUN curl -L http://download.redis.io/redis-stable.tar.gz -o redis-stable.tar.gz \ - && tar xzf redis-stable.tar.gz - -WORKDIR /app/redis-stable -RUN make redis-cli - -WORKDIR /app/redis-stable/src -RUN tar czf redis-cli.tar.gz redis-cli \ - && mv redis-cli.tar.gz /app/ - -WORKDIR /app + && tar xzf redis-stable.tar.gz \ + && cd /app/redis-stable \ + && make redis-cli \ + && cd /app/redis-stable/src \ + && tar czf redis-cli.tar.gz redis-cli \ + && mv redis-cli.tar.gz /app/ \ + && cd /app # Add write permissions. RUN chown -R 1000 . diff --git a/scripts/repackage.sh b/scripts/repackage.sh index 159aad6..71f8dc0 100755 --- a/scripts/repackage.sh +++ b/scripts/repackage.sh @@ -7,40 +7,53 @@ BASE_TAG=6.8.3 # This is the profile name in your aws credentials file. DEPENDENCY_FOLDER=build_dependencies -AWS_PROFILE_NAME=revacomm -AWS_BUCKET_NAME=learn-dependencies/java-evaluator +AWS_PROFILE_NAME=rc-govcloud +AWS_BUCKET_URL=s3://learn-dependencies/java-evaluator AWS_REGION=us-gov-west-1 +VERSION_NUMBER=$(yq e '.tags[0]' ../hardening_manifest.yaml) +IMAGE_TAG=java-evaluator-tag echo "Clearing dependency folder." rm -rf $DEPENDENCY_FOLDER mkdir $DEPENDENCY_FOLDER -echo "Building docker image." -IMAGE_ID=$(docker build --file Dockerfile.packages . -q \ +echo "Building docker image with tag: $IMAGE_TAG" +docker build -t $IMAGE_TAG \ + --file Dockerfile.packages . -q \ --build-arg BASE_REGISTRY=$BASE_REGISTRY \ --build-arg BASE_IMAGE=$BASE_IMAGE \ - --build-arg BASE_TAG=$BASE_TAG) -echo "Image ID: ${IMAGE_ID}" + --build-arg BASE_TAG=$BASE_TAG echo "Starting docker container." -CONTAINER_ID=$(docker run -d $IMAGE_ID) -echo "Container ID: ${CONTAINER_ID}" +CONTAINER_ID=$(docker run -d $IMAGE_TAG) -echo "Copying node modules and gems to the bundles directory." -docker cp $CONTAINER_ID:/app/redis-cli.tar.gz $DEPENDENCY_FOLDER/redis-cli.tar.gz +if [ -z "$CONTAINER_ID" ]; then + echo "[ERROR] - Failed to start the docker container. Exiting.." + exit +else + echo "Container ID: ${CONTAINER_ID}" +fi + +echo "Copying redis cli to the dependency directory." +docker cp "$CONTAINER_ID:/app/redis-cli.tar.gz" "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz" || exit echo "Stopping the docker container." -docker stop "$CONTAINER_ID" +docker kill "$CONTAINER_ID" echo "Uploading all the build dependencies to AWS." -aws s3 sync $DEPENDENCY_FOLDER s3://$AWS_BUCKET_NAME --delete --profile $AWS_PROFILE_NAME --region $AWS_REGION +aws s3 sync $DEPENDENCY_FOLDER $AWS_BUCKET_URL --profile $AWS_PROFILE_NAME --region $AWS_REGION || exit + +echo " Getting Checksums." +REDIS_CHECKSUM=$(sha256sum "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz" | awk '{ print $1 }') +echo "Redis CLI Checksum: ${REDIS_CHECKSUM}" -echo "Checksums:" -cd $DEPENDENCY_FOLDER -sha256sum redis-cli.tar.gz -cd .. +echo "Updating the hardening_manifest.yaml file." +REDIS_PREV_SHA=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").validation.value' ../hardening_manifest.yaml) +REDIS_PREV_URL=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").url' ../hardening_manifest.yaml) +sed -i '' -e "s|$REDIS_PREV_SHA|$REDIS_CHECKSUM|g" ../hardening_manifest.yaml +sed -i '' -e "s|$REDIS_PREV_URL|${AWS_BUCKET_URL}/redis-cli-${VERSION_NUMBER}.tar.gz|g" ../hardening_manifest.yaml echo "Removing dependency folder." rm -rf $DEPENDENCY_FOLDER -echo "Done!" \ No newline at end of file +echo "Done!" -- GitLab From 4db0be7910badc1ef8a69cec14d12e21806023c4 Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Fri, 7 May 2021 14:07:01 -1000 Subject: [PATCH 2/4] removing cache --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3951229..c322525 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 # Make sure we are up to date. -RUN dnf update -y && dnf clean all +RUN dnf update -y && dnf clean all && rm -rf /var/cache/dnf # Copy in the project files. COPY ./scripts \ -- GitLab From c0cb5d2f565ccf47a551f94b9ab468c75f7b0d4d Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Mon, 10 May 2021 15:03:01 -1000 Subject: [PATCH 3/4] Updating repackage scripts. Updating all libs. changing lib references. --- .gitignore | 3 ++- Dockerfile | 14 +++++------ hardening_manifest.yaml | 8 +++--- scripts/build.gradle | 18 ++++++------- scripts/local-install.sh | 42 +++++++++++++++++++++++++++++++ scripts/process_job/build.gradle | 2 +- scripts/repackage.sh | 11 ++++++++ scripts/send_results/build.gradle | 10 ++++---- 8 files changed, 80 insertions(+), 28 deletions(-) create mode 100755 scripts/local-install.sh diff --git a/.gitignore b/.gitignore index b9e1e7d..85e861a 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,5 @@ gradle build_dependencies libs jars.tar.gz -redis-cli.tar.gz \ No newline at end of file +redis-cli.tar.gz +libs.tar.gz \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index c322525..a3fbdbb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,19 @@ ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=opensource/gradle/gradle-jre11 +ARG BASE_IMAGE=ironbank/opensource/gradle/gradle-jre11 ARG BASE_TAG=6.8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER 0 # Make sure we are up to date. -RUN dnf update -y && dnf clean all && rm -rf /var/cache/dnf +RUN dnf update -y && \ + dnf clean all && \ + rm -rf /var/cache/dnf # Copy in the project files. COPY ./scripts \ redis-cli.tar.gz \ - jars.tar.gz /app/ + libs.tar.gz /app/ # Set workdir. WORKDIR /app @@ -20,11 +22,7 @@ WORKDIR /app RUN tar xzf redis-cli.tar.gz \ && rm redis-cli.tar.gz \ && mv redis-cli /usr/local/bin/redis-cli \ - && tar xzf jars.tar.gz && rm jars.tar.gz \ - && mkdir libs && mv jars/main/* libs/ \ - && mkdir process_job/libs && mv jars/process_job/* process_job/libs/ \ - && mkdir send_results/libs && mv jars/send_results/* send_results/libs/ \ - && rm -rf jars \ + && tar xzf libs.tar.gz && rm libs.tar.gz \ && chown -R 1000 /app \ && chmod 0555 /app/get-job.sh diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 2de0363..72345ed 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -38,16 +38,16 @@ resources: filename: redis-cli.tar.gz validation: type: sha256 - value: 2d5327e9f604d11db807680bdcd1ac487348682986bda0626742944e63fa64d6 + value: af6c9ab5bb1c0b4999cac6f079e8094b84bd9565da8d56b012a3c7b7c60b8fef - auth: type: s3 id: galvanize region: us-gov-west-1 - url: s3://learn-dependencies/java-evaluator/jars.tar.gz - filename: jars.tar.gz + url: s3://learn-dependencies/java-evaluator/libs-0.1.1.tar.gz + filename: libs.tar.gz validation: type: sha256 - value: 179f64dd1799517dbec988e8f54be50496bc7dc093dadcd43ce758d103644357 + value: d57179d55593c3768c8d0f73c80a2c69fb77f061d9baece467ecc2f961caa458 # List of project maintainers maintainers: diff --git a/scripts/build.gradle b/scripts/build.gradle index 7a6a8af..e80b5f1 100755 --- a/scripts/build.gradle +++ b/scripts/build.gradle @@ -4,15 +4,15 @@ apply plugin: 'java' dependencies { testImplementation files( - 'libs/apiguardian-api-1.1.0.jar', - 'libs/hamcrest-all-1.3.jar', - 'libs/junit-jupiter-api-5.7.0.jar', - 'libs/junit-jupiter-engine-5.7.0.jar', - 'libs/junit-platform-commons-1.7.0.jar', - 'libs/junit-platform-engine-1.7.0.jar', - 'libs/opentest4j-1.2.0.jar', - 'libs/commons-codec-1.15.jar', - 'libs/commons-logging-1.1.2.jar' + 'libs/apiguardian-api.jar', + 'libs/hamcrest-all.jar', + 'libs/junit-jupiter-api.jar', + 'libs/junit-jupiter-engine.jar', + 'libs/junit-platform-commons.jar', + 'libs/junit-platform-engine.jar', + 'libs/opentest4j.jar', + 'libs/commons-codec.jar', + 'libs/commons-logging.jar' ) } diff --git a/scripts/local-install.sh b/scripts/local-install.sh new file mode 100755 index 0000000..c27a8e6 --- /dev/null +++ b/scripts/local-install.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +# Load Version Numbers. +API_GUARDIAN_VERSION=1.1.1 +COMMONS_CODEC_VERSION=1.15 +COMMONS_LOGGING_VERSION=1.2 +HAMCREST_VERSION=1.3 +HTTP_CLIENT_VERSION=4.5.13 +HTTP_CORE_VERSION=4.4.14 +JSON_VERSION=20210307 +JUNIT_JUPITER_API_VERSION=5.7.1 +JUNIT_JUPITER_ENGINE_VERSION=5.7.1 +JUNIT_PLATFORM_COMMONS_VERSION=1.7.1 +JUNIT_PLATFORM_ENGINE_VERSION=1.7.1 +OPENTEST4J_VERSION=1.2.0 + +# Deps Directory. +LIB_DIR="./libs" + +# Cleanup Old Directory. +if [ -d ${LIB_DIR} ]; then + echo "Deleting old local dependency directory." + rm -rf ${LIB_DIR} +fi + +echo "Creating local dependency directory and changing directory." +mkdir ${LIB_DIR} +cd "${LIB_DIR}" || exit + +echo "Downloading all libs." +curl -L https://repo1.maven.org/maven2/org/apiguardian/apiguardian-api/${API_GUARDIAN_VERSION}/apiguardian-api-${API_GUARDIAN_VERSION}.jar -o apiguardian-api.jar +curl -L https://repo1.maven.org/maven2/commons-codec/commons-codec/${COMMONS_CODEC_VERSION}/commons-codec-${COMMONS_CODEC_VERSION}.jar -o commons-codec.jar +curl -L https://repo1.maven.org/maven2/commons-logging/commons-logging/${COMMONS_LOGGING_VERSION}/commons-logging-${COMMONS_LOGGING_VERSION}.jar -o commons-logging.jar +curl -L https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/${HAMCREST_VERSION}/hamcrest-all-${HAMCREST_VERSION}.jar -o hamcrest-all.jar +curl -L https://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/${HTTP_CLIENT_VERSION}/httpclient-${HTTP_CLIENT_VERSION}.jar -o httpclient.jar +curl -L https://repo1.maven.org/maven2/org/apache/httpcomponents/httpcore/${HTTP_CORE_VERSION}/httpcore-${HTTP_CORE_VERSION}.jar -o httpcore.jar +curl -L https://repo1.maven.org/maven2/org/json/json/${JSON_VERSION}/json-${JSON_VERSION}.jar -o json.jar +curl -L https://repo1.maven.org/maven2/org/junit/jupiter/junit-jupiter-api/${JUNIT_JUPITER_API_VERSION}/junit-jupiter-api-${JUNIT_JUPITER_API_VERSION}.jar -o junit-jupiter-api.jar +curl -L https://repo1.maven.org/maven2/org/junit/jupiter/junit-jupiter-engine/${JUNIT_JUPITER_ENGINE_VERSION}/junit-jupiter-engine-${JUNIT_JUPITER_ENGINE_VERSION}.jar -o junit-jupiter-engine.jar +curl -L https://repo1.maven.org/maven2/org/junit/platform/junit-platform-commons/${JUNIT_PLATFORM_COMMONS_VERSION}/junit-platform-commons-${JUNIT_PLATFORM_COMMONS_VERSION}.jar -o junit-platform-commons.jar +curl -L https://repo1.maven.org/maven2/org/junit/platform/junit-platform-engine/${JUNIT_PLATFORM_ENGINE_VERSION}/junit-platform-engine-${JUNIT_PLATFORM_ENGINE_VERSION}.jar -o junit-platform-engine.jar +curl -L https://repo1.maven.org/maven2/org/opentest4j/opentest4j/${OPENTEST4J_VERSION}/opentest4j-${OPENTEST4J_VERSION}.jar -o opentest4j.jar \ No newline at end of file diff --git a/scripts/process_job/build.gradle b/scripts/process_job/build.gradle index edd0e85..cfe2079 100644 --- a/scripts/process_job/build.gradle +++ b/scripts/process_job/build.gradle @@ -3,7 +3,7 @@ apply plugin: 'java' mainClassName = 'com.galvanize.processjob.ProcessJob' dependencies { - implementation files('libs/org.json-2.0.jar') + implementation files('../libs/json.jar') } jar { diff --git a/scripts/repackage.sh b/scripts/repackage.sh index 71f8dc0..2546057 100755 --- a/scripts/repackage.sh +++ b/scripts/repackage.sh @@ -40,18 +40,29 @@ docker cp "$CONTAINER_ID:/app/redis-cli.tar.gz" "$DEPENDENCY_FOLDER/redis-cli-${ echo "Stopping the docker container." docker kill "$CONTAINER_ID" +echo "Installing all jar files." +./local-install.sh || exit +tar czf libs.tar.gz libs +mv libs.tar.gz "$DEPENDENCY_FOLDER/libs-${VERSION_NUMBER}.tar.gz" || exit + echo "Uploading all the build dependencies to AWS." aws s3 sync $DEPENDENCY_FOLDER $AWS_BUCKET_URL --profile $AWS_PROFILE_NAME --region $AWS_REGION || exit echo " Getting Checksums." REDIS_CHECKSUM=$(sha256sum "$DEPENDENCY_FOLDER/redis-cli-${VERSION_NUMBER}.tar.gz" | awk '{ print $1 }') +LIBS_CHECKSUM=$(sha256sum "$DEPENDENCY_FOLDER/libs-${VERSION_NUMBER}.tar.gz" | awk '{ print $1 }') echo "Redis CLI Checksum: ${REDIS_CHECKSUM}" +echo "Libs Checksum: ${LIBS_CHECKSUM}" echo "Updating the hardening_manifest.yaml file." REDIS_PREV_SHA=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").validation.value' ../hardening_manifest.yaml) REDIS_PREV_URL=$(yq eval '.resources[] | select(.filename == "redis-cli.tar.gz").url' ../hardening_manifest.yaml) sed -i '' -e "s|$REDIS_PREV_SHA|$REDIS_CHECKSUM|g" ../hardening_manifest.yaml sed -i '' -e "s|$REDIS_PREV_URL|${AWS_BUCKET_URL}/redis-cli-${VERSION_NUMBER}.tar.gz|g" ../hardening_manifest.yaml +LIBS_PREV_SHA=$(yq eval '.resources[] | select(.filename == "libs.tar.gz").validation.value' ../hardening_manifest.yaml) +LIBS_PREV_URL=$(yq eval '.resources[] | select(.filename == "libs.tar.gz").url' ../hardening_manifest.yaml) +sed -i '' -e "s|$LIBS_PREV_SHA|$LIBS_CHECKSUM|g" ../hardening_manifest.yaml +sed -i '' -e "s|$LIBS_PREV_URL|${AWS_BUCKET_URL}/libs-${VERSION_NUMBER}.tar.gz|g" ../hardening_manifest.yaml echo "Removing dependency folder." rm -rf $DEPENDENCY_FOLDER diff --git a/scripts/send_results/build.gradle b/scripts/send_results/build.gradle index 46843dd..064ae5d 100644 --- a/scripts/send_results/build.gradle +++ b/scripts/send_results/build.gradle @@ -4,11 +4,11 @@ mainClassName = 'com.galvanize.sendresults.SendResults' dependencies { implementation files( - 'libs/org.json-2.0.jar', - 'libs/httpcore-4.4.13.jar', - 'libs/httpclient-4.5.13.jar', - 'libs/commons-logging-1.1.2.jar', - 'libs/commons-codec-1.15.jar' + '../libs/json.jar', + '../libs/httpcore.jar', + '../libs/httpclient.jar', + '../libs/commons-logging.jar', + '../libs/commons-codec.jar' ) } -- GitLab From ebe6e5497d60bc59ad71dca3aff6b672834c1164 Mon Sep 17 00:00:00 2001 From: Michael Uranaka Date: Mon, 10 May 2021 15:11:14 -1000 Subject: [PATCH 4/4] removing ironbank from docker image name --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a3fbdbb..3b024ce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG BASE_REGISTRY=registry1.dso.mil -ARG BASE_IMAGE=ironbank/opensource/gradle/gradle-jre11 +ARG BASE_IMAGE=opensource/gradle/gradle-jre11 ARG BASE_TAG=6.8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -- GitLab