diff --git a/.gitignore b/.gitignore index 8908f3dfa7a9411772d4b0582cc241090bef7b91..af7560dcc5876fe9618097ae202ac032f8db1bdb 100755 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,7 @@ # Scripts download-tar-files.sh build-container-image.sh -send-merge-request-to-gitlab.sh \ No newline at end of file +send-merge-request-to-gitlab.sh + +# Log files +build.log \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index e17d90ba278c49e313261d794a7e29ac5d0ec4c5..dda6cc87f9a290b67376569b3b47f21760df666e 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ # These three ARGs must point to an Iron Bank image - the BASE_REGISTRY should always be what is written below; please use # '--build-arg' when building locally to replace these values. # -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.3 +ARG BASE_TAG=8.4 # FROM statement must reference the base image using the three ARGs established. # diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index d86db88bc995befa26da5eb20e2b20e8bc70b27d..50f080682aa28e2e733d859283bdf7b4826f2a20 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,20 +8,20 @@ name: "microsoft/microsoft/microsoft-sql-server-2019-rhel8" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "2019-CU8-rhel-8" +- "2019-CU12-rhel-8" - "latest" # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_TAG: "8.4" # Docker image labels labels: # Name of the image org.opencontainers.image.title: "microsoft-sql-server-2019-rhel8" # Human-readable description of the software packaged in the image - org.opencontainers.image.description: "SQL Server 2019 on RHEL8 Image" + org.opencontainers.image.description: "Container image of SQL Server 2019 CU12 on RHEL 8. SQL Server is a relational database management system (RDBMS) developed by Microsoft." # License(s) under which contained software is distributed org.opencontainers.image.licenses: "Developer, Enterprise Core, Enterprise, Evaluation, Express, Standard, Web" # URL to find more information on the image @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Microsoft Corporation" # Authoritative version of the software - org.opencontainers.image.version: "2019-CU8-rhel-8" + org.opencontainers.image.version: "2019-CU12-rhel-8" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "database,db,sql,relational database,container,analytics,storage,security" # This value can be "opensource" or "commercial" @@ -37,21 +37,6 @@ labels: # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "microsoft/microsoft" -# List of resources to make available to the offline build context -resources: - - url: "https://hlspubdist.blob.core.windows.net/15d0d4073d23-4/mssql-server-2019-cu8/15.0.4073.23-4/rhel8-dsop/rpms.tar.gz" - filename: "rpms.tar.gz" # [required field] desired staging name for the build context - validation: - type: "sha512" # supported: sha256, sha512 - value: "77d2f69325f18be43eceb5064f4836515c19dc58d94f9fe2d4fd113e76dc114dedbae6d453b38bde811d551a20d0f1aaff19ae68ccde51f2778002c867871287" # must be lowercase - - url: "https://hlspubdist.blob.core.windows.net/15d0d4073d23-4/mssql-server-2019-cu8/15.0.4073.23-4/rhel8-dsop/install.tar.gz" - filename: "install.tar.gz" - validation: - type: "sha512" - value: "6e0d5030711e87d1e1c591100316e3bb810cd5d51a139c9d5a69476bd701f0107b6bf869728480e9d14c0b49eddfb72882cd3f2dcb70dfbe1e6619f46c35d593" - # if the file you pull is from a github repo, make sure this is the official repo for that file, - # and indicate that in a comment in this file - # List of project maintainers maintainers: - email: "saorozco@microsoft.com" @@ -59,4 +44,15 @@ maintainers: name: "Salvador Orozco Villalever" # The gitlab username of the current container owner username: "saorozco_msft" - cht_member: false # NOTE: Include if the maintainer is a member of CHT + +resources: + - url: "https://hlspubdist.blob.core.windows.net/15d0d4153d1-6/mssql-server-2019-cu12/15.0.4153.1-6/rhel8-dsop/install.tar.gz" + filename: "install.tar.gz" + validation: + type: "sha512" + value: "0b1133faf2398c2ff3430dbb1a47d5e93f91c755e5fdd2058b13ced1a20de64a9ec57fec0750c12857780de5a7a41832110ecee40537e9faaf57410121453439" + - url: "https://hlspubdist.blob.core.windows.net/15d0d4153d1-6/mssql-server-2019-cu12/15.0.4153.1-6/rhel8-dsop/rpms.tar.gz" + filename: "rpms.tar.gz" + validation: + type: "sha512" + value: "1ea5fc893ac3a18a9765d53788b2a564872cf0c83c8e5e67e1de2c8344e0ecc1cbe4fa2e8ae01973983f39533ffa254a64378d1441ba314111ce6ccb81cef351" diff --git a/scripts/install_external.sh b/scripts/install_external.sh index ab09e1562f614fb336a3c80988db07597c44b572..3ac99f4535276902dd14f9407a85217067840b79 100644 --- a/scripts/install_external.sh +++ b/scripts/install_external.sh @@ -140,15 +140,20 @@ function performPreInstallationTasksForExternalBuild() function installPackages() { if [ "$PLATFORM_NAME" == "$RHEL8" ]; then - ACCEPT_EULA=Y dnf -q -y --disableplugin=subscription-manager install \ - $(getListOfPackagesToInstall) - - elif [ "$PLATFORM_NAME" == "$RHEL7" ]; then - ACCEPT_EULA=Y yum -y --nogpgcheck install \ + ACCEPT_EULA=Y dnf -q -y -v --disableplugin=subscription-manager install \ $(getListOfPackagesToInstall) fi } +# Function that removes packages from the container image +# which are not actually needed. +# +function removeUnnecessaryPackages() +{ + dnf remove -y -v \ + glibc-devel +} + # Function that performs post-installation tasks # common across build environments. # @@ -181,6 +186,8 @@ function performCommonPostInstallationTasks # Remove files from /tmp. # rm -rf /tmp/* + + removeUnnecessaryPackages } # Function that drives the installation of packages