From 9ff173bbbfe604f39d971ef2db3b4d6fe721c565 Mon Sep 17 00:00:00 2001 From: Salvador Orozco Villalever Date: Mon, 17 May 2021 11:52:08 -0700 Subject: [PATCH 1/4] Update hardening_manifest.yaml to consume SQL Server 2019 CU10 tar files. --- .gitignore | 5 ++++- hardening_manifest.yaml | 34 +++++++++++++++------------------- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/.gitignore b/.gitignore index 8908f3d..af7560d 100755 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,7 @@ # Scripts download-tar-files.sh build-container-image.sh -send-merge-request-to-gitlab.sh \ No newline at end of file +send-merge-request-to-gitlab.sh + +# Log files +build.log \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index d86db88..589a0b2 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "microsoft/microsoft/microsoft-sql-server-2019-rhel8" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "2019-CU8-rhel-8" +- "2019-CU10-rhel-8" - "latest" # Build args passed to Dockerfile ARGs @@ -21,7 +21,7 @@ labels: # Name of the image org.opencontainers.image.title: "microsoft-sql-server-2019-rhel8" # Human-readable description of the software packaged in the image - org.opencontainers.image.description: "SQL Server 2019 on RHEL8 Image" + org.opencontainers.image.description: "Container image of SQL Server 2019 CU10 on RHEL 8. SQL Server is a relational database management system (RDBMS) developed by Microsoft." # License(s) under which contained software is distributed org.opencontainers.image.licenses: "Developer, Enterprise Core, Enterprise, Evaluation, Express, Standard, Web" # URL to find more information on the image @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Microsoft Corporation" # Authoritative version of the software - org.opencontainers.image.version: "2019-CU8-rhel-8" + org.opencontainers.image.version: "2019-CU10-rhel-8" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "database,db,sql,relational database,container,analytics,storage,security" # This value can be "opensource" or "commercial" @@ -37,21 +37,6 @@ labels: # Product the image belongs to for grouping multiple images mil.dso.ironbank.product.name: "microsoft/microsoft" -# List of resources to make available to the offline build context -resources: - - url: "https://hlspubdist.blob.core.windows.net/15d0d4073d23-4/mssql-server-2019-cu8/15.0.4073.23-4/rhel8-dsop/rpms.tar.gz" - filename: "rpms.tar.gz" # [required field] desired staging name for the build context - validation: - type: "sha512" # supported: sha256, sha512 - value: "77d2f69325f18be43eceb5064f4836515c19dc58d94f9fe2d4fd113e76dc114dedbae6d453b38bde811d551a20d0f1aaff19ae68ccde51f2778002c867871287" # must be lowercase - - url: "https://hlspubdist.blob.core.windows.net/15d0d4073d23-4/mssql-server-2019-cu8/15.0.4073.23-4/rhel8-dsop/install.tar.gz" - filename: "install.tar.gz" - validation: - type: "sha512" - value: "6e0d5030711e87d1e1c591100316e3bb810cd5d51a139c9d5a69476bd701f0107b6bf869728480e9d14c0b49eddfb72882cd3f2dcb70dfbe1e6619f46c35d593" - # if the file you pull is from a github repo, make sure this is the official repo for that file, - # and indicate that in a comment in this file - # List of project maintainers maintainers: - email: "saorozco@microsoft.com" @@ -59,4 +44,15 @@ maintainers: name: "Salvador Orozco Villalever" # The gitlab username of the current container owner username: "saorozco_msft" - cht_member: false # NOTE: Include if the maintainer is a member of CHT + +resources: + - url: "https://hlspubdist.blob.core.windows.net/15d0d4123d1-5/mssql-server-2019-cu10/15.0.4123.1-5/rhel8-dsop/rpms.tar.gz" + filename: "rpms.tar.gz" + validation: + type: "sha512" + value: "42034b3f6d04e4045af1dc89c28cd0355069948eebc200f68a3333d0b2cef0a181f46f0459d57b4512f8997f329a271031ffbe3b684ed5d4cf2903c8255ba480" + - url: "https://hlspubdist.blob.core.windows.net/15d0d4123d1-5/mssql-server-2019-cu10/15.0.4123.1-5/rhel8-dsop/install.tar.gz" + filename: "install.tar.gz" + validation: + type: "sha512" + value: "00643a08ae7be9a22a51bfc510cc048ac6958396287f1572a4798c246b6adb88e40263e631be09a06b655542f4f7553f5b77dec519a35b014cfadc3e6f0e44be" -- GitLab From bab99a06c07ebf557d1b471de0ba18b4bf28ecce Mon Sep 17 00:00:00 2001 From: Salvador Orozco Villalever Date: Wed, 18 Aug 2021 15:22:15 -0700 Subject: [PATCH 2/4] Add hardening_manifest.yaml file for SQL Server 2019 CU12. --- hardening_manifest.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 589a0b2..50f0806 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,20 +8,20 @@ name: "microsoft/microsoft/microsoft-sql-server-2019-rhel8" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "2019-CU10-rhel-8" +- "2019-CU12-rhel-8" - "latest" # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_TAG: "8.4" # Docker image labels labels: # Name of the image org.opencontainers.image.title: "microsoft-sql-server-2019-rhel8" # Human-readable description of the software packaged in the image - org.opencontainers.image.description: "Container image of SQL Server 2019 CU10 on RHEL 8. SQL Server is a relational database management system (RDBMS) developed by Microsoft." + org.opencontainers.image.description: "Container image of SQL Server 2019 CU12 on RHEL 8. SQL Server is a relational database management system (RDBMS) developed by Microsoft." # License(s) under which contained software is distributed org.opencontainers.image.licenses: "Developer, Enterprise Core, Enterprise, Evaluation, Express, Standard, Web" # URL to find more information on the image @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Microsoft Corporation" # Authoritative version of the software - org.opencontainers.image.version: "2019-CU10-rhel-8" + org.opencontainers.image.version: "2019-CU12-rhel-8" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "database,db,sql,relational database,container,analytics,storage,security" # This value can be "opensource" or "commercial" @@ -46,13 +46,13 @@ maintainers: username: "saorozco_msft" resources: - - url: "https://hlspubdist.blob.core.windows.net/15d0d4123d1-5/mssql-server-2019-cu10/15.0.4123.1-5/rhel8-dsop/rpms.tar.gz" - filename: "rpms.tar.gz" + - url: "https://hlspubdist.blob.core.windows.net/15d0d4153d1-6/mssql-server-2019-cu12/15.0.4153.1-6/rhel8-dsop/install.tar.gz" + filename: "install.tar.gz" validation: type: "sha512" - value: "42034b3f6d04e4045af1dc89c28cd0355069948eebc200f68a3333d0b2cef0a181f46f0459d57b4512f8997f329a271031ffbe3b684ed5d4cf2903c8255ba480" - - url: "https://hlspubdist.blob.core.windows.net/15d0d4123d1-5/mssql-server-2019-cu10/15.0.4123.1-5/rhel8-dsop/install.tar.gz" - filename: "install.tar.gz" + value: "0b1133faf2398c2ff3430dbb1a47d5e93f91c755e5fdd2058b13ced1a20de64a9ec57fec0750c12857780de5a7a41832110ecee40537e9faaf57410121453439" + - url: "https://hlspubdist.blob.core.windows.net/15d0d4153d1-6/mssql-server-2019-cu12/15.0.4153.1-6/rhel8-dsop/rpms.tar.gz" + filename: "rpms.tar.gz" validation: type: "sha512" - value: "00643a08ae7be9a22a51bfc510cc048ac6958396287f1572a4798c246b6adb88e40263e631be09a06b655542f4f7553f5b77dec519a35b014cfadc3e6f0e44be" + value: "1ea5fc893ac3a18a9765d53788b2a564872cf0c83c8e5e67e1de2c8344e0ecc1cbe4fa2e8ae01973983f39533ffa254a64378d1441ba314111ce6ccb81cef351" -- GitLab From c78c58dc0aea03d739bb7cdfb1ddee88d7269d68 Mon Sep 17 00:00:00 2001 From: Andy Maksymowicz Date: Mon, 23 Aug 2021 19:23:18 +0000 Subject: [PATCH 3/4] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e17d90b..dda6cc8 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ # These three ARGs must point to an Iron Bank image - the BASE_REGISTRY should always be what is written below; please use # '--build-arg' when building locally to replace these values. # -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.3 +ARG BASE_TAG=8.4 # FROM statement must reference the base image using the three ARGs established. # -- GitLab From 714b7a8bab224b7b00960a84765cd9b19c0cce1a Mon Sep 17 00:00:00 2001 From: Salvador Orozco Villalever Date: Mon, 23 Aug 2021 23:38:45 +0000 Subject: [PATCH 4/4] Remove unnecessary glibc-devel and its dependencies --- scripts/install_external.sh | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/install_external.sh b/scripts/install_external.sh index ab09e15..3ac99f4 100644 --- a/scripts/install_external.sh +++ b/scripts/install_external.sh @@ -140,15 +140,20 @@ function performPreInstallationTasksForExternalBuild() function installPackages() { if [ "$PLATFORM_NAME" == "$RHEL8" ]; then - ACCEPT_EULA=Y dnf -q -y --disableplugin=subscription-manager install \ - $(getListOfPackagesToInstall) - - elif [ "$PLATFORM_NAME" == "$RHEL7" ]; then - ACCEPT_EULA=Y yum -y --nogpgcheck install \ + ACCEPT_EULA=Y dnf -q -y -v --disableplugin=subscription-manager install \ $(getListOfPackagesToInstall) fi } +# Function that removes packages from the container image +# which are not actually needed. +# +function removeUnnecessaryPackages() +{ + dnf remove -y -v \ + glibc-devel +} + # Function that performs post-installation tasks # common across build environments. # @@ -181,6 +186,8 @@ function performCommonPostInstallationTasks # Remove files from /tmp. # rm -rf /tmp/* + + removeUnnecessaryPackages } # Function that drives the installation of packages -- GitLab