From b4f8528923575202902ccedacbb7b0bfa341d1a8 Mon Sep 17 00:00:00 2001 From: "sean.melissari" Date: Wed, 19 May 2021 17:27:53 +0000 Subject: [PATCH 1/2] bump ubi 8.4 --- Dockerfile | 25 +-------------------- hardening_manifest.yaml | 49 +---------------------------------------- 2 files changed, 2 insertions(+), 72 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8bdfb9b..5f843f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1 @@ -ARG BASE_REGISTRY=registry1.dsop.io -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 -ARG BASE_TAG=8.3 - -FROM amazon/aws-cli:2.2.5 as cli - -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -COPY --from=cli /usr/local/aws-cli /usr/local/aws-cli - -RUN groupadd -g 1001 awscli && \ - useradd -r -u 1001 -d /aws -m -s /sbin/nologin -g awscli awscli && \ - ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && \ - ln -s /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer && \ - dnf upgrade -y && \ - dnf install -y groff-base less && \ - dnf clean all && \ - rm -rf /var/cache/dnf - -USER 1001 -WORKDIR /aws -HEALTHCHECK NONE - -ENTRYPOINT ["aws"] +b'ARG BASE_REGISTRY=registry1.dsop.io\nARG BASE_IMAGE=ironbank/redhat/ubi/ubi8\nARG BASE_TAG=8.4\n\nFROM amazon/aws-cli:2.2.5 as cli\n\nFROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}\n\nCOPY --from=cli /usr/local/aws-cli /usr/local/aws-cli\n\nRUN groupadd -g 1001 awscli && \\\n useradd -r -u 1001 -d /aws -m -s /sbin/nologin -g awscli awscli && \\\n ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && \\\n ln -s /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer && \\\n dnf upgrade -y && \\\n dnf install -y groff-base less && \\\n dnf clean all && \\\n rm -rf /var/cache/dnf\n\nUSER 1001\nWORKDIR /aws\nHEALTHCHECK NONE\n\nENTRYPOINT ["aws"]\n' \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 672cf61..af93bb4 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,48 +1 @@ ---- -apiVersion: v1 - -# The repository name in registry1, excluding /ironbank/ -name: "opensource/amazon/aws-cli" - -# List of tags to push for the repository in registry1 -# The most specific version should be the first tag and will be shown -# on ironbank.dsop.io -tags: -- "2.2.5" -- "latest" - -# Build args passed to Dockerfile ARGs -args: - BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" - -# Docker image labels -labels: - org.opencontainers.image.title: "aws-cli" - ## Human-readable description of the software packaged in the image - org.opencontainers.image.description: "Universal Command Line Interface for Amazon Web Services." - ## License(s) under which contained software is distributed - org.opencontainers.image.licenses: "Apache-2.0" - ## URL to find more information on the image - org.opencontainers.image.url: "https://github.com/aws/aws-cli" - ## Name of the distributing entity, organization or individual - org.opencontainers.image.vendor: "Amazon" - org.opencontainers.image.version: "2.2.5" - ## Keywords to help with search (ex. "cicd,gitops,golang") - mil.dso.ironbank.image.keywords: "aws,cli" - ## This value can be "opensource" or "commercial" - mil.dso.ironbank.image.type: "opensource" - ## Product the image belongs to for grouping multiple images - mil.dso.ironbank.product.name: "aws" - -# List of resources to make available to the offline build context -resources: -- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7" - tag: "amazon/aws-cli:2.2.5" - -# List of project maintainers -maintainers: -- name: "Sean Melissari" - username: "sean.melissari" - email: "melissari_sean@bah.com" - cht_member: true +b'---\napiVersion: v1\n\n# The repository name in registry1, excluding /ironbank/\nname: "opensource/amazon/aws-cli"\n\n# List of tags to push for the repository in registry1\n# The most specific version should be the first tag and will be shown\n# on ironbank.dsop.io\ntags:\n- "2.2.5"\n- "latest"\n\n# Build args passed to Dockerfile ARGs\nargs:\n BASE_IMAGE: "redhat/ubi/ubi8"\n BASE_TAG: "8.4"\n\n# Docker image labels\nlabels:\n org.opencontainers.image.title: "aws-cli"\n ## Human-readable description of the software packaged in the image\n org.opencontainers.image.description: "Universal Command Line Interface for Amazon Web Services."\n ## License(s) under which contained software is distributed\n org.opencontainers.image.licenses: "Apache-2.0"\n ## URL to find more information on the image\n org.opencontainers.image.url: "https://github.com/aws/aws-cli"\n ## Name of the distributing entity, organization or individual\n org.opencontainers.image.vendor: "Amazon"\n org.opencontainers.image.version: "2.2.5"\n ## Keywords to help with search (ex. "cicd,gitops,golang")\n mil.dso.ironbank.image.keywords: "aws,cli"\n ## This value can be "opensource" or "commercial"\n mil.dso.ironbank.image.type: "opensource"\n ## Product the image belongs to for grouping multiple images\n mil.dso.ironbank.product.name: "aws"\n\n# List of resources to make available to the offline build context\nresources:\n- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7"\n tag: "amazon/aws-cli:2.2.5"\n\n# List of project maintainers\nmaintainers:\n- name: "Sean Melissari"\n username: "sean.melissari"\n email: "melissari_sean@bah.com"\n cht_member: true\n' \ No newline at end of file -- GitLab From 913ef2eb37eaf5eb9a7fa52caf95d6859540786a Mon Sep 17 00:00:00 2001 From: "sean.melissari" Date: Wed, 19 May 2021 17:30:59 +0000 Subject: [PATCH 2/2] bump ubi 8.4 --- Dockerfile | 25 ++++++++++++++++++++- hardening_manifest.yaml | 49 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 72 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5f843f9..7f6369e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1 +1,24 @@ -b'ARG BASE_REGISTRY=registry1.dsop.io\nARG BASE_IMAGE=ironbank/redhat/ubi/ubi8\nARG BASE_TAG=8.4\n\nFROM amazon/aws-cli:2.2.5 as cli\n\nFROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}\n\nCOPY --from=cli /usr/local/aws-cli /usr/local/aws-cli\n\nRUN groupadd -g 1001 awscli && \\\n useradd -r -u 1001 -d /aws -m -s /sbin/nologin -g awscli awscli && \\\n ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && \\\n ln -s /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer && \\\n dnf upgrade -y && \\\n dnf install -y groff-base less && \\\n dnf clean all && \\\n rm -rf /var/cache/dnf\n\nUSER 1001\nWORKDIR /aws\nHEALTHCHECK NONE\n\nENTRYPOINT ["aws"]\n' \ No newline at end of file +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 +ARG BASE_TAG=8.4 + +FROM amazon/aws-cli:2.2.5 as cli + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +COPY --from=cli /usr/local/aws-cli /usr/local/aws-cli + +RUN groupadd -g 1001 awscli && \ + useradd -r -u 1001 -d /aws -m -s /sbin/nologin -g awscli awscli && \ + ln -s /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && \ + ln -s /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer && \ + dnf upgrade -y && \ + dnf install -y groff-base less && \ + dnf clean all && \ + rm -rf /var/cache/dnf + +USER 1001 +WORKDIR /aws +HEALTHCHECK NONE + +ENTRYPOINT ["aws"] diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index af93bb4..8d7c129 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1 +1,48 @@ -b'---\napiVersion: v1\n\n# The repository name in registry1, excluding /ironbank/\nname: "opensource/amazon/aws-cli"\n\n# List of tags to push for the repository in registry1\n# The most specific version should be the first tag and will be shown\n# on ironbank.dsop.io\ntags:\n- "2.2.5"\n- "latest"\n\n# Build args passed to Dockerfile ARGs\nargs:\n BASE_IMAGE: "redhat/ubi/ubi8"\n BASE_TAG: "8.4"\n\n# Docker image labels\nlabels:\n org.opencontainers.image.title: "aws-cli"\n ## Human-readable description of the software packaged in the image\n org.opencontainers.image.description: "Universal Command Line Interface for Amazon Web Services."\n ## License(s) under which contained software is distributed\n org.opencontainers.image.licenses: "Apache-2.0"\n ## URL to find more information on the image\n org.opencontainers.image.url: "https://github.com/aws/aws-cli"\n ## Name of the distributing entity, organization or individual\n org.opencontainers.image.vendor: "Amazon"\n org.opencontainers.image.version: "2.2.5"\n ## Keywords to help with search (ex. "cicd,gitops,golang")\n mil.dso.ironbank.image.keywords: "aws,cli"\n ## This value can be "opensource" or "commercial"\n mil.dso.ironbank.image.type: "opensource"\n ## Product the image belongs to for grouping multiple images\n mil.dso.ironbank.product.name: "aws"\n\n# List of resources to make available to the offline build context\nresources:\n- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7"\n tag: "amazon/aws-cli:2.2.5"\n\n# List of project maintainers\nmaintainers:\n- name: "Sean Melissari"\n username: "sean.melissari"\n email: "melissari_sean@bah.com"\n cht_member: true\n' \ No newline at end of file +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "opensource/amazon/aws-cli" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "2.2.5" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.4" + +# Docker image labels +labels: + org.opencontainers.image.title: "aws-cli" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "Universal Command Line Interface for Amazon Web Services." + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Apache-2.0" + ## URL to find more information on the image + org.opencontainers.image.url: "https://github.com/aws/aws-cli" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Amazon" + org.opencontainers.image.version: "2.2.5" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "aws,cli" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "opensource" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "aws" + +# List of resources to make available to the offline build context +resources: +- url: "docker://docker.io/amazon/aws-cli@sha256:e2dd93a260d207246cbfd8ea305b560b72e094a1a410ec5dfe90328dd386d0a7" + tag: "amazon/aws-cli:2.2.5" + +# List of project maintainers +maintainers: +- name: "Sean Melissari" + username: "sean.melissari" + email: "melissari_sean@bah.com" + cht_member: true -- GitLab