From 23156dc9e4eb03b0243ba14415e50abe9bbfde72 Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Wed, 11 Aug 2021 17:30:53 +0000 Subject: [PATCH 1/7] Updating dependencies --- Dockerfile | 10 +++++----- hardening_manifest.yaml | 24 ++++++++++++------------ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index e055d89..46bef31 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,13 +22,13 @@ COPY --from=chart-testing /etc/ct/* /etc/ct/ COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ RUN rm -rf /usr/include/python3.6m /usr/lib64/python3.6 /usr/lib/python3.6 /usr/lib/python3.8/site-packages/urllib3* && \ - pip3 install -U --no-index /packages/pip-21.1.3-py3-none-any.whl && \ + pip3 install -U --no-index /packages/pip-21.2.3-py3-none-any.whl && \ pip3 install -U --no-index /packages/pathspec-0.8.1-py2.py3-none-any.whl && \ - pip3 install -U --no-index /packages/setuptools-57.0.0-py3-none-any.whl && \ + pip3 install -U --no-index /packages/setuptools-57.4.0-py3-none-any.whl && \ pip3 install -U --no-index /packages/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl && \ - pip3 install -U --no-index /packages/yamale-3.0.7-py3-none-any.whl && \ + pip3 install -U --no-index /packages/yamale-3.0.8-py3-none-any.whl && \ pip3 install -U --no-index /packages/urllib3-1.26.6-py2.py3-none-any.whl && \ - pip3 install -U --no-index /packages/yamllint-1.26.1.tar.gz && \ + pip3 install -U --no-index /packages/yamllint-1.26.2.tar.gz && \ rm -rf /packages /usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-info USER 1000 @@ -36,4 +36,4 @@ USER 1000 HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] # Ensure that the binary is available on path and is executable -RUN ct --help \ No newline at end of file +RUN ct --help diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 6093ba5..fba824c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,36 +39,36 @@ labels: resources: - tag: quay.io/helmpack/chart-testing:v3.4.0 url: docker://quay.io/helmpack/chart-testing@sha256:7d66a4ff8803fd31b12e5de66cebdb3cb68a6139be8ecc90592c0208550371c1 -- filename: pip-21.1.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/47/ca/f0d790b6e18b3a6f3bd5e80c2ee4edbb5807286c21cdd0862ca933f751dd/pip-21.1.3-py3-none-any.whl +- filename: pip-21.2.3-py3-none-any.whl + url: https://files.pythonhosted.org/packages/ca/bf/4133a0e05eac641ec270bbcef30512b5ad307d7838adb994acd652cc30e3/pip-21.2.3-py3-none-any.whl validation: type: sha256 - value: 78cb760711fedc073246543801c84dc5377affead832e103ad0211f99303a204 + value: 895df6014c2f02f9d278a8ad6e31cdfd312952b4a93c3068d0556964f4490057 - filename: pathspec-0.8.1-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/29/29/a465741a3d97ea3c17d21eaad4c64205428bde56742360876c4391f930d4/pathspec-0.8.1-py2.py3-none-any.whl validation: type: sha256 value: aa0cb481c4041bf52ffa7b0d8fa6cd3e88a2ca4879c533c9153882ee2556790d -- filename: setuptools-57.0.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/4e/78/56aa1b5f4d8ac548755ae767d84f0be54fdd9d404197a3d9e4659d272348/setuptools-57.0.0-py3-none-any.whl +- filename: setuptools-57.4.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/bd/25/5bdf7f1adeebd4e3fa76b2e2f045ae53ee208e40a4231ad0f0c3007e4353/setuptools-57.4.0-py3-none-any.whl validation: type: sha256 - value: c8b9f1a457949002e358fea7d3f2a1e1b94ddc0354b2e40afc066bf95d21bf7b + value: a49230977aa6cfb9d933614d2f7b79036e9945c4cdd7583163f4e920b83418d6 - filename: PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl url: https://files.pythonhosted.org/packages/70/96/c7245e551b1cb496bfb95840ace55ca60f20d3d8e33d70faf8c78a976899/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl validation: type: sha256 value: 8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb -- filename: yamllint-1.26.1.tar.gz - url: https://files.pythonhosted.org/packages/50/a1/9093baeb2545d43c22bbcc98c94b926d324598b50e196b492b0882dcb465/yamllint-1.26.1.tar.gz +- filename: yamllint-1.26.2.tar.gz + url: https://files.pythonhosted.org/packages/74/2f/05aff60fa063c49c28bd24f4f848d9a81583c65082de154fcd2a467548e6/yamllint-1.26.2.tar.gz validation: type: sha256 - value: 87d9462b3ed7e9dfa19caa177f7a77cd9888b3dc4044447d6ae0ab233bcd1324 -- filename: yamale-3.0.7-py3-none-any.whl - url: https://files.pythonhosted.org/packages/5f/a3/4208d23ca0e9933cfae139dd56dc76fa7aadd7f17d551e6159d6d95b0d07/yamale-3.0.7-py3-none-any.whl + value: 0b08a96750248fdf21f1e8193cb7787554ef75ed57b27f621cd6b3bf09af11a1 +- filename: yamale-3.0.8-py3-none-any.whl + url: https://files.pythonhosted.org/packages/64/74/041ee94abe172d6e8ac29b2321f8c5409604ead517b65972e56f5f4abb5f/yamale-3.0.8-py3-none-any.whl validation: type: sha256 - value: 51b286bd500d75afaee5799e9d605f7e3383425d64e83c9fa3c81bd968935829 + value: 9e9d6946d2f68926822d0df400dafb5e75b34bc7f482237393db29e697d5bbad - filename: urllib3-1.26.6-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/5f/64/43575537846896abac0b15c3e5ac678d787a4021e906703f1766bfb8ea11/urllib3-1.26.6-py2.py3-none-any.whl validation: -- GitLab From 1c382242ca4fc9bd2f80f8a33710c4baf94cbeaa Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Wed, 11 Aug 2021 11:59:55 -0600 Subject: [PATCH 2/7] blah --- Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 46bef31..f1be57e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,17 +19,18 @@ COPY --from=chart-testing /usr/local/bin/ct /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/helm /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/kubectl /usr/local/bin/ COPY --from=chart-testing /etc/ct/* /etc/ct/ -COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ +# COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ -RUN rm -rf /usr/include/python3.6m /usr/lib64/python3.6 /usr/lib/python3.6 /usr/lib/python3.8/site-packages/urllib3* && \ - pip3 install -U --no-index /packages/pip-21.2.3-py3-none-any.whl && \ +# RUN rm -rf /usr/include/python3.6m /usr/lib64/python3.6 /usr/lib/python3.6 /usr/lib/python3.8/site-packages/urllib3* && \ +RUN pip3 install -U --no-index /packages/pip-21.2.3-py3-none-any.whl && \ pip3 install -U --no-index /packages/pathspec-0.8.1-py2.py3-none-any.whl && \ pip3 install -U --no-index /packages/setuptools-57.4.0-py3-none-any.whl && \ pip3 install -U --no-index /packages/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl && \ pip3 install -U --no-index /packages/yamale-3.0.8-py3-none-any.whl && \ pip3 install -U --no-index /packages/urllib3-1.26.6-py2.py3-none-any.whl && \ pip3 install -U --no-index /packages/yamllint-1.26.2.tar.gz && \ - rm -rf /packages /usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-info + # rm -rf /packages /usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-info + rm -rf /packages/usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-inf USER 1000 -- GitLab From 8068059f96fd4f5a88e9c198d992ac4c2eec8acd Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Wed, 11 Aug 2021 12:19:43 -0600 Subject: [PATCH 3/7] blah --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f1be57e..8e8e8ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ COPY --from=chart-testing /usr/local/bin/ct /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/helm /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/kubectl /usr/local/bin/ COPY --from=chart-testing /etc/ct/* /etc/ct/ -# COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ +COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ # RUN rm -rf /usr/include/python3.6m /usr/lib64/python3.6 /usr/lib/python3.6 /usr/lib/python3.8/site-packages/urllib3* && \ RUN pip3 install -U --no-index /packages/pip-21.2.3-py3-none-any.whl && \ @@ -29,7 +29,6 @@ RUN pip3 install -U --no-index /packages/pip-21.2.3-py3-none-any.whl && \ pip3 install -U --no-index /packages/yamale-3.0.8-py3-none-any.whl && \ pip3 install -U --no-index /packages/urllib3-1.26.6-py2.py3-none-any.whl && \ pip3 install -U --no-index /packages/yamllint-1.26.2.tar.gz && \ - # rm -rf /packages /usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-info rm -rf /packages/usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-inf USER 1000 -- GitLab From 12fff887c5866d5066dc73e63f3def80fd33cae4 Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Wed, 11 Aug 2021 12:46:39 -0600 Subject: [PATCH 4/7] blah --- Dockerfile | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8e8e8ae..7a47a14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,14 +22,21 @@ COPY --from=chart-testing /etc/ct/* /etc/ct/ COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ # RUN rm -rf /usr/include/python3.6m /usr/lib64/python3.6 /usr/lib/python3.6 /usr/lib/python3.8/site-packages/urllib3* && \ -RUN pip3 install -U --no-index /packages/pip-21.2.3-py3-none-any.whl && \ - pip3 install -U --no-index /packages/pathspec-0.8.1-py2.py3-none-any.whl && \ - pip3 install -U --no-index /packages/setuptools-57.4.0-py3-none-any.whl && \ - pip3 install -U --no-index /packages/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl && \ - pip3 install -U --no-index /packages/yamale-3.0.8-py3-none-any.whl && \ - pip3 install -U --no-index /packages/urllib3-1.26.6-py2.py3-none-any.whl && \ - pip3 install -U --no-index /packages/yamllint-1.26.2.tar.gz && \ - rm -rf /packages/usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-inf +RUN pip3 uninstall -y \ + pathspec \ + PyYAML \ + yamale \ + urllib3 \ + yamllint && \ + pip3 install -U --no-index \ + /packages/pip-21.2.3-py3-none-any.whl \ + /packages/pathspec-0.8.1-py2.py3-none-any.whl \ + /packages/setuptools-57.4.0-py3-none-any.whl \ + /packages/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl \ + /packages/yamale-3.0.8-py3-none-any.whl \ + /packages/urllib3-1.26.6-py2.py3-none-any.whl \ + /packages/yamllint-1.26.2.tar.gz + # rm -rf /packages/usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-inf USER 1000 -- GitLab From f5d48da96dc97cb2ba343ac700ae35b03d262194 Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Wed, 11 Aug 2021 13:21:31 -0600 Subject: [PATCH 5/7] blah --- Dockerfile | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7a47a14..0578aa2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,24 +19,17 @@ COPY --from=chart-testing /usr/local/bin/ct /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/helm /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/kubectl /usr/local/bin/ COPY --from=chart-testing /etc/ct/* /etc/ct/ -COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ +# COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ # RUN rm -rf /usr/include/python3.6m /usr/lib64/python3.6 /usr/lib/python3.6 /usr/lib/python3.8/site-packages/urllib3* && \ -RUN pip3 uninstall -y \ - pathspec \ - PyYAML \ - yamale \ - urllib3 \ - yamllint && \ - pip3 install -U --no-index \ +RUN pip3 install -U --no-index \ /packages/pip-21.2.3-py3-none-any.whl \ - /packages/pathspec-0.8.1-py2.py3-none-any.whl \ - /packages/setuptools-57.4.0-py3-none-any.whl \ + # /packages/pathspec-0.8.1-py2.py3-none-any.whl \ + # /packages/setuptools-57.4.0-py3-none-any.whl \ /packages/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl \ - /packages/yamale-3.0.8-py3-none-any.whl \ - /packages/urllib3-1.26.6-py2.py3-none-any.whl \ - /packages/yamllint-1.26.2.tar.gz - # rm -rf /packages/usr/libexec/openssh/* /usr/lib/python3.8/site-packages/pip-21.0.1.dist-inf + /packages/yamale-3.0.8-py3-none-any.whl + # /packages/urllib3-1.26.6-py2.py3-none-any.whl \ + # /packages/yamllint-1.26.2.tar.gz USER 1000 -- GitLab From ca5b4374e2b4839c9ceb432a395b991a0c6ac782 Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Wed, 11 Aug 2021 13:37:23 -0600 Subject: [PATCH 6/7] Cleanup --- Dockerfile | 8 -------- hardening_manifest.yaml | 20 -------------------- 2 files changed, 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0578aa2..7f6fb99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,21 +19,13 @@ COPY --from=chart-testing /usr/local/bin/ct /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/helm /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/kubectl /usr/local/bin/ COPY --from=chart-testing /etc/ct/* /etc/ct/ -# COPY --from=chart-testing /usr/lib/python3.8/site-packages/ /usr/lib/python3.8/site-packages/ -# RUN rm -rf /usr/include/python3.6m /usr/lib64/python3.6 /usr/lib/python3.6 /usr/lib/python3.8/site-packages/urllib3* && \ RUN pip3 install -U --no-index \ /packages/pip-21.2.3-py3-none-any.whl \ - # /packages/pathspec-0.8.1-py2.py3-none-any.whl \ - # /packages/setuptools-57.4.0-py3-none-any.whl \ /packages/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl \ /packages/yamale-3.0.8-py3-none-any.whl - # /packages/urllib3-1.26.6-py2.py3-none-any.whl \ - # /packages/yamllint-1.26.2.tar.gz USER 1000 -HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] - # Ensure that the binary is available on path and is executable RUN ct --help diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index fba824c..7f78568 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -44,36 +44,16 @@ resources: validation: type: sha256 value: 895df6014c2f02f9d278a8ad6e31cdfd312952b4a93c3068d0556964f4490057 -- filename: pathspec-0.8.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/29/29/a465741a3d97ea3c17d21eaad4c64205428bde56742360876c4391f930d4/pathspec-0.8.1-py2.py3-none-any.whl - validation: - type: sha256 - value: aa0cb481c4041bf52ffa7b0d8fa6cd3e88a2ca4879c533c9153882ee2556790d -- filename: setuptools-57.4.0-py3-none-any.whl - url: https://files.pythonhosted.org/packages/bd/25/5bdf7f1adeebd4e3fa76b2e2f045ae53ee208e40a4231ad0f0c3007e4353/setuptools-57.4.0-py3-none-any.whl - validation: - type: sha256 - value: a49230977aa6cfb9d933614d2f7b79036e9945c4cdd7583163f4e920b83418d6 - filename: PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl url: https://files.pythonhosted.org/packages/70/96/c7245e551b1cb496bfb95840ace55ca60f20d3d8e33d70faf8c78a976899/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl validation: type: sha256 value: 8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb -- filename: yamllint-1.26.2.tar.gz - url: https://files.pythonhosted.org/packages/74/2f/05aff60fa063c49c28bd24f4f848d9a81583c65082de154fcd2a467548e6/yamllint-1.26.2.tar.gz - validation: - type: sha256 - value: 0b08a96750248fdf21f1e8193cb7787554ef75ed57b27f621cd6b3bf09af11a1 - filename: yamale-3.0.8-py3-none-any.whl url: https://files.pythonhosted.org/packages/64/74/041ee94abe172d6e8ac29b2321f8c5409604ead517b65972e56f5f4abb5f/yamale-3.0.8-py3-none-any.whl validation: type: sha256 value: 9e9d6946d2f68926822d0df400dafb5e75b34bc7f482237393db29e697d5bbad -- filename: urllib3-1.26.6-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/5f/64/43575537846896abac0b15c3e5ac678d787a4021e906703f1766bfb8ea11/urllib3-1.26.6-py2.py3-none-any.whl - validation: - type: sha256 - value: 39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4 # List of project maintainers -- GitLab From b45336acec6a8ca682343850b5dfdd674a738c4f Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Wed, 11 Aug 2021 13:46:53 -0600 Subject: [PATCH 7/7] cleanup --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7f6fb99..b081186 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN dnf update -y && \ mkdir /packages/ COPY *.whl /packages/ -COPY *.tar.gz /packages/ + COPY --from=chart-testing /usr/local/bin/ct /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/helm /usr/local/bin/ COPY --from=chart-testing /usr/local/bin/kubectl /usr/local/bin/ -- GitLab