diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS new file mode 100644 index 0000000000000000000000000000000000000000..64a2c68c3ababda8d526d6cd995f02cd36f837ab --- /dev/null +++ b/.gitlab/CODEOWNERS @@ -0,0 +1,6 @@ +[Pipelines] +.gitlab-ci.yml @ironbank-notifications/cht +.gitlab-ci.yaml @ironbank-notifications/cht + +[Gitlab Configuration Files] +.gitlab/* @ironbank-notifications/cht diff --git a/.gitlab/issue_templates/Access Request.md b/.gitlab/issue_templates/Access Request.md new file mode 100644 index 0000000000000000000000000000000000000000..1a7b224d6ccdad95fef69b5c8be1ce2b543f338e --- /dev/null +++ b/.gitlab/issue_templates/Access Request.md @@ -0,0 +1,16 @@ +## Summary + +The following individuals are requesting access to this project (one per line): +(List or tag all individuals here) + + +The access level should be: +- [ ] Developer access +- [ ] Remove access + + +## Definition of Done +- [ ] All accounts have been provided the necessary accesses + + +/label ~"Access" ~"To Do" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Archive.md b/.gitlab/issue_templates/Application - Archive.md new file mode 100644 index 0000000000000000000000000000000000000000..9f3b5fe4d8d43ae9f82411a391b200d4b43f2668 --- /dev/null +++ b/.gitlab/issue_templates/Application - Archive.md @@ -0,0 +1,21 @@ +## Summary + +Requesting this application be archived due to one of the following reasons: +- [ ] Version is no longer supported by vendor +- [ ] Application is End-Of-Life +- [ ] License violation. +- [ ] Other. See below. + +## Detailed Description + +(Please provide a detailed description of why this application should be archived) + + +## Definition of Done +- [ ] Application has been reviewed for archival +- [ ] Project is officially marked as stale +- [ ] Iron Bank frontend no longer lists application as available or approved + + +/label ~"Container::Archive" +/cc @ironbank-notifications/archive \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Initial.md b/.gitlab/issue_templates/Application - Initial.md new file mode 100644 index 0000000000000000000000000000000000000000..6594a0580b941815c0c7c6264cdfc42e28231f57 --- /dev/null +++ b/.gitlab/issue_templates/Application - Initial.md @@ -0,0 +1,32 @@ +## Summary + +Requesting application to be hardened. This is only for initial hardening of a container. + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Greylist file has been created (requires a member from container hardening) +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process (container hardening team processes): +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Initial" +/cc @ironbank-notifications/cht \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Update.md b/.gitlab/issue_templates/Application - Update.md new file mode 100644 index 0000000000000000000000000000000000000000..caebb3e9aab279c7f109ec0fbfa246b8add6d972 --- /dev/null +++ b/.gitlab/issue_templates/Application - Update.md @@ -0,0 +1,35 @@ +## Summary + +Requesting application be updated to a newer version. + + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Updated version: (State the version you would like the application updated to) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Container version has been updated in greylist file +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Update" +/cc @ironbank-notifications/updates \ No newline at end of file diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md new file mode 100644 index 0000000000000000000000000000000000000000..1427a0caed1833bccd3b1e5f8c5f6eafde05266c --- /dev/null +++ b/.gitlab/issue_templates/Bug.md @@ -0,0 +1,37 @@ +## Summary + +(Summarize the bug encountered concisely) + + +## Steps to reproduce + +(How one can reproduce the issue - this is very important) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Relevant logs and/or screenshots + +(Paste any relevant logs - please use code blocks (```) to format console output, +logs, and code as it's very hard to read otherwise.) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Defintion of Done +- [ ] Bug has been identified and corrected within the container + + +/label ~Bug +/cc @ironbank-notifications/bug \ No newline at end of file diff --git a/.gitlab/issue_templates/Feature Request.md b/.gitlab/issue_templates/Feature Request.md new file mode 100644 index 0000000000000000000000000000000000000000..a0e2f195dc66e4187264381c5e96e8aa96db8a09 --- /dev/null +++ b/.gitlab/issue_templates/Feature Request.md @@ -0,0 +1,32 @@ +## Feature description + +(Detailed description of the feature being requested) + + +## Use cases + + +(Detailed description of the use case for this feature) + + +## Benefits + +(How does this benefit others) + + +## Requirements + +(Any requirements for this feature to be enabled?) + + +## Links / references + +(List of links or references that support this feature) + + +## Definition of Done +- [ ] Feature has been implemented + + +/label ~Feature +/cc @ironbank-notifications/feature \ No newline at end of file diff --git a/.gitlab/issue_templates/Leadership Question.md b/.gitlab/issue_templates/Leadership Question.md new file mode 100644 index 0000000000000000000000000000000000000000..4674f82f930085f34f51b4ecbb4d396519f53192 --- /dev/null +++ b/.gitlab/issue_templates/Leadership Question.md @@ -0,0 +1,7 @@ +## Leadership question + +(Detailed description of the question you'd like to ask the leadership team) + + +/label ~"Question::Leadership" ~"To Do" +/cc @ironbank-notifications/leadership \ No newline at end of file diff --git a/.gitlab/issue_templates/New Findings.md b/.gitlab/issue_templates/New Findings.md new file mode 100644 index 0000000000000000000000000000000000000000..068d029d89cb62dd4d4da5e03924c608172d97d6 --- /dev/null +++ b/.gitlab/issue_templates/New Findings.md @@ -0,0 +1,20 @@ +## Summary + +Container has new findings discovered during continuous monitoring. + + + +## Definition of Done +Justifications: +- [ ] All findings have been justified +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::New Findings" +/cc @ironbank-notifications/security \ No newline at end of file diff --git a/.gitlab/issue_templates/Onboarding Question.md b/.gitlab/issue_templates/Onboarding Question.md new file mode 100644 index 0000000000000000000000000000000000000000..77dea11e56c87d3fb65a1cf2ce7901621058f970 --- /dev/null +++ b/.gitlab/issue_templates/Onboarding Question.md @@ -0,0 +1,7 @@ +## Onboarding question + +(Detailed description of the question you'd like to ask the onboarding team) + + +/label ~"Question::Onboarding" ~"To Do" +/cc @ironbank-notifications/onboarding \ No newline at end of file diff --git a/.gitlab/issue_templates/Pipeline Failure.md b/.gitlab/issue_templates/Pipeline Failure.md new file mode 100644 index 0000000000000000000000000000000000000000..28b82a9454358a542efaa4b9c1c99542e3487fd6 --- /dev/null +++ b/.gitlab/issue_templates/Pipeline Failure.md @@ -0,0 +1,31 @@ +## Summary + +(Summarize the pipeline issue encountered concisely) + + +## Link to failed pipeline + +(Link to the failed pipeline) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Definition of Done +- [ ] Pipeline failure has been resolved + + +/label ~Pipeline +/cc @ironbank-notifications/pipelines \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 0bd97a469b0b6763346f49a67fd833c68f33c8ad..e7ee40f811b520d9728022bb91fbb241ac21fe76 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,17 @@ ARG BASE_REGISTRY=registry1.dsop.io -ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.2 +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi7 +ARG BASE_TAG=7.9 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} LABEL name="MariaDB" \ maintainer="michael.simmons@anchore.com" \ vendor="Open Source" \ - version="10.2.32" \ + version="10.2.36" \ release="1" \ summary="Image of MariaDB" \ description="MariaDB is a community-developed fork of the MySQL relational database management system." -COPY mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm openssl.rpm libnsl.rpm signatures/RPM-GPG-KEY-MariaDB signatures/RPM-GPG-KEY-CentOS-Official signatures/RPM-GPG-KEY-CentOS-7 / +COPY mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm signatures/RPM-GPG-KEY-MariaDB signatures/RPM-GPG-KEY-CentOS-Official signatures/RPM-GPG-KEY-CentOS-7 / COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh RUN groupadd -r mysql && useradd -r -g mysql mysql && \ @@ -19,11 +19,12 @@ RUN groupadd -r mysql && useradd -r -g mysql mysql && \ rpm --import RPM-GPG-KEY-MariaDB && \ rpm --import RPM-GPG-KEY-CentOS-Official && \ rpm --import RPM-GPG-KEY-CentOS-7 && \ - dnf -y update && \ - dnf -y install mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm openssl.rpm libnsl.rpm --setopt=tsflags=nodocs && \ - dnf clean all && \ + yum -y update && \ + yum -y install mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm --setopt=tsflags=nodocs && \ + yum -y update && \ + yum clean all && \ rm -rf /var/cache/dnf && \ - rm mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm openssl.rpm libnsl.rpm RPM-GPG-KEY-MariaDB RPM-GPG-KEY-CentOS-Official RPM-GPG-KEY-CentOS-7 && \ + rm mariadb-server.rpm mariadb-client.rpm mariadb-common.rpm mariadb-shared.rpm mariadb-compat.rpm galera.rpm boost.rpm RPM-GPG-KEY-MariaDB RPM-GPG-KEY-CentOS-Official RPM-GPG-KEY-CentOS-7 && \ chmod +x /usr/local/bin/docker-entrypoint.sh && \ ln -s usr/local/bin/docker-entrypoint.sh @@ -38,4 +39,4 @@ ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] EXPOSE 3306 -CMD ["mysqld"] \ No newline at end of file +CMD ["mysqld"] diff --git a/Jenkinsfile b/Jenkinsfile index c007b0b29bd45270cbd006a6cebd8de8a9aab769..1ea71273a7fa07d38f23b7cd6da335f988963626 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,4 +1,4 @@ @Library('DCCSCR@master') _ dccscrPipeline( - version: "10.2.32" + version: "10.2.36" ) diff --git a/download.yaml b/download.yaml index 993f69d34335fedcbc6546a94d276ec918a429b6..375ebb1e22e4aedfe6beeb534b2e13ec41c35ae2 100644 --- a/download.yaml +++ b/download.yaml @@ -1,30 +1,30 @@ resources: - - url: "https://yum.mariadb.org/10.2.32/rhel7-amd64/rpms/MariaDB-server-10.2.32-1.el7.centos.x86_64.rpm" + - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-server-10.2.36-1.el7.centos.x86_64.rpm" filename: "mariadb-server.rpm" validation: type: "sha256" - value: "17f40f06be93adf411f4b3efbe2c317db3499c9f0daa477e58b2bf67fa4e774e" - - url: "https://yum.mariadb.org/10.2.32/rhel7-amd64/rpms/MariaDB-client-10.2.32-1.el7.centos.x86_64.rpm" + value: "66efcfe077199e0338650568331ae87780a29d397b4bda81b664d5d2b9511974" + - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-client-10.2.36-1.el7.centos.x86_64.rpm" filename: "mariadb-client.rpm" validation: type: "sha256" - value: "2dfe24400bacab6db13e90b27447a1473cb68552fe6f716ff834fad4f3371d4f" - - url: "https://yum.mariadb.org/10.2.32/rhel7-amd64/rpms/MariaDB-common-10.2.32-1.el7.centos.x86_64.rpm" + value: "70948a763232bf9bd69f719ff7528f5b01dfedfc49baa33708cd949c42b4bef0" + - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-common-10.2.36-1.el7.centos.x86_64.rpm" filename: "mariadb-common.rpm" validation: type: "sha256" - value: "c2a182f433754e7def351d024b862770b07b13696f95372338366fdb42dfd945" - - url: "https://yum.mariadb.org/10.2.32/rhel7-amd64/rpms/MariaDB-shared-10.2.32-1.el7.centos.x86_64.rpm" + value: "db4cc11948336fed9e23cdf48d68a5bf7a8cb973d35e1d41fe5db4fcb089ff2a" + - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-shared-10.2.36-1.el7.centos.x86_64.rpm" filename: "mariadb-shared.rpm" validation: type: "sha256" - value: "1fb6a5008f95bc2b5c6e54bc149f29aef99884388fb6eb961bbcff6e8e4442dd" - - url: "https://yum.mariadb.org/10.2.32/rhel7-amd64/rpms/MariaDB-compat-10.2.32-1.el7.centos.x86_64.rpm" + value: "e63005ee9d6b3602410250a714e4585b7f87af0e3d31af4cd5fa94dd71e941a6" + - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/MariaDB-compat-10.2.36-1.el7.centos.x86_64.rpm" filename: "mariadb-compat.rpm" validation: type: "sha256" - value: "224b4d4ff7c1a7e2b901cc3fde9fa81e1fc0726fcd92b2732133d768c602ef57" - - url: "https://yum.mariadb.org/10.2.32/rhel7-amd64/rpms/galera-25.3.29-1.rhel7.el7.centos.x86_64.rpm" + value: "38cb7f81c341504497bc046c88da2460693f95b3397ed780ea9a230d4cfdf245" + - url: "https://yum.mariadb.org/10.2.36/rhel7-amd64/rpms/galera-25.3.29-1.rhel7.el7.centos.x86_64.rpm" filename: "galera.rpm" validation: type: "sha256" @@ -33,14 +33,4 @@ resources: filename: "boost.rpm" validation: type: "sha256" - value: "1aa6d9b776bb246523faa8396bb5d06b50fc7010c112ace3689872b4c22fae23" - - url: "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/libnsl-2.28-101.el8.x86_64.rpm" - filename: "libnsl.rpm" - validation: - type: "sha256" - value: "f498899da64b52245726e0e3c9f28c6456707a94e76e2eba137073c1ec218b54" - - url: "http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/compat-openssl10-1.0.2o-3.el8.x86_64.rpm" - filename: "openssl.rpm" - validation: - type: "sha256" - value: "2baa59d2c0c03ce262a5188596c8f0e4b90c307f81236746a5e831d4e17a18ca" \ No newline at end of file + value: "1aa6d9b776bb246523faa8396bb5d06b50fc7010c112ace3689872b4c22fae23" \ No newline at end of file