From a9d9704ff11f8897f12dc0af7e5740f9044c9dd8 Mon Sep 17 00:00:00 2001
From: renovate <renovate@support.dsop.io>
Date: Fri, 11 Jun 2021 18:46:52 +0000
Subject: [PATCH 1/2] Update quay.io/coreos/clair Docker tag to v4

---
 Dockerfile              | 2 +-
 hardening_manifest.yaml | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0da1ab4..fb509ff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
 ARG BASE_TAG=8.4
 
-FROM quay.io/coreos/clair:v2.1.7 as base
+FROM quay.io/coreos/clair:v4.1.0 as base
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as build
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 32c513d..5866cf6 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "opensource/quay/clair"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-- "v2.1.7"
+- "v4.1.0"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -27,7 +27,7 @@ labels:
   org.opencontainers.image.url: "https://github.com/quay/clair"
   # Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Red Hat"
-  org.opencontainers.image.version: "v2.1.7"
+  org.opencontainers.image.version: "v4.1.0"
   # Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "security,scanning,container"
   # This value can be "opensource" or "commercial"
@@ -37,8 +37,8 @@ labels:
 
 # List of resources to make available to the offline build context
 resources:
-- tag: quay.io/coreos/clair:v2.1.7
-  url: docker://quay.io/coreos/clair@sha256:0962dd91c2f5de60ea2c0019fb275bc463fce6f59db96597e09e645627439909
+- tag: quay.io/coreos/clair:v4.1.0
+  url: docker://quay.io/coreos/clair@sha256:d5900e1f7ac487661acfd70f53f6de9d937035553199c182ffdf5bbdd0c88db8
 - filename: musl.tar.gz
   url: https://musl.libc.org/releases/musl-1.2.0.tar.gz
   validation:
-- 
GitLab


From 07c6cbe8da3b84cd819d484cd57bb2ff8ba586b1 Mon Sep 17 00:00:00 2001
From: Sean Melissari <Melissari_Sean@bah.com>
Date: Tue, 15 Jun 2021 12:11:06 -0400
Subject: [PATCH 2/2] fix missing binary

---
 Dockerfile | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index fb509ff..693a8b0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,9 @@ RUN dnf install -y gcc make && \
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
+ENV CLAIR_CONF=/config/config.yaml CLAIR_MODE=combo
+ENV SSL_CERT_DIR="/etc/ssl/certs:/etc/pki/tls/certs:/var/run/certs"
+
 RUN groupadd -g 1000 clair && \
     useradd -r -u 1000 -m -s /sbin/nologin -g clair clair && \
     mkdir /etc/clair && \
@@ -27,15 +30,17 @@ RUN groupadd -g 1000 clair && \
     rm -rf /var/cache/dnf && \
     chmod -s /usr/libexec/openssh/ssh-keysign
 
-COPY --from=base /clair /clair
-COPY --from=base /usr/bin/dumb-init /usr/bin/dumb-init
+COPY --from=base /bin/clair /bin/clair
+COPY --from=base /bin/clairctl /bin/clairctl
+COPY --from=base /usr/local/bin/dumb-init /usr/local/bin/dumb-init
 COPY --from=build /usr/local/musl/lib/libc.so /usr/local/musl/lib/libc.so
 COPY --from=build /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
 
-USER clair
+USER 1000
 VOLUME /config
+WORKDIR /run
 EXPOSE 6060 6061
 
 HEALTHCHECK CMD curl -fs http://127.0.0.1:6061/health || curl -fsk https://127.0.0.1:6061/health || exit 1
 
-ENTRYPOINT ["/usr/bin/dumb-init", "--", "/clair"]
+ENTRYPOINT ["/usr/local/bin/dumb-init", "--", "/bin/clair"]
-- 
GitLab