From ed6a6aefd1935d7f77b371939fc647c4ed86ae70 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Wed, 5 May 2021 23:37:27 -0500 Subject: [PATCH 01/22] initial commit --- .gitignore | 2 + Dockerfile | 43 +++++ LICENSE | 366 +++++++++++++++++++++++++++++++++++++++ README.md | 11 +- hardening_manifest.yaml | 375 ++++++++++++++++++++++++++++++++++++++++ rpackages | 7 + 6 files changed, 802 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 hardening_manifest.yaml create mode 100644 rpackages diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c0caa71 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.tar.gz +*.rpm \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..fd6ab9f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,43 @@ +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=ironbank/opensource/r/r-base +ARG BASE_TAG=4.0.3 + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +USER root + +ENV RSTUDIO_VERSION=1.4.1106 + +COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp + +RUN dnf upgrade -y && \ + dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ + rm /var/lib/rstudio-server/rstudio.sqlite && \ + mkdir -p /local/libs && \ + chmod -R g=u /var/lib/rstudio-server && \ + chmod -R g=u /etc/rstudio && \ + chown $USER /var/lib/rstudio-server /var/run/rstudio-server && \ + ln -s /usr/lib/rstudio-server/bin/rserver /usr/local/bin/rserver && \ + chmod +t /var/run/rstudio-server && \ + chkconfig rstudio-server off + +COPY *.tar.gz /local/libs +COPY rpackages /tmp/rpackages + +RUN R -e "library(tools); write_PACKAGES('/local/libs')" && \ + cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} R -e "install.packages(c({}), contriburl='file:///local/libs')" && \ + rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ + dnf clean all && \ + rm -rf /var/cache/dnf /tmp/* /local/libs/* + +ENV LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US.UTF-8 + +USER ${USER} + +HEALTHCHECK --start-period=60s CMD rserver status + +EXPOSE 8787 + +ENTRYPOINT ["rserver", "--server-daemonize=0", "--auth-none=1"] \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f1db125 --- /dev/null +++ b/LICENSE @@ -0,0 +1,366 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +APACHE NIFI SUBCOMPONENTS: + +The Apache NiFi project contains subcomponents with separate copyright +notices and license terms. Your use of the source code for the these +subcomponents is subject to the terms and conditions of the following +licenses. + +This product bundles source from 'Asciidoctor'. Specifically the 'asciidoc-mod.css'. +The source is available under an MIT LICENSE. + + Copyright (C) 2012-2015 Dan Allen, Ryan Waldron and the Asciidoctor Project + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +This product bundles 'CodeMirror' which is available under an MIT style license. + + Copyright (C) 2014 by Marijn Haverbeke and others + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +This product bundles 'jquery.base64.js' which is available under an MIT style license. + + Copyright (c) 2013 Yannick Albert (http://yckart.com/) + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +This product bundles HexViewJS available under an MIT License + + Copyright (c) 2010 Nick McVeity + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +This product bundles 'Fontello' which is available under an MIT license. + + Copyright (C) 2011 by Vitaly Puzrin + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +This product bundles 'js-beautify' which is available under an MIT license. + + Copyright (c) 2007-2013 Einar Lielmanis and contributors. + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + + +This product bundles source from 'AbstractingTheJavaConsole'. The source is available under an MIT LICENSE. + + Copyright (C) 2010 McDowell + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. diff --git a/README.md b/README.md index 5dc6fa6..4a9533a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,10 @@ -# +# Security Notes -Project template for all Iron Bank container repositories. \ No newline at end of file +# This container is only approved for DoD use if it is NOT internet facing. Access should be achieved through a Zero Trust stack, for example, CNAP or any approved DoD VPN. + + +[RStudio Server](https://rstudio.com/products/rstudio/#rstudio-server) is an integrated development environment (IDE) for R. It includes a console, syntax-highlighting editor that supports direct code execution, as well as tools for plotting, history, debugging and workspace management. data. + +## Documentation + +To learn more about Rstudio Server Opensouce [go to the complete documentation](https://support.rstudio.com/hc/en-us/articles/200552306-Getting-Started). diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..a378738 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,375 @@ +--- +apiVersion: v1 +# The repository name in registry1, excluding /ironbank/ +name: "opensource/r/r-studio" +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "1.4.1106" +- "latest" +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.3" +# Docker image labels +labels: + org.opencontainers.image.title: "rstudio" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "RStudio provides free and open source tools for R and enterprise-ready professional software for data science teams to develop and share their work at scale." + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Apache-2.0" + ## URL to find more information on the image + org.opencontainers.image.url: "https://rstudio.com/" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "RStudio" + org.opencontainers.image.version: "1.4.1106" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "ide,ai,ml" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "opensource" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "RStudio" +# List of resources to make available to the offline build context +resources: +- filename: rstudio-server-rhel-1.4.1106-x86_64.rpm + url: https://download2.rstudio.org/server/centos8/x86_64/rstudio-server-rhel-1.4.1106-x86_64.rpm + validation: + type: sha256 + value: 0fd54e5ec3504c970c2e7c912fc651446e65e3ccb3b504d4615e2e97176ab406 +- filename: numDeriv_2016.8-1.1.tar.gz url: http://cran.us.r-project.org/src/contrib/numDeriv_2016.8-1.1.tar.gz + validation: + type: sha256 + value: d8c4d19ff9aeb31b0c628bd4a16378e51c1c9a3813b525469a31fe89af00b345 +- filename: SQUAREM_2021.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/SQUAREM_2021.1.tar.gz + validation: + type: sha256 + value: 66e5e18ca29903e4950750bbd810f0f9df85811ee4195ce0a86d939ba8183a58 +- filename: lava_1.6.9.tar.gz + url: http://cran.us.r-project.org/src/contrib/lava_1.6.9.tar.gz + validation: + type: sha256 + value: 034d628a22061cf811e7ac9a9210d91e12fec146250da3ad6fbb7ef4f372b11d +- filename: colorspace_2.0-1.tar.gz + url: http://cran.us.r-project.org/src/contrib/colorspace_2.0-1.tar.gz + validation: + type: sha256 + value: f82fdde36058678d1bd0f410eb45a5874aa28d74e2de30399f28b070a284425e +- filename: prodlim_2019.11.13.tar.gz + url: http://cran.us.r-project.org/src/contrib/prodlim_2019.11.13.tar.gz + validation: + type: sha256 + value: 6809924f503a14681de84730489cdaf9240d7951c64f5b98ca37dc1ce7809b0f +- filename: farver_2.1.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/farver_2.1.0.tar.gz + validation: + type: sha256 + value: e5c8630607049f682fb3002b99ca4f5e7c6b94f8b2a4342df594e7853b77cef4 +- filename: labeling_0.4.2.tar.gz + url: http://cran.us.r-project.org/src/contrib/labeling_0.4.2.tar.gz + validation: + type: sha256 + value: e022d79276173e0d62bf9e37d7574db65ab439eb2ae1833e460b1cff529bd165 +- filename: munsell_0.5.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/munsell_0.5.0.tar.gz + validation: + type: sha256 + value: d0f3a9fb30e2b5d411fa61db56d4be5733a2621c0edf017d090bdfa5e377e199 +- filename: RColorBrewer_1.1-2.tar.gz + url: http://cran.us.r-project.org/src/contrib/RColorBrewer_1.1-2.tar.gz + validation: + type: sha256 + value: f3e9781e84e114b7a88eb099825936cc5ae7276bbba5af94d35adb1b3ea2ccdd +- filename: viridisLite_0.4.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/viridisLite_0.4.0.tar.gz + validation: + type: sha256 + value: 849955dc8ad9bc52bdc50ed4867fd92a510696fc8294e6971efa018437c83c6a +- filename: fansi_0.4.2.tar.gz + url: http://cran.us.r-project.org/src/contrib/fansi_0.4.2.tar.gz + validation: + type: sha256 + value: a2edf06cf8b91333a5df4990d50cdb35a63aa4b63c8c8ddf5bedcb499daafc44 +- filename: pkgconfig_2.0.3.tar.gz + url: http://cran.us.r-project.org/src/contrib/pkgconfig_2.0.3.tar.gz + validation: + type: sha256 + value: 330fef440ffeb842a7dcfffc8303743f1feae83e8d6131078b5a44ff11bc3850 +- filename: cli_2.5.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/cli_2.5.0.tar.gz + validation: + type: sha256 + value: 5067dfbe056a4b2a57142520f4895ec0b018d3065a910ff4ca41444019b58d9c +- filename: crayon_1.4.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/crayon_1.4.1.tar.gz + validation: + type: sha256 + value: 08b6e42e748d096960b2f32b7ffe690c25742e29fe14c19d1834cd6ff43029c7 +- filename: utf8_1.2.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/utf8_1.2.1.tar.gz + validation: + type: sha256 + value: b3411900d43a6a63c068997909ee14b67e3027816ee590586b78de37acdc87fb +- filename: mime_0.10.tar.gz + url: http://cran.us.r-project.org/src/contrib/mime_0.10.tar.gz + validation: + type: sha256 + value: 783233a15a817a7530d140e9825565a661aa4bdea7c635d11b9c74faa33be3f7 +- filename: iterators_1.0.13.tar.gz + url: http://cran.us.r-project.org/src/contrib/iterators_1.0.13.tar.gz + validation: + type: sha256 + value: 778e30e4c292da9f94d62acc637cf55273dae258199d847e62658f44840f11a4 +- filename: gower_0.2.2.tar.gz + url: http://cran.us.r-project.org/src/contrib/gower_0.2.2.tar.gz + validation: + type: sha256 + value: 3f022010199fafe34f6e7431730642a76893e6b4249b84e5a61012cb83483631 +- filename: ipred_0.9-11.tar.gz + url: http://cran.us.r-project.org/src/contrib/ipred_0.9-11.tar.gz + validation: + type: sha256 + value: b7568f3a951bc0ad37bdc9a343bd79a76dc1d6cb838704c877608bc38e780e12 +- filename: lubridate_1.7.10.tar.gz + url: http://cran.us.r-project.org/src/contrib/lubridate_1.7.10.tar.gz + validation: + type: sha256 + value: 15121d213893255f1c8257a5a06acae7b3269b2378d56efd5cc95d9b4d1bc5e8 +- filename: timeDate_3043.102.tar.gz + url: http://cran.us.r-project.org/src/contrib/timeDate_3043.102.tar.gz + validation: + type: sha256 + value: 377cba03cddab8c6992e31d0683c1db3a73afa9834eee3e95b3b0723f02d7473 +- filename: float_0.2-4.tar.gz + url: http://cran.us.r-project.org/src/contrib/float_0.2-4.tar.gz + validation: + type: sha256 + value: e19f4232786a9977abc0ae79ff922d97478ae0ec81fca274821baeb7bc6bc1f1 +- filename: RhpcBLASctl_0.20-137.tar.gz + url: http://cran.us.r-project.org/src/contrib/RhpcBLASctl_0.20-137.tar.gz + validation: + type: sha256 + value: db02cbdad32fc54bc60bb27baf0799e919c09c09710c33bf72c741f93421616f +- filename: RcppArmadillo_0.10.4.0.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/RcppArmadillo_0.10.4.0.0.tar.gz + validation: + type: sha256 + value: dbe894b7120671db3c720f663a165063de51432192d0766e2dc4a89c1d3fcc02 +- filename: digest_0.6.27.tar.gz + url: http://cran.us.r-project.org/src/contrib/digest_0.6.27.tar.gz + validation: + type: sha256 + value: f485f75122907da24c41d4a62c91a232f0c371befd2f77e973342a1bef00253f +- filename: glue_1.4.2.tar.gz + url: http://cran.us.r-project.org/src/contrib/glue_1.4.2.tar.gz + validation: + type: sha256 + value: 9f7354132a26e9a876428fa87629b9aaddcd558f9932328e6ac065b95b8ef7ad +- filename: gtable_0.3.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/gtable_0.3.0.tar.gz + validation: + type: sha256 + value: fd386cc4610b1cc7627dac34dba8367f7efe114b968503027fb2e1265c67d6d3 +- filename: isoband_0.2.4.tar.gz + url: http://cran.us.r-project.org/src/contrib/isoband_0.2.4.tar.gz + validation: + type: sha256 + value: 96d5bbdbfa4ead40bf30cec5a0d525b6a6b0f21eb92d179289ce2c4459bf387c +- filename: rlang_0.4.11.tar.gz + url: http://cran.us.r-project.org/src/contrib/rlang_0.4.11.tar.gz + validation: + type: sha256 + value: 740e926b20b00788a7ea64cb92ddfdc94cdf256b05b0c57059edf7292511d5dd +- filename: scales_1.1.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/scales_1.1.1.tar.gz + validation: + type: sha256 + value: 40b2b66522f1f314a20fd09426011b0cdc9d16b23ee2e765fe1930292dd03705 +- filename: tibble_3.1.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/tibble_3.1.1.tar.gz + validation: + type: sha256 + value: 9626d4967e467ff3ff94e70c48c76bcc7b846e90e176f02beff28b783c8f0e63 +- filename: withr_2.4.2.tar.gz + url: http://cran.us.r-project.org/src/contrib/withr_2.4.2.tar.gz + validation: + type: sha256 + value: 48f96a4cb780cf6fd5fbbea1f1eb04ea3102d7a4a644cae1ed1e91139dcbbac8 +- filename: ellipsis_0.3.2.tar.gz + url: http://cran.us.r-project.org/src/contrib/ellipsis_0.3.2.tar.gz + validation: + type: sha256 + value: a90266e5eb59c7f419774d5c6d6bd5e09701a26c9218c5933c9bce6765aa1558 +- filename: generics_0.1.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/generics_0.1.0.tar.gz + validation: + type: sha256 + value: ab71d1bdbb66c782364c61cede3c1186d6a94c03635f9af70d926e2c1ac88763 +- filename: lifecycle_1.0.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/lifecycle_1.0.0.tar.gz + validation: + type: sha256 + value: 03334ab213f2ad49a49e184e73f2051e04d35d43f562db903e68243cd2ec0f8e +- filename: magrittr_2.0.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/magrittr_2.0.1.tar.gz + validation: + type: sha256 + value: 75c265d51cc2b34beb27040edb09823c7b954d3990a7a931e40690b75d4aad5f +- filename: R6_2.5.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/R6_2.5.0.tar.gz + validation: + type: sha256 + value: aec1af9626ec532cb883b544bf9eff4cb2d89c343c7ce0fa31761ec5a7882e02 +- filename: tidyselect_1.1.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/tidyselect_1.1.1.tar.gz + validation: + type: sha256 + value: 18eb6a6746196a81ce19ee6cbf1db0c33f494177b97e2419312ef25a00ae486b +- filename: vctrs_0.3.8.tar.gz + url: http://cran.us.r-project.org/src/contrib/vctrs_0.3.8.tar.gz + validation: + type: sha256 + value: 7f4e8b75eda115e69dddf714f0643eb889ad61017cdc13af24389aab2a2d1bb1 +- filename: pillar_1.6.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/pillar_1.6.0.tar.gz + validation: + type: sha256 + value: f1101e886f860105a014682e6ea3b7c6f01d15dd5bde35b7c6d544390c36cadd +- filename: purrr_0.3.4.tar.gz + url: http://cran.us.r-project.org/src/contrib/purrr_0.3.4.tar.gz + validation: + type: sha256 + value: 23ebc93bc9aed9e7575e8eb9683ff4acc0270ef7d6436cc2ef4236a9734840b2 +- filename: cpp11_0.2.7.tar.gz + url: http://cran.us.r-project.org/src/contrib/cpp11_0.2.7.tar.gz + validation: + type: sha256 + value: 1d4154c0d8ef4b564eea828ebebc836b7dbdc89a0848a840dd98173b07f661d4 +- filename: evaluate_0.14.tar.gz + url: http://cran.us.r-project.org/src/contrib/evaluate_0.14.tar.gz + validation: + type: sha256 + value: a8c88bdbe4e60046d95ddf7e181ee15a6f41cdf92127c9678f6f3d328a3c5e28 +- filename: highr_0.9.tar.gz + url: http://cran.us.r-project.org/src/contrib/highr_0.9.tar.gz + validation: + type: sha256 + value: beff11390d936c90fdcc00e7ed0eb72220f3de403a51b56659e3d3e0b6d8ed4d +- filename: markdown_1.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/markdown_1.1.tar.gz + validation: + type: sha256 + value: 8d8cd47472a37362e615dbb8865c3780d7b7db694d59050e19312f126e5efc1b +- filename: stringr_1.4.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/stringr_1.4.0.tar.gz + validation: + type: sha256 + value: 87604d2d3a9ad8fd68444ce0865b59e2ffbdb548a38d6634796bbd83eeb931dd +- filename: yaml_2.2.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/yaml_2.2.1.tar.gz + validation: + type: sha256 + value: 1115b7bc2a397fa724956eec916df5160c600c99a3be186d21558dd38d782783 +- filename: xfun_0.22.tar.gz + url: http://cran.us.r-project.org/src/contrib/xfun_0.22.tar.gz + validation: + type: sha256 + value: 3e717b0eb8100f01c84e2d69c2618f9e54b801a44eef5a2ce4c030c123b8a347 +- filename: foreach_1.5.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/foreach_1.5.1.tar.gz + validation: + type: sha256 + value: fb5ad69e295618c52b2ac7dff84a0771462870a97345374d43b3de2dc31a68e1 +- filename: plyr_1.8.6.tar.gz + url: http://cran.us.r-project.org/src/contrib/plyr_1.8.6.tar.gz + validation: + type: sha256 + value: ea55d26f155443e9774769531daa5d4c20a0697bb53abd832e891b126c935287 +- filename: ModelMetrics_1.2.2.2.tar.gz + url: http://cran.us.r-project.org/src/contrib/ModelMetrics_1.2.2.2.tar.gz + validation: + type: sha256 + value: 5e06f1926aebca5654e1329c66ef19b04058376b2277ebb16e3bf8c208d73457 +- filename: reshape2_1.4.4.tar.gz + url: http://cran.us.r-project.org/src/contrib/reshape2_1.4.4.tar.gz + validation: + type: sha256 + value: d88dcf9e2530fa9695fc57d0c78adfc5e361305fe8919fe09410b17da5ca12d8 +- filename: recipes_0.1.16.tar.gz + url: http://cran.us.r-project.org/src/contrib/recipes_0.1.16.tar.gz + validation: + type: sha256 + value: 43ccb8eb0633a3cdd78100f2798a7a5ddfba1acc59b6f5482be7606357735ed5 +- filename: pROC_1.17.0.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/pROC_1.17.0.1.tar.gz + validation: + type: sha256 + value: 221c726ffb81b04b999905effccfd3a223cd73cae70d7d86688e2dd30e51a6bd +- filename: Rcpp_1.0.6.tar.gz + url: http://cran.us.r-project.org/src/contrib/Rcpp_1.0.6.tar.gz + validation: + type: sha256 + value: c9f24756bc000f7a989bd4f9aa93d57f7739dcde77946703f8bb32332a35f012 +- filename: rsparse_0.4.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/rsparse_0.4.0.tar.gz + validation: + type: sha256 + value: 29b79607483861a48b2682e1f721a0155ef175bcc11cef8dd500b6a85f2a8fae +- filename: stringi_1.5.3.tar.gz + url: http://cran.us.r-project.org/src/contrib/stringi_1.5.3.tar.gz + validation: + type: sha256 + value: 224f1e8dedc962a676bc2e1f53016f6a129a0a38aa0f35daf6dece62ff714010 +- filename: mlapi_0.1.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/mlapi_0.1.0.tar.gz + validation: + type: sha256 + value: 3314e96f4a467a9b6337b4fb16bc5a22e5dee641745ea511c24c327457997b08 +- filename: lgr_0.4.2.tar.gz + url: http://cran.us.r-project.org/src/contrib/lgr_0.4.2.tar.gz + validation: + type: sha256 + value: d9c39b5891f4a1b32e9488f40df7df49ac4ec8cb41c1dbea1b95eb332553934c +- filename: ggplot2_3.3.3.tar.gz + url: http://cran.us.r-project.org/src/contrib/ggplot2_3.3.3.tar.gz + validation: + type: sha256 + value: 45c29e2348dbd195bbde1197a52db7764113e57f463fd3770fb899acc33423cc +- filename: data.table_1.14.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/data.table_1.14.0.tar.gz + validation: + type: sha256 + value: 13f1de244e7fa90fadfb0be964db5ffb324ca024d5f136feb4578b5daedaeb4d +- filename: dplyr_1.0.6.tar.gz + url: http://cran.us.r-project.org/src/contrib/dplyr_1.0.6.tar.gz + validation: + type: sha256 + value: 088c381a19595b202d5508003168c302fb6d893c9e7164e17ddb71616162fa07 +- filename: tidyr_1.1.3.tar.gz + url: http://cran.us.r-project.org/src/contrib/tidyr_1.1.3.tar.gz + validation: + type: sha256 + value: 4ac0faf1886749b292aa19aca8ecd2d537d68484725e9af2b9e8a772f2ceeb32 +- filename: knitr_1.33.tar.gz + url: http://cran.us.r-project.org/src/contrib/knitr_1.33.tar.gz + validation: + type: sha256 + value: 2f83332b0a880de6eae522271bda7f862c97693fba45c23ab1f772028f6c0909 +- filename: caret_6.0-86.tar.gz + url: http://cran.us.r-project.org/src/contrib/caret_6.0-86.tar.gz + validation: + type: sha256 + value: da4a1c7c3fbf645c5b02871e563a77404622b83623f0d1c5dc1425de7aa4ce37 +- filename: text2vec_0.6.tar.gz + url: http://cran.us.r-project.org/src/contrib/text2vec_0.6.tar.gz + validation: + type: sha256 + value: 5e8471ea68ee9d5f0d46c4a6f197af78dd160e8bb0246dcc0ff58b7ece66e564 + +# List of project maintainers +maintainers: +- name: "Matt Vasquez" + username: "matt.vasquez" + email: "vasquez_matt@bah.com" + cht_member: false diff --git a/rpackages b/rpackages new file mode 100644 index 0000000..c4c0b2e --- /dev/null +++ b/rpackages @@ -0,0 +1,7 @@ +ggplot2 +data.table +dplyr +tidyr +knitr +caret +text2vec \ No newline at end of file -- GitLab From 3e5164117dc59668b3e8e308b49519c7a8dcfb76 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Thu, 6 May 2021 00:59:48 -0500 Subject: [PATCH 02/22] typo --- hardening_manifest.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a378738..9e86521 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -37,7 +37,8 @@ resources: validation: type: sha256 value: 0fd54e5ec3504c970c2e7c912fc651446e65e3ccb3b504d4615e2e97176ab406 -- filename: numDeriv_2016.8-1.1.tar.gz url: http://cran.us.r-project.org/src/contrib/numDeriv_2016.8-1.1.tar.gz +- filename: numDeriv_2016.8-1.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/numDeriv_2016.8-1.1.tar.gz validation: type: sha256 value: d8c4d19ff9aeb31b0c628bd4a16378e51c1c9a3813b525469a31fe89af00b345 -- GitLab From 327f8501853813c87a111cb868494dae0ad6d985 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Thu, 6 May 2021 03:12:57 -0500 Subject: [PATCH 03/22] remove line --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index fd6ab9f..6b1eb53 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,8 +11,8 @@ ENV RSTUDIO_VERSION=1.4.1106 COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp RUN dnf upgrade -y && \ - dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ - rm /var/lib/rstudio-server/rstudio.sqlite && \ + dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ + binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ mkdir -p /local/libs && \ chmod -R g=u /var/lib/rstudio-server && \ chmod -R g=u /etc/rstudio && \ -- GitLab From b45063a1873e782c275f7dc9a0e7f975595f0249 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Thu, 6 May 2021 04:01:48 -0500 Subject: [PATCH 04/22] chown to $USER --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6b1eb53..89a45b2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,14 +8,16 @@ USER root ENV RSTUDIO_VERSION=1.4.1106 +ENV USER=default + COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp RUN dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ mkdir -p /local/libs && \ - chmod -R g=u /var/lib/rstudio-server && \ - chmod -R g=u /etc/rstudio && \ + chown -R $USER /var/lib/rstudio-server && \ + chown -R $USER /etc/rstudio && \ chown $USER /var/lib/rstudio-server /var/run/rstudio-server && \ ln -s /usr/lib/rstudio-server/bin/rserver /usr/local/bin/rserver && \ chmod +t /var/run/rstudio-server && \ -- GitLab From fe9e435529b143485d8f016020d93ef950ecf12a Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Thu, 6 May 2021 04:41:50 -0500 Subject: [PATCH 05/22] user add --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 89a45b2..7c1c1b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,11 +8,13 @@ USER root ENV RSTUDIO_VERSION=1.4.1106 -ENV USER=default +ENV USER=rstudio COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp -RUN dnf upgrade -y && \ +RUN groupadd -g 1000 $USER && \ + useradd -r -u 1000 -m -g $USER $USER && \ + dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ mkdir -p /local/libs && \ -- GitLab From 2fec75938411895304698287b0f4dad66ce0ca3c Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Thu, 6 May 2021 04:43:10 -0500 Subject: [PATCH 06/22] update to user --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7c1c1b4..e7b133e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,6 +25,8 @@ RUN groupadd -g 1000 $USER && \ chmod +t /var/run/rstudio-server && \ chkconfig rstudio-server off +USER ${USER} + COPY *.tar.gz /local/libs COPY rpackages /tmp/rpackages @@ -38,8 +40,6 @@ ENV LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 -USER ${USER} - HEALTHCHECK --start-period=60s CMD rserver status EXPOSE 8787 -- GitLab From 9d34a7ee3052c802ce4eaa691d2ef6ba97654768 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Thu, 6 May 2021 04:45:50 -0500 Subject: [PATCH 07/22] revert --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e7b133e..7c1c1b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,8 +25,6 @@ RUN groupadd -g 1000 $USER && \ chmod +t /var/run/rstudio-server && \ chkconfig rstudio-server off -USER ${USER} - COPY *.tar.gz /local/libs COPY rpackages /tmp/rpackages @@ -40,6 +38,8 @@ ENV LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 +USER ${USER} + HEALTHCHECK --start-period=60s CMD rserver status EXPOSE 8787 -- GitLab From 4403ba02b624e0cb47bc975eed46b13e1da9156b Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 13:52:31 -0500 Subject: [PATCH 08/22] update --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7c1c1b4..55c432e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,6 +31,7 @@ COPY rpackages /tmp/rpackages RUN R -e "library(tools); write_PACKAGES('/local/libs')" && \ cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} R -e "install.packages(c({}), contriburl='file:///local/libs')" && \ rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ + echo "auth-none=1" > /etc/rstudio/disable_auth_rserver.conf && \ dnf clean all && \ rm -rf /var/cache/dnf /tmp/* /local/libs/* @@ -44,4 +45,4 @@ HEALTHCHECK --start-period=60s CMD rserver status EXPOSE 8787 -ENTRYPOINT ["rserver", "--server-daemonize=0", "--auth-none=1"] \ No newline at end of file +ENTRYPOINT ["rserver"] \ No newline at end of file -- GitLab From ad9ebdb8013c1cfcbefb9402cb050919ede90409 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 18:48:07 -0500 Subject: [PATCH 09/22] switch to rstudio-server binary --- Dockerfile | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 55c432e..2bcb45a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,20 +8,17 @@ USER root ENV RSTUDIO_VERSION=1.4.1106 -ENV USER=rstudio - COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp -RUN groupadd -g 1000 $USER && \ - useradd -r -u 1000 -m -g $USER $USER && \ - dnf upgrade -y && \ +RUN dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ + rm /var/lib/rstudio-server/rstudio.sqlite && \ mkdir -p /local/libs && \ - chown -R $USER /var/lib/rstudio-server && \ - chown -R $USER /etc/rstudio && \ + chmod -R g=u /var/lib/rstudio-server && \ + chmod -R g=u /etc/rstudio && \ chown $USER /var/lib/rstudio-server /var/run/rstudio-server && \ - ln -s /usr/lib/rstudio-server/bin/rserver /usr/local/bin/rserver && \ + ln -s /usr/lib/rstudio-server/bin/rstudio-server /usr/local/bin/rstudio-server && \ chmod +t /var/run/rstudio-server && \ chkconfig rstudio-server off @@ -31,18 +28,24 @@ COPY rpackages /tmp/rpackages RUN R -e "library(tools); write_PACKAGES('/local/libs')" && \ cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} R -e "install.packages(c({}), contriburl='file:///local/libs')" && \ rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ - echo "auth-none=1" > /etc/rstudio/disable_auth_rserver.conf && \ + echo "auth-none=1" >> /etc/rstudio/disable_auth_rserver.conf && \ + echo "server-daemonize=0" >> /etc/rstudio/rserver.conf && \ + echo "[*]" > /etc/rstudio/logging.conf && \ + echo "log-level=warn" >> /etc/rstudio/logging.conf && \ + echo "logger-type=stderr" >> /etc/rstudio/logging.conf && \ dnf clean all && \ rm -rf /var/cache/dnf /tmp/* /local/libs/* + + ENV LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 USER ${USER} -HEALTHCHECK --start-period=60s CMD rserver status +HEALTHCHECK --start-period=60s CMD rstudio-server status EXPOSE 8787 -ENTRYPOINT ["rserver"] \ No newline at end of file +ENTRYPOINT ["rstudio-server", "start"] \ No newline at end of file -- GitLab From 9b3fdf77cd31a0430450e1311b702cae364c36fb Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 20:10:55 -0500 Subject: [PATCH 10/22] remove sqlite line --- Dockerfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2bcb45a..123df7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,6 @@ COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp RUN dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ - rm /var/lib/rstudio-server/rstudio.sqlite && \ mkdir -p /local/libs && \ chmod -R g=u /var/lib/rstudio-server && \ chmod -R g=u /etc/rstudio && \ @@ -36,15 +35,13 @@ RUN R -e "library(tools); write_PACKAGES('/local/libs')" && \ dnf clean all && \ rm -rf /var/cache/dnf /tmp/* /local/libs/* - - ENV LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 USER ${USER} -HEALTHCHECK --start-period=60s CMD rstudio-server status +HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" EXPOSE 8787 -- GitLab From 118240284056b1f0f207bca73aeecfd2f1d0ccbc Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 20:53:48 -0500 Subject: [PATCH 11/22] update user env var --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 123df7d..3fb6f99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER root ENV RSTUDIO_VERSION=1.4.1106 +ENV USER=default COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp -- GitLab From 18e7a274fb34d333508b0ccfc72a26316489e26e Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 21:34:15 -0500 Subject: [PATCH 12/22] create rstudio user --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3fb6f99..f53f12a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,11 +7,13 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER root ENV RSTUDIO_VERSION=1.4.1106 -ENV USER=default +ENV USER=rstudio COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp -RUN dnf upgrade -y && \ +RUN groupadd -g 1000 $USER && \ + useradd -r -u 1000 -m -g $USER $USER && \ + dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ mkdir -p /local/libs && \ -- GitLab From a56b44aa2bfe65960beb59eec8042c4af8e4435c Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 22:05:51 -0500 Subject: [PATCH 13/22] set absolute path for binaries --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index f53f12a..9779a1f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,8 +27,8 @@ RUN groupadd -g 1000 $USER && \ COPY *.tar.gz /local/libs COPY rpackages /tmp/rpackages -RUN R -e "library(tools); write_PACKAGES('/local/libs')" && \ - cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} R -e "install.packages(c({}), contriburl='file:///local/libs')" && \ +RUN /usr/local/bin/R -e "library(tools); write_PACKAGES('/local/libs')" && \ + cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} /usr/local/bin/R -e "install.packages(c({}), contriburl='file:///local/libs')" && \ rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ echo "auth-none=1" >> /etc/rstudio/disable_auth_rserver.conf && \ echo "server-daemonize=0" >> /etc/rstudio/rserver.conf && \ @@ -44,8 +44,8 @@ ENV LC_ALL=en_US.UTF-8 \ USER ${USER} -HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" +HEALTHCHECK --start-period=60s CMD /usr/local/bin/rstudio-server status | grep -e "running" EXPOSE 8787 -ENTRYPOINT ["rstudio-server", "start"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/rstudio-server", "start"] \ No newline at end of file -- GitLab From 103f90e1240307c3013e1a7d2e880a0411eddbbc Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 22:38:50 -0500 Subject: [PATCH 14/22] test --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9779a1f..5f29c03 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ COPY rpackages /tmp/rpackages RUN /usr/local/bin/R -e "library(tools); write_PACKAGES('/local/libs')" && \ cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} /usr/local/bin/R -e "install.packages(c({}), contriburl='file:///local/libs')" && \ - rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ + # rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ echo "auth-none=1" >> /etc/rstudio/disable_auth_rserver.conf && \ echo "server-daemonize=0" >> /etc/rstudio/rserver.conf && \ echo "[*]" > /etc/rstudio/logging.conf && \ -- GitLab From de193570f5198f8f37ac1985d62fd1fb3484f35f Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 23:12:56 -0500 Subject: [PATCH 15/22] correct base image in hardening manfest / revert --- Dockerfile | 16 +++++++--------- hardening_manifest.yaml | 4 ++-- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5f29c03..ff94779 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,15 +7,13 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER root ENV RSTUDIO_VERSION=1.4.1106 -ENV USER=rstudio COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp -RUN groupadd -g 1000 $USER && \ - useradd -r -u 1000 -m -g $USER $USER && \ - dnf upgrade -y && \ +RUN dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ + rm /var/lib/rstudio-server/rstudio.sqlite && \ mkdir -p /local/libs && \ chmod -R g=u /var/lib/rstudio-server && \ chmod -R g=u /etc/rstudio && \ @@ -27,9 +25,9 @@ RUN groupadd -g 1000 $USER && \ COPY *.tar.gz /local/libs COPY rpackages /tmp/rpackages -RUN /usr/local/bin/R -e "library(tools); write_PACKAGES('/local/libs')" && \ - cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} /usr/local/bin/R -e "install.packages(c({}), contriburl='file:///local/libs')" && \ - # rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ +RUN R -e "library(tools); write_PACKAGES('/local/libs')" && \ + cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} R -e "install.packages(c({}), contriburl='file:///local/libs')" && \ + rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ echo "auth-none=1" >> /etc/rstudio/disable_auth_rserver.conf && \ echo "server-daemonize=0" >> /etc/rstudio/rserver.conf && \ echo "[*]" > /etc/rstudio/logging.conf && \ @@ -44,8 +42,8 @@ ENV LC_ALL=en_US.UTF-8 \ USER ${USER} -HEALTHCHECK --start-period=60s CMD /usr/local/bin/rstudio-server status | grep -e "running" +HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running" EXPOSE 8787 -ENTRYPOINT ["/usr/local/bin/rstudio-server", "start"] \ No newline at end of file +ENTRYPOINT ["rstudio-server", "start"] \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 9e86521..f64bf97 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -10,8 +10,8 @@ tags: - "latest" # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_IMAGE: "ironbank/opensource/r/r-base" + BASE_TAG: "3.0.14" # Docker image labels labels: org.opencontainers.image.title: "rstudio" -- GitLab From c8b6be845abf55934bcd513ac83d60bdff3e0692 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sat, 8 May 2021 23:27:21 -0500 Subject: [PATCH 16/22] typo --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index f64bf97..fefefd8 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -10,7 +10,7 @@ tags: - "latest" # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "ironbank/opensource/r/r-base" + BASE_IMAGE: "opensource/r/r-base" BASE_TAG: "3.0.14" # Docker image labels labels: -- GitLab From 648070a7a7a21a3744c55ccdebffe9d1d9b9e73e Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sun, 9 May 2021 00:03:25 -0500 Subject: [PATCH 17/22] typo --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index fefefd8..eff3453 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -11,7 +11,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/r/r-base" - BASE_TAG: "3.0.14" + BASE_TAG: "4.0.3" # Docker image labels labels: org.opencontainers.image.title: "rstudio" -- GitLab From eee69fdafb4223589b4f3aeb608e35091c179711 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Sun, 9 May 2021 00:29:28 -0500 Subject: [PATCH 18/22] rm sqlite line --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ff94779..123df7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,6 @@ COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp RUN dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ - rm /var/lib/rstudio-server/rstudio.sqlite && \ mkdir -p /local/libs && \ chmod -R g=u /var/lib/rstudio-server && \ chmod -R g=u /etc/rstudio && \ -- GitLab From b52a3b0beda885dcc49b63a430cf87d5996efb3e Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Wed, 12 May 2021 23:15:06 -0500 Subject: [PATCH 19/22] rm rstudio.sqlite --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 123df7d..ff94779 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp RUN dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ + rm /var/lib/rstudio-server/rstudio.sqlite && \ mkdir -p /local/libs && \ chmod -R g=u /var/lib/rstudio-server && \ chmod -R g=u /etc/rstudio && \ -- GitLab From 5ea73932a9dd9f1cd163c69052ddd5c8725e4000 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Thu, 13 May 2021 07:52:57 -0500 Subject: [PATCH 20/22] update hardening manifest --- hardening_manifest.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index eff3453..fc06c4f 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -37,7 +37,7 @@ resources: validation: type: sha256 value: 0fd54e5ec3504c970c2e7c912fc651446e65e3ccb3b504d4615e2e97176ab406 -- filename: numDeriv_2016.8-1.1.tar.gz +- filename: numDeriv_2016.8-1.1.tar.gz url: http://cran.us.r-project.org/src/contrib/numDeriv_2016.8-1.1.tar.gz validation: type: sha256 @@ -317,11 +317,11 @@ resources: validation: type: sha256 value: 29b79607483861a48b2682e1f721a0155ef175bcc11cef8dd500b6a85f2a8fae -- filename: stringi_1.5.3.tar.gz - url: http://cran.us.r-project.org/src/contrib/stringi_1.5.3.tar.gz +- filename: stringi_1.6.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/stringi_1.6.1.tar.gz validation: type: sha256 - value: 224f1e8dedc962a676bc2e1f53016f6a129a0a38aa0f35daf6dece62ff714010 + value: 4469fc37899942094e32fefacc7802bfdf3bfeeed8051d31f4974fd359e79474 - filename: mlapi_0.1.0.tar.gz url: http://cran.us.r-project.org/src/contrib/mlapi_0.1.0.tar.gz validation: @@ -368,6 +368,7 @@ resources: type: sha256 value: 5e8471ea68ee9d5f0d46c4a6f197af78dd160e8bb0246dcc0ff58b7ece66e564 + # List of project maintainers maintainers: - name: "Matt Vasquez" -- GitLab From 5236bf83fee0a9fa895b19e8223119564c4bb660 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Thu, 13 May 2021 22:06:52 -0500 Subject: [PATCH 21/22] permissions change --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ff94779..4f41059 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,11 +13,10 @@ COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp RUN dnf upgrade -y && \ dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \ binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \ - rm /var/lib/rstudio-server/rstudio.sqlite && \ mkdir -p /local/libs && \ + chown -R $USER /var/lib/rstudio-server /var/run/rstudio-server && \ chmod -R g=u /var/lib/rstudio-server && \ chmod -R g=u /etc/rstudio && \ - chown $USER /var/lib/rstudio-server /var/run/rstudio-server && \ ln -s /usr/lib/rstudio-server/bin/rstudio-server /usr/local/bin/rstudio-server && \ chmod +t /var/run/rstudio-server && \ chkconfig rstudio-server off -- GitLab From 998f79c86524eb15bf394c1c90fbeda61ab8fa65 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Fri, 14 May 2021 06:57:46 -0500 Subject: [PATCH 22/22] update README --- README.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4a9533a..9228fb0 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,18 @@ -# Security Notes - -# This container is only approved for DoD use if it is NOT internet facing. Access should be achieved through a Zero Trust stack, for example, CNAP or any approved DoD VPN. - - +## RStudio [RStudio Server](https://rstudio.com/products/rstudio/#rstudio-server) is an integrated development environment (IDE) for R. It includes a console, syntax-highlighting editor that supports direct code execution, as well as tools for plotting, history, debugging and workspace management. data. ## Documentation To learn more about Rstudio Server Opensouce [go to the complete documentation](https://support.rstudio.com/hc/en-us/articles/200552306-Getting-Started). + +## R Libraries Included +ggplot2 +data.table +dplyr +tidyr +knitr +caret +text2vec + +## Quickstart +`docker run --rm --name rstudio -it -p 8787:8787 registry1.dso.mil/ironbank/opensource/r/r-studio:1.4.1106` \ No newline at end of file -- GitLab