correct base image in hardening manfest / revert

de193570 · Matt Vasquez · 103f90e1 · de193570 · de193570
Commit de193570 authored May 08, 2021 by Matt Vasquez
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 11 deletions

Dockerfile Dockerfile +7 -9

hardening_manifest.yaml hardening_manifest.yaml +2 -2

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,15 +7,13 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 USER root
 ENV RSTUDIO_VERSION=1.4.1106
-ENV USER=rstudio
 COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp
-RUN groupadd -g 1000 $USER && \
+RUN dnf upgrade -y && \
-    useradd -r -u 1000 -m -g $USER $USER && \
-    dnf upgrade -y && \
    dnf install -y --nogpgcheck glibc-langpack-en initscripts procps-ng /tmp/rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm \
    binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \
+    rm /var/lib/rstudio-server/rstudio.sqlite && \
    mkdir -p /local/libs && \
    chmod -R g=u /var/lib/rstudio-server && \
    chmod -R g=u /etc/rstudio && \
@@ -27,9 +25,9 @@ RUN groupadd -g 1000 $USER && \
 COPY *.tar.gz /local/libs
 COPY rpackages /tmp/rpackages
-RUN /usr/local/bin/R -e "library(tools); write_PACKAGES('/local/libs')" && \
+RUN R -e "library(tools); write_PACKAGES('/local/libs')" && \
-    cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} /usr/local/bin/R -e "install.packages(c({}), contriburl='file:///local/libs')" && \
+    cat /tmp/rpackages | awk '{printf "\x27"$1"\x27,"}' | sed 's/.$//' | xargs -0 -I {} R -e "install.packages(c({}), contriburl='file:///local/libs')" && \
-    # rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \
+    rpm -e --nodeps binutils curl glibc-devel glibc-headers libcurl-devel libX11 libX11-common kernel-headers && \
    echo "auth-none=1" >> /etc/rstudio/disable_auth_rserver.conf && \
    echo "server-daemonize=0" >> /etc/rstudio/rserver.conf && \
    echo "[*]" > /etc/rstudio/logging.conf && \
@@ -44,8 +42,8 @@ ENV LC_ALL=en_US.UTF-8 \
 USER ${USER}
-HEALTHCHECK --start-period=60s CMD /usr/local/bin/rstudio-server status | grep -e "running"
+HEALTHCHECK --start-period=60s CMD rstudio-server status | grep -e "running"
 EXPOSE 8787
-ENTRYPOINT ["/usr/local/bin/rstudio-server", "start"]
+ENTRYPOINT ["rstudio-server", "start"]
\ No newline at end of file
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -10,8 +10,8 @@ tags:
 - "latest"
 # Build args passed to Dockerfile ARGs
 args:
-  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_IMAGE: "ironbank/opensource/r/r-base"
-  BASE_TAG: "8.3"
+  BASE_TAG: "3.0.14"
 # Docker image labels
 labels:
  org.opencontainers.image.title: "rstudio"