From 5062ced6d4a6904a19eb40746c1583eab912e1aa Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Mon, 19 Jul 2021 19:16:59 -0500 Subject: [PATCH 1/4] update deps --- Dockerfile | 2 +- hardening_manifest.yaml | 74 ++++++++++++++++++++--------------------- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4f41059..38104a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} USER root -ENV RSTUDIO_VERSION=1.4.1106 +ENV RSTUDIO_VERSION=1.4.1717 COPY rstudio-server-rhel-${RSTUDIO_VERSION}-x86_64.rpm /tmp diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index b7b8e18..0467017 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -33,7 +33,7 @@ labels: # List of resources to make available to the offline build context resources: - filename: rstudio-server-rhel-1.4.1106-x86_64.rpm - url: https://download2.rstudio.org/server/centos8/x86_64/rstudio-server-rhel-1.4.1106-x86_64.rpm + url: https://download2.rstudio.org/server/centos7/x86_64/rstudio-server-rhel-1.4.1717-x86_64.rpm validation: type: sha256 value: 0fd54e5ec3504c970c2e7c912fc651446e65e3ccb3b504d4615e2e97176ab406 @@ -52,11 +52,11 @@ resources: validation: type: sha256 value: 034d628a22061cf811e7ac9a9210d91e12fec146250da3ad6fbb7ef4f372b11d -- filename: colorspace_2.0-1.tar.gz - url: http://cran.us.r-project.org/src/contrib/colorspace_2.0-1.tar.gz +- filename: colorspace_2.0-2.tar.gz + url: http://cran.us.r-project.org/src/contrib/colorspace_2.0-2.tar.gz validation: type: sha256 - value: f82fdde36058678d1bd0f410eb45a5874aa28d74e2de30399f28b070a284425e + value: b891cd2ec129ed5f116429345947bcaadc33969758a108521eb0cf36bd12183a - filename: prodlim_2019.11.13.tar.gz url: http://cran.us.r-project.org/src/contrib/prodlim_2019.11.13.tar.gz validation: @@ -87,21 +87,21 @@ resources: validation: type: sha256 value: 849955dc8ad9bc52bdc50ed4867fd92a510696fc8294e6971efa018437c83c6a -- filename: fansi_0.4.2.tar.gz - url: http://cran.us.r-project.org/src/contrib/fansi_0.4.2.tar.gz +- filename: fansi_0.5.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/fansi_0.5.0.tar.gz validation: type: sha256 - value: a2edf06cf8b91333a5df4990d50cdb35a63aa4b63c8c8ddf5bedcb499daafc44 + value: 9d1bf8c316969c163abd3dd41cc1425b2671df9471fe806bf8783794a19ca54f - filename: pkgconfig_2.0.3.tar.gz url: http://cran.us.r-project.org/src/contrib/pkgconfig_2.0.3.tar.gz validation: type: sha256 value: 330fef440ffeb842a7dcfffc8303743f1feae83e8d6131078b5a44ff11bc3850 -- filename: cli_2.5.0.tar.gz - url: http://cran.us.r-project.org/src/contrib/cli_2.5.0.tar.gz +- filename: cli_3.0.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/cli_3.0.1.tar.gz validation: type: sha256 - value: 5067dfbe056a4b2a57142520f4895ec0b018d3065a910ff4ca41444019b58d9c + value: d89a25b6cd760e157605676e104ce65473a7d8d64c289efdd9640e949968b4fd - filename: crayon_1.4.1.tar.gz url: http://cran.us.r-project.org/src/contrib/crayon_1.4.1.tar.gz validation: @@ -112,11 +112,11 @@ resources: validation: type: sha256 value: b3411900d43a6a63c068997909ee14b67e3027816ee590586b78de37acdc87fb -- filename: mime_0.10.tar.gz - url: http://cran.us.r-project.org/src/contrib/mime_0.10.tar.gz +- filename: mime_0.11.tar.gz + url: http://cran.us.r-project.org/src/contrib/mime_0.11.tar.gz validation: type: sha256 - value: 783233a15a817a7530d140e9825565a661aa4bdea7c635d11b9c74faa33be3f7 + value: 215427a49f0d0b0e3ab38d419c515a35d57e3bc32535805306275d8b33f8eec0 - filename: iterators_1.0.13.tar.gz url: http://cran.us.r-project.org/src/contrib/iterators_1.0.13.tar.gz validation: @@ -152,11 +152,11 @@ resources: validation: type: sha256 value: db02cbdad32fc54bc60bb27baf0799e919c09c09710c33bf72c741f93421616f -- filename: RcppArmadillo_0.10.4.0.0.tar.gz - url: http://cran.us.r-project.org/src/contrib/RcppArmadillo_0.10.4.0.0.tar.gz +- filename: RcppArmadillo_0.10.6.0.0.tar.gz + url: http://cran.us.r-project.org/src/contrib/RcppArmadillo_0.10.6.0.0.tar.gz validation: type: sha256 - value: dbe894b7120671db3c720f663a165063de51432192d0766e2dc4a89c1d3fcc02 + value: 9b80deebb91df0960a4881f96dfeac6aecd4e86ed60ccecce2b5165aa6439dad - filename: digest_0.6.27.tar.gz url: http://cran.us.r-project.org/src/contrib/digest_0.6.27.tar.gz validation: @@ -172,11 +172,11 @@ resources: validation: type: sha256 value: fd386cc4610b1cc7627dac34dba8367f7efe114b968503027fb2e1265c67d6d3 -- filename: isoband_0.2.4.tar.gz - url: http://cran.us.r-project.org/src/contrib/isoband_0.2.4.tar.gz +- filename: isoband_0.2.5.tar.gz + url: http://cran.us.r-project.org/src/contrib/isoband_0.2.5.tar.gz validation: type: sha256 - value: 96d5bbdbfa4ead40bf30cec5a0d525b6a6b0f21eb92d179289ce2c4459bf387c + value: 46f53fa066f0966f02cb2bf050190c0d5e950dab2cdf565feb63fc092c886ba5 - filename: rlang_0.4.11.tar.gz url: http://cran.us.r-project.org/src/contrib/rlang_0.4.11.tar.gz validation: @@ -242,11 +242,11 @@ resources: validation: type: sha256 value: 23ebc93bc9aed9e7575e8eb9683ff4acc0270ef7d6436cc2ef4236a9734840b2 -- filename: cpp11_0.2.7.tar.gz - url: http://cran.us.r-project.org/src/contrib/cpp11_0.2.7.tar.gz +- filename: cpp11_0.3.1.tar.gz + url: http://cran.us.r-project.org/src/contrib/cpp11_0.3.1.tar.gz validation: type: sha256 - value: 1d4154c0d8ef4b564eea828ebebc836b7dbdc89a0848a840dd98173b07f661d4 + value: 478d421b07c5cb022dafb2ad1fcec474e8afec5f6f983258505ac5d54f015af0 - filename: evaluate_0.14.tar.gz url: http://cran.us.r-project.org/src/contrib/evaluate_0.14.tar.gz validation: @@ -272,11 +272,11 @@ resources: validation: type: sha256 value: 1115b7bc2a397fa724956eec916df5160c600c99a3be186d21558dd38d782783 -- filename: xfun_0.23.tar.gz - url: http://cran.us.r-project.org/src/contrib/xfun_0.23.tar.gz +- filename: xfun_0.24.tar.gz + url: http://cran.us.r-project.org/src/contrib/xfun_0.24.tar.gz validation: type: sha256 - value: ec8528e85ea7e7f3dad0148359cdb0b10c8dc586bb99d4ab20b3fb24ed850e37 + value: e3e39a95202f6db4f6de3a8b9a344074a4944a3a8a522d44971390c905e2b583 - filename: foreach_1.5.1.tar.gz url: http://cran.us.r-project.org/src/contrib/foreach_1.5.1.tar.gz validation: @@ -307,21 +307,21 @@ resources: validation: type: sha256 value: 221c726ffb81b04b999905effccfd3a223cd73cae70d7d86688e2dd30e51a6bd -- filename: Rcpp_1.0.6.tar.gz - url: http://cran.us.r-project.org/src/contrib/Rcpp_1.0.6.tar.gz +- filename: Rcpp_1.0.7.tar.gz + url: http://cran.us.r-project.org/src/contrib/Rcpp_1.0.7.tar.gz validation: type: sha256 - value: c9f24756bc000f7a989bd4f9aa93d57f7739dcde77946703f8bb32332a35f012 + value: 15e5a4732216daed16263c79fb37017c2ada84a2d4e785e3b76445d0eba3dc1d - filename: rsparse_0.4.0.tar.gz url: http://cran.us.r-project.org/src/contrib/rsparse_0.4.0.tar.gz validation: type: sha256 value: 29b79607483861a48b2682e1f721a0155ef175bcc11cef8dd500b6a85f2a8fae -- filename: stringi_1.6.2.tar.gz - url: http://cran.us.r-project.org/src/contrib/stringi_1.6.2.tar.gz +- filename: stringi_1.7.3.tar.gz + url: http://cran.us.r-project.org/src/contrib/stringi_1.7.3.tar.gz validation: type: sha256 - value: 3a151dd9b982696370ac8df3920afe462f8abbd4e41b479ff8b66cfd7b602dae + value: d98632f1d7dc22e0a190315ee3c435146894e18ef586adbeb80ad526673b1f56 - filename: mlapi_0.1.0.tar.gz url: http://cran.us.r-project.org/src/contrib/mlapi_0.1.0.tar.gz validation: @@ -332,21 +332,21 @@ resources: validation: type: sha256 value: d9c39b5891f4a1b32e9488f40df7df49ac4ec8cb41c1dbea1b95eb332553934c -- filename: ggplot2_3.3.3.tar.gz - url: http://cran.us.r-project.org/src/contrib/ggplot2_3.3.3.tar.gz +- filename: ggplot2_3.3.5.tar.gz + url: http://cran.us.r-project.org/src/contrib/ggplot2_3.3.5.tar.gz validation: type: sha256 - value: 45c29e2348dbd195bbde1197a52db7764113e57f463fd3770fb899acc33423cc + value: b075294faf3af31b18e415f260c62d6000b218770e430484fe38819bdc3224ea - filename: data.table_1.14.0.tar.gz url: http://cran.us.r-project.org/src/contrib/data.table_1.14.0.tar.gz validation: type: sha256 value: 13f1de244e7fa90fadfb0be964db5ffb324ca024d5f136feb4578b5daedaeb4d -- filename: dplyr_1.0.6.tar.gz - url: http://cran.us.r-project.org/src/contrib/dplyr_1.0.6.tar.gz +- filename: dplyr_1.0.7.tar.gz + url: http://cran.us.r-project.org/src/contrib/dplyr_1.0.7.tar.gz validation: type: sha256 - value: 088c381a19595b202d5508003168c302fb6d893c9e7164e17ddb71616162fa07 + value: d2fe3aedbce02fdddce09a8a80f85f5918a9d1f15f792ad4a98f254959d7123d - filename: tidyr_1.1.3.tar.gz url: http://cran.us.r-project.org/src/contrib/tidyr_1.1.3.tar.gz validation: -- GitLab From 159c8cdecfc213d167125598b4f06fd328fc2989 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Mon, 19 Jul 2021 19:19:02 -0500 Subject: [PATCH 2/4] more dep updates, version --- README.md | 2 +- hardening_manifest.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 9228fb0..266bc18 100644 --- a/README.md +++ b/README.md @@ -15,4 +15,4 @@ caret text2vec ## Quickstart -`docker run --rm --name rstudio -it -p 8787:8787 registry1.dso.mil/ironbank/opensource/r/r-studio:1.4.1106` \ No newline at end of file +`docker run --rm --name rstudio -it -p 8787:8787 registry1.dso.mil/ironbank/opensource/r/r-studio:1.4.1717` \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 0467017..4d0de88 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -6,7 +6,7 @@ name: "opensource/r/r-studio" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "1.4.1106" +- "1.4.1717" - "latest" # Build args passed to Dockerfile ARGs args: @@ -23,7 +23,7 @@ labels: org.opencontainers.image.url: "https://rstudio.com/" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "RStudio" - org.opencontainers.image.version: "1.4.1106" + org.opencontainers.image.version: "1.4.1717" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "ide,ai,ml" ## This value can be "opensource" or "commercial" @@ -32,7 +32,7 @@ labels: mil.dso.ironbank.product.name: "RStudio" # List of resources to make available to the offline build context resources: -- filename: rstudio-server-rhel-1.4.1106-x86_64.rpm +- filename: rstudio-server-rhel-1.4.1717-x86_64.rpm url: https://download2.rstudio.org/server/centos7/x86_64/rstudio-server-rhel-1.4.1717-x86_64.rpm validation: type: sha256 @@ -86,7 +86,7 @@ resources: url: http://cran.us.r-project.org/src/contrib/viridisLite_0.4.0.tar.gz validation: type: sha256 - value: 849955dc8ad9bc52bdc50ed4867fd92a510696fc8294e6971efa018437c83c6a + value: 849955dc8ad9bc52bdc50ed4867fd92a571796fc8294e6971efa018437c83c6a - filename: fansi_0.5.0.tar.gz url: http://cran.us.r-project.org/src/contrib/fansi_0.5.0.tar.gz validation: -- GitLab From 57dc39aa0e746289436815232a058fa257f86ff4 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Mon, 19 Jul 2021 19:22:13 -0500 Subject: [PATCH 3/4] update hash value for rstudio rpm --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 4d0de88..64ae19d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -36,7 +36,7 @@ resources: url: https://download2.rstudio.org/server/centos7/x86_64/rstudio-server-rhel-1.4.1717-x86_64.rpm validation: type: sha256 - value: 0fd54e5ec3504c970c2e7c912fc651446e65e3ccb3b504d4615e2e97176ab406 + value: a7c9759039aaf8e173ece81d4cc008bc9c5198d86442725191f9da97efdfe2ae - filename: numDeriv_2016.8-1.1.tar.gz url: http://cran.us.r-project.org/src/contrib/numDeriv_2016.8-1.1.tar.gz validation: -- GitLab From d6b4e8fb46daf9d2fc651460c17cbc487b4e1944 Mon Sep 17 00:00:00 2001 From: "matt.vasquez" Date: Mon, 19 Jul 2021 19:47:39 -0500 Subject: [PATCH 4/4] resource url/hash update --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 64ae19d..e224ccf 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -86,7 +86,7 @@ resources: url: http://cran.us.r-project.org/src/contrib/viridisLite_0.4.0.tar.gz validation: type: sha256 - value: 849955dc8ad9bc52bdc50ed4867fd92a571796fc8294e6971efa018437c83c6a + value: 849955dc8ad9bc52bdc50ed4867fd92a510696fc8294e6971efa018437c83c6a - filename: fansi_0.5.0.tar.gz url: http://cran.us.r-project.org/src/contrib/fansi_0.5.0.tar.gz validation: -- GitLab