diff --git a/Dockerfile b/Dockerfile index 9e0ebbb5f8ef5e2d13b25a7a8ad39941f20bb6e3..16ce11e01a4fc739b61b031d17d4c189975f2a1c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,23 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/opensource/nginx/nginx -ARG BASE_TAG=1.19.2 +ARG BASE_TAG=1.20.0 # Down with the bloat FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG jitt_version=5.10.27 -COPY /jitt-${jitt_version}.tar.gz / +ARG jitt_version=5.13.3 +COPY /training-${jitt_version}.tar.gz / USER root -RUN mkdir --parents /jitt \ - && tar --extract --gzip --file=/jitt-${jitt_version}.tar.gz --directory=/jitt +RUN set -x \ + && mkdir --parents /jitt \ + && tar --extract --gzip --file=/training-${jitt_version}.tar.gz --directory=/jitt FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG jitt_version=5.10.27 - -LABEL type="ironbank" +ARG jitt_version=5.13.3 USER root @@ -42,7 +41,7 @@ RUN set -x \ && find /etc/nginx/ -type d -exec chmod g+rwx {} \; \ && chown --recursive nginx:www-data /var/log/nginx /var/cache/nginx -COPY --from=extractor /jitt /jitt/ +COPY --from=extractor /jitt/training /jitt/ COPY /scripts/rtenvsub.sh /bin/rtenvsub.sh COPY /scripts/shtdlib_dccscr.sh /bin/shtdlib_dccscr.sh COPY /scripts/run_nginx.sh /bin/run_nginx.sh diff --git a/README.md b/README.md index 03679e5142ca52e835e8e3082c6d0c62b6ca3bcd..973e59070343562a1e1dd5b768c02925cdaacbbc 100644 --- a/README.md +++ b/README.md @@ -7,11 +7,10 @@ This container hosts SDElements Just In Time Training (JITT) content using Nginx ## Local build -1. Download the memcached tarball defined in `download.yaml`. The URL below is used as an example. Note -the version of memcached, in this case `5.10.27` +1. Download the training tarball defined in `hardening_manifest.yaml`. The URL below is used as an example. Note the version, in this case `5.13.3` ```bash - wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde/SDElements_Dependency_RPMs/jitt-5.10.27.tar.gz + wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde_training/bundles/training-5.13.3.tar.gz ``` @@ -19,7 +18,7 @@ the version of memcached, in this case `5.10.27` ```bash clear && \ - export jitt_version='5.10.27' && \ + export jitt_version='5.13.3' && \ docker build . -t localhost/security-compass/jitt/nginx-jitt:"local" \ --build-arg jitt_version="${jitt_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 8fe81e64e948be029272a6480eff25b5e51c4906..1ed0089586295a7025a662b2251c7bc0bc97e279 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,13 +8,13 @@ name: "security-compass/jitt/nginx" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.10.27" +- "5.13.3" - "latest" # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/nginx/nginx" - BASE_TAG: "1.19.2" + BASE_TAG: "1.20.0" # Docker image labels labels: @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde/SDElements_Dependency_RPMs/jitt-5.10.27.tar.gz" - filename: "jitt-5.10.27.tar.gz" + - url: "https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde_training/bundles/training-5.13.3.tar.gz" + filename: "training-5.13.3.tar.gz" validation: type: sha256 - value: "0d8b0a681b56375e7943c050564cf55b15148320064b59d91307f4c0a234a2d0" + value: "756dd9c21d001c0d3a6b466477f81161e64b5da6263324e36f7ad53d7ff40af6" auth: type: "basic" id: "scompass-credential"