From 24f395c927790bf98e3a9011086f70b36452de44 Mon Sep 17 00:00:00 2001 From: Hrdayesh Patel Date: Mon, 8 Feb 2021 11:25:34 -0500 Subject: [PATCH 1/4] Upgrade to SDE 5.11 --- Dockerfile | 13 +++++++------ README.md | 7 +++---- hardening_manifest.yaml | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9e0ebbb..dbf4e0a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,17 +6,18 @@ ARG BASE_TAG=1.19.2 # Down with the bloat FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG jitt_version=5.10.27 -COPY /jitt-${jitt_version}.tar.gz / +ARG jitt_version=5.11 +COPY /training-${jitt_version}.tar.gz / USER root -RUN mkdir --parents /jitt \ - && tar --extract --gzip --file=/jitt-${jitt_version}.tar.gz --directory=/jitt +RUN set -x \ + && mkdir --parents /jitt \ + && tar --extract --gzip --file=/training-${jitt_version}.tar.gz --directory=/jitt FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG jitt_version=5.10.27 +ARG jitt_version=5.11 LABEL type="ironbank" @@ -42,7 +43,7 @@ RUN set -x \ && find /etc/nginx/ -type d -exec chmod g+rwx {} \; \ && chown --recursive nginx:www-data /var/log/nginx /var/cache/nginx -COPY --from=extractor /jitt /jitt/ +COPY --from=extractor /jitt/training /jitt/ COPY /scripts/rtenvsub.sh /bin/rtenvsub.sh COPY /scripts/shtdlib_dccscr.sh /bin/shtdlib_dccscr.sh COPY /scripts/run_nginx.sh /bin/run_nginx.sh diff --git a/README.md b/README.md index 03679e5..820bbf9 100644 --- a/README.md +++ b/README.md @@ -7,11 +7,10 @@ This container hosts SDElements Just In Time Training (JITT) content using Nginx ## Local build -1. Download the memcached tarball defined in `download.yaml`. The URL below is used as an example. Note -the version of memcached, in this case `5.10.27` +1. Download the training tarball defined in `hardening_manifest.yaml`. The URL below is used as an example. Note the version, in this case `5.11` ```bash - wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde/SDElements_Dependency_RPMs/jitt-5.10.27.tar.gz + wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde_training/bundles/training-5.11.tar.gz ``` @@ -19,7 +18,7 @@ the version of memcached, in this case `5.10.27` ```bash clear && \ - export jitt_version='5.10.27' && \ + export jitt_version='5.11' && \ docker build . -t localhost/security-compass/jitt/nginx-jitt:"local" \ --build-arg jitt_version="${jitt_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 8fe81e6..c2df0c1 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/jitt/nginx" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.10.27" +- "5.11" - "latest" # Build args passed to Dockerfile ARGs @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde/SDElements_Dependency_RPMs/jitt-5.10.27.tar.gz" - filename: "jitt-5.10.27.tar.gz" + - url: "https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde_training/bundles/training-5.11.tar.gz" + filename: "training-5.11.tar.gz" validation: type: sha256 - value: "0d8b0a681b56375e7943c050564cf55b15148320064b59d91307f4c0a234a2d0" + value: "a3ec3b5060b38272ba31fae92853b4cb29bfe610c6416536be8868c9466cda35" auth: type: "basic" id: "scompass-credential" -- GitLab From 4d00812740e797da903c19603eeccde24e719ed3 Mon Sep 17 00:00:00 2001 From: Jeffrey Weatherford Date: Mon, 8 Feb 2021 17:21:52 +0000 Subject: [PATCH 2/4] Update Dockerfile to remove the label line and clear the pre-flight warning. --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index dbf4e0a..14f0b25 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,8 +19,6 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ARG jitt_version=5.11 -LABEL type="ironbank" - USER root -- GitLab From b2fa13f8750d56059a2863d98783581955343938 Mon Sep 17 00:00:00 2001 From: mchum Date: Mon, 10 May 2021 21:50:19 +0000 Subject: [PATCH 3/4] Update JITT to bundle SDE 5.13 Training Bundle --- Dockerfile | 4 ++-- README.md | 6 +++--- hardening_manifest.yaml | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 14f0b25..a08e187 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ ARG BASE_TAG=1.19.2 # Down with the bloat FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG jitt_version=5.11 +ARG jitt_version=5.13.3 COPY /training-${jitt_version}.tar.gz / USER root @@ -17,7 +17,7 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG jitt_version=5.11 +ARG jitt_version=5.13.3 USER root diff --git a/README.md b/README.md index 820bbf9..973e590 100644 --- a/README.md +++ b/README.md @@ -7,10 +7,10 @@ This container hosts SDElements Just In Time Training (JITT) content using Nginx ## Local build -1. Download the training tarball defined in `hardening_manifest.yaml`. The URL below is used as an example. Note the version, in this case `5.11` +1. Download the training tarball defined in `hardening_manifest.yaml`. The URL below is used as an example. Note the version, in this case `5.13.3` ```bash - wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde_training/bundles/training-5.11.tar.gz + wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde_training/bundles/training-5.13.3.tar.gz ``` @@ -18,7 +18,7 @@ This container hosts SDElements Just In Time Training (JITT) content using Nginx ```bash clear && \ - export jitt_version='5.11' && \ + export jitt_version='5.13.3' && \ docker build . -t localhost/security-compass/jitt/nginx-jitt:"local" \ --build-arg jitt_version="${jitt_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c2df0c1..8436db8 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/jitt/nginx" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.11" +- "5.13.3" - "latest" # Build args passed to Dockerfile ARGs @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde_training/bundles/training-5.11.tar.gz" - filename: "training-5.11.tar.gz" + - url: "https://tar.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde_training/bundles/training-5.13.3.tar.gz" + filename: "training-5.13.3.tar.gz" validation: type: sha256 - value: "a3ec3b5060b38272ba31fae92853b4cb29bfe610c6416536be8868c9466cda35" + value: "756dd9c21d001c0d3a6b466477f81161e64b5da6263324e36f7ad53d7ff40af6" auth: type: "basic" id: "scompass-credential" -- GitLab From afb8ccd0fb7de2449e472a770af29f129ad11eff Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Thu, 27 May 2021 10:58:27 -0400 Subject: [PATCH 4/4] bumping base tag --- Dockerfile | 2 +- hardening_manifest.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a08e187..16ce11e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/opensource/nginx/nginx -ARG BASE_TAG=1.19.2 +ARG BASE_TAG=1.20.0 # Down with the bloat diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 8436db8..1ed0089 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/nginx/nginx" - BASE_TAG: "1.19.2" + BASE_TAG: "1.20.0" # Docker image labels labels: -- GitLab