From 11918b984dc4865a26919b2a9b5387f1e6e99528 Mon Sep 17 00:00:00 2001 From: aman-agrawal <9412470@gmail.com> Date: Wed, 3 Jan 2024 10:52:45 +0530 Subject: [PATCH] Updating AWS_IAM_AUTHENTICATOR & GOOGLE_CLOUD_SDK - CVE fix --- docker/ubi8/Dockerfile | 8 ++++---- docker/ubi8/Dockerfile-dev | 14 +++++++------- docker/ubi8/Dockerfile-fips | 12 ++++++------ 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/docker/ubi8/Dockerfile b/docker/ubi8/Dockerfile index 030ccb71e4f..67facb4b449 100644 --- a/docker/ubi8/Dockerfile +++ b/docker/ubi8/Dockerfile @@ -6,21 +6,21 @@ LABEL summary='Red Hat certified Open Enterprise Spinnaker ubi8 container image LABEL description='Certified Open Enterprise Spinnaker is an Enterprise grade, Red Hat certified and OpsMx supported release of the popular and critically acclaimed Continuous Delivery platform Spinnaker' LABEL vendor='OpsMx' -RUN yum install -y python38 +RUN yum install -y python38 ARG TARGETARCH ENV KUBECTL_RELEASE=1.22.0 ENV AWS_CLI_VERSION=1.18.152 ENV AWS_CLI_S3_CMD=2.0.2 -ENV AWS_AIM_AUTHENTICATOR_VERSION=0.5.9 -ENV GOOGLE_CLOUD_SDK_VERSION=435.0.0 +ENV AWS_AIM_AUTHENTICATOR_VERSION=0.6.14 +ENV GOOGLE_CLOUD_SDK_VERSION=458.0.1 ENV ECR_TOKEN_VERSION=v1.0.2 ENV PATH "$PATH:/usr/local/bin/:/opt/google-cloud-sdk/bin/:/usr/local/bin/aws-iam-authenticator" USER root -RUN yum -y install bash jq tar unzip wget unzip procps java-17-openjdk-devel.x86_64 vim net-tools curl git +RUN yum -y install bash jq tar unzip wget unzip procps java-17-openjdk-devel.x86_64 vim net-tools curl git # AWS CLI RUN yum -y install python3-pip && \ diff --git a/docker/ubi8/Dockerfile-dev b/docker/ubi8/Dockerfile-dev index 3d1524e0f43..a5046412cc2 100644 --- a/docker/ubi8/Dockerfile-dev +++ b/docker/ubi8/Dockerfile-dev @@ -36,14 +36,14 @@ RUN fips-mode-setup --enable # Setting crypto policies to FIPS RUN update-crypto-policies --set FIPS -RUN yum install -y python38 +RUN yum install -y python38 ARG TARGETARCH ENV KUBECTL_RELEASE=1.22.0 ENV AWS_CLI_S3_CMD=2.0.2 -ENV AWS_AIM_AUTHENTICATOR_VERSION=0.5.9 -ENV GOOGLE_CLOUD_SDK_VERSION=435.0.0 +ENV AWS_AIM_AUTHENTICATOR_VERSION=0.6.14 +ENV GOOGLE_CLOUD_SDK_VERSION=458.0.1 ENV ECR_TOKEN_VERSION=v1.0.2 ENV PATH "$PATH:/usr/local/bin/:/opt/google-cloud-sdk/bin/:/usr/local/bin/aws-iam-authenticator" @@ -51,7 +51,7 @@ ENV PATH "$PATH:/usr/local/bin/:/opt/google-cloud-sdk/bin/:/usr/local/bin/aws-ia USER root -#RUN yum -y install bash jq tar unzip wget procps java-17-openjdk-devel.x86_64 vim net-tools curl git +#RUN yum -y install bash jq tar unzip wget procps java-17-openjdk-devel.x86_64 vim net-tools curl git RUN yum -y install wget git @@ -85,8 +85,8 @@ RUN wget https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_RE RUN mkdir -p /opt/jaeger COPY jaeger/opentelemetry-javaagent.jar /opt/jaeger/opentelemetry-javaagent.jar -#RUN yum -y remove tar curl -#RUN yum -y remove vim jq unzip +#RUN yum -y remove tar curl +#RUN yum -y remove vim jq unzip RUN yum -y remove clean all && rm -rf /var/cache @@ -107,7 +107,7 @@ ENV CUSTOMPLUGIN_RELEASEREPO=$CUSTOMPLUGIN_RELEASEREPO ARG CUSTOMPLUGIN_RELEASEVERSION ENV CUSTOMPLUGIN_RELEASEVERSION=$CUSTOMPLUGIN_RELEASEVERSION -RUN wget -O Armory.armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}-SNAPSHOT.zip -c https://github.com/${CUSTOMPLUGIN_RELEASEORG}/${CUSTOMPLUGIN_RELEASEREPO}/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}.zip -P /opt/clouddriver/plugins +RUN wget -O Armory.armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}-SNAPSHOT.zip -c https://github.com/${CUSTOMPLUGIN_RELEASEORG}/${CUSTOMPLUGIN_RELEASEREPO}/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}.zip -P /opt/clouddriver/plugins RUN mv Armory.armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}-SNAPSHOT.zip /opt/clouddriver/plugins/ diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index 273fcd04713..62025058e12 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -42,14 +42,14 @@ ARG TARGETARCH ENV KUBECTL_RELEASE=1.22.0 ENV AWS_CLI_S3_CMD=2.0.2 -ENV AWS_AIM_AUTHENTICATOR_VERSION=0.5.9 -ENV GOOGLE_CLOUD_SDK_VERSION=435.0.0 +ENV AWS_AIM_AUTHENTICATOR_VERSION=0.6.14 +ENV GOOGLE_CLOUD_SDK_VERSION=458.0.1 ENV ECR_TOKEN_VERSION=v1.0.2 ENV PATH "$PATH:/usr/local/bin/:/opt/google-cloud-sdk/bin/:/usr/local/bin/aws-iam-authenticator" USER root -#RUN yum -y install bash jq tar unzip wget procps java-17-openjdk-devel.x86_64 vim net-tools curl git +#RUN yum -y install bash jq tar unzip wget procps java-17-openjdk-devel.x86_64 vim net-tools curl git RUN yum -y install wget git @@ -82,8 +82,8 @@ COPY clouddriver-web/build/install/clouddriver /opt/clouddriver -#RUN yum -y remove tar curl -#RUN yum -y remove vim jq unzip +#RUN yum -y remove tar curl +#RUN yum -y remove vim jq unzip RUN yum -y remove clean all && rm -rf /var/cache RUN adduser spinnaker @@ -102,7 +102,7 @@ ENV CUSTOMPLUGIN_RELEASEVERSION=$CUSTOMPLUGIN_RELEASEVERSION -RUN wget -O Armory.armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}-SNAPSHOT.zip -c https://github.com/${CUSTOMPLUGIN_RELEASEORG}/${CUSTOMPLUGIN_RELEASEREPO}/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}.zip -P /opt/clouddriver/plugins +RUN wget -O Armory.armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}-SNAPSHOT.zip -c https://github.com/${CUSTOMPLUGIN_RELEASEORG}/${CUSTOMPLUGIN_RELEASEREPO}/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}.zip -P /opt/clouddriver/plugins RUN mv Armory.armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}-SNAPSHOT.zip /opt/clouddriver/plugins/ RUN chmod -R 777 /opt/clouddriver/plugins/