Release 2019.12.1

README.md

@@ -2,9 +2,9 @@
 
 This repository contains orchestration files and documentation for deploying Black Duck Docker containers. 
 
-## Location of Black Duck 2019.10.3 archive:
+## Location of Black Duck 2019.12.1 archive:
 
-https://github.com/blackducksoftware/hub/archive/v2019.10.3.tar.gz
+https://github.com/blackducksoftware/hub/archive/v2019.12.1.tar.gz
 
 ## Important Upgrade Announcement
 

docker-compose/bin/system_check.sh

@@ -34,7 +34,7 @@ set -o noglob
 
 readonly NOW="$(date +"%Y%m%dT%H%M%S%z")"
 readonly NOW_ZULU="$(date -u +"%Y%m%dT%H%M%SZ")"
-readonly HUB_VERSION="${HUB_VERSION:-2019.10.3}"
+readonly HUB_VERSION="${HUB_VERSION:-2019.12.1}"
 readonly OUTPUT_FILE="${SYSTEM_CHECK_OUTPUT_FILE:-system_check_${NOW}.txt}"
 readonly PROPERTIES_FILE="${SYSTEM_CHECK_PROPERTIES_FILE:-${OUTPUT_FILE%.txt}.properties}"
 readonly SUMMARY_FILE="${SYSTEM_CHECK_SUMMARY_FILE:-${OUTPUT_FILE%.txt}_summary.properties}"
@@ -1492,11 +1492,13 @@ is_docker_compose_present() {
 ################################################################
 get_docker_compose_version() {
     if [[ -z "$DOCKER_COMPOSE_VERSION" ]]; then
-        if is_docker_compose_present ; then
+        if ! is_docker_compose_present ; then
+            readonly DOCKER_COMPOSE_VERSION="$UNKNOWN -- docker-compose not found."
+        elif ! docker-compose --version 1>/dev/null 2>&1 ; then
+            readonly DOCKER_COMPOSE_VERSION="$UNKNOWN -- docker-compose malfunctioned."
+        else
             echo "Checking docker-compose version..."
             readonly DOCKER_COMPOSE_VERSION="$(docker-compose --version)"
-        else
-            readonly DOCKER_COMPOSE_VERSION="docker-compose not found."
         fi
     fi
 }
@@ -1655,11 +1657,11 @@ get_docker_containers() {
             local -r grouped="$(echo "$vars" | cut -d' ' -f2- | sort | uniq -c)"
             # shellcheck disable=SC2155 # We don't care about the subcommand exit status.
             local -i max="$(echo "$grouped" | sort -nr | awk 'NR==1 {print $1}')"
-            local -r regex="$(echo "$grouped" | awk -e '$1!='"$max"'{printf "%s|",substr($2,1,index($2,"=")-1)}' | sed -e 's/|$//')"
+            local -r regex="$(echo "$grouped" | awk '$1!='"$max"'{printf "%s|",substr($2,1,index($2,"=")-1)}' | sed -e 's/|$//')"
             readonly DOCKER_CONTAINER_ENVIRONMENT=$(
                 echo "Common settings (present in $max containers):"
-                echo "$grouped" | awk -ne '$1=='"$max"'{$1=" ";print}'
-                echo "$vars" | grep -aE "[^ ]* ($regex)=" | awk -ne '$1!=name {name=$1; printf "\n%s:\n",name}; {$1=" ";print}'
+                echo "$grouped" | awk '$1=='"$max"'{$1=" ";print}'
+                echo "$vars" | grep -aE "[^ ]* ($regex)=" | awk '$1!=name {name=$1; printf "\n%s:\n",name}; {$1=" ";print}'
             )
         else
             readonly DOCKER_CONTAINER_INSPECTION=
@@ -2174,11 +2176,11 @@ get_docker_services() {
             local -r grouped="$(echo "$vars" | cut -d' ' -f2- | sort | uniq -c)"
             # shellcheck disable=SC2155 # We don't care about the subcommand exit status.
             local -i max="$(echo "$grouped" | sort -nr | awk 'NR==1 {print $1}')"
-            local -r regex="$(echo "$grouped" | awk -e '$1!='"$max"'{printf "%s|",substr($2,1,index($2,"=")-1)}' | sed -e 's/|$//')"
+            local -r regex="$(echo "$grouped" | awk '$1!='"$max"'{printf "%s|",substr($2,1,index($2,"=")-1)}' | sed -e 's/|$//')"
             readonly DOCKER_SERVICE_ENVIRONMENT=$(
                 echo "Common settings (present in $max services):"
-                echo "$grouped" | awk -ne '$1=='"$max"'{$1=" ";print}'
-                echo "$vars" | grep -aE "[^ ]* ($regex)=" | awk -ne '$1!=name {name=$1; printf "\n%s:\n",name}; {$1=" ";print}'
+                echo "$grouped" | awk '$1=='"$max"'{$1=" ";print}'
+                echo "$vars" | grep -aE "[^ ]* ($regex)=" | awk '$1!=name {name=$1; printf "\n%s:\n",name}; {$1=" ";print}'
             )
         else
             readonly DOCKER_SERVICE_ENVIRONMENT=

docker-compose/blackduck-config.env

@@ -21,7 +21,7 @@ BLACKDUCK_CORS_ALLOWED_HEADERS_PROP_NAME=
 BLACKDUCK_CORS_EXPOSED_HEADERS_PROP_NAME=
 
 # Do not change
-HUB_VERSION=2019.10.3
+HUB_VERSION=2019.12.1
 
 # Specify any property-specific overrides here
 #
@@ -60,4 +60,7 @@ ENABLE_SOURCE_UPLOADS=
 #The retention time (in days) for notifications.
 BLACKDUCK_HUB_NOTIFICATIONS_DELETE_DAYS=30
 #The delay between subsequent runs of the notification reclaimer
-BLACKDUCK_HUB_NOTIFICATIONS_DELAYS_DAYS=1
+BLACKDUCK_HUB_NOTIFICATIONS_DELAYS_DAYS=1
+
+#SAML Assertion Signature Verification
+SAML_ASSERTION_SIGNATURE_VERIFICATION=true

docker-compose/docker-compose.bdba.yml

@@ -7,14 +7,14 @@ services:
   webserver:
     env_file: [hub-bdba.env]
   binaryscanner:
-    image: sigsynopsys/appcheck-worker:2019.09
+    image: sigsynopsys/appcheck-worker:2019.12
     links: [cfssl, rabbitmq, logstash, webserver]
     env_file: [hub-bdba.env]
     entrypoint: /docker-entrypoint.sh
     restart: always
     mem_limit: 2048M
   rabbitmq:
-    image: blackducksoftware/rabbitmq:1.0.0
+    image: blackducksoftware/rabbitmq:1.0.3
     depends_on: [cfssl]
     tmpfs: [/opt/blackduck/rabbitmq/security]
     volumes: ['rabbitmq-data-volume:/var/lib/rabbitmq']

docker-compose/docker-compose.dbmigrate.yml

@@ -1,7 +1,7 @@
 version: '2.3'
 services:
   cfssl:
-    image: blackducksoftware/blackduck-cfssl:1.0.0
+    image: blackducksoftware/blackduck-cfssl:1.0.1
     volumes:
       - cert-volume:/etc/cfssl
     healthcheck:
@@ -12,7 +12,7 @@ services:
     user: 'cfssl:root'
 
   logstash:
-    image: blackducksoftware/blackduck-logstash:1.0.4
+    image: blackducksoftware/blackduck-logstash:1.0.5
     volumes:
       - log-volume:/var/lib/logstash/data
     healthcheck:

docker-compose/docker-compose.externaldb.yml

@@ -11,7 +11,7 @@ services:
   authentication:
     links: [ cfssl, logstash, registration, zookeeper, webapp]
     user: authentication:root
-    image: blackducksoftware/blackduck-authentication:2019.10.3
+    image: blackducksoftware/blackduck-authentication:2019.12.1
     volumes: ['authentication-volume:/opt/blackduck/hub/hub-authentication/ldap' ,'secrets-volume:/run/secrets']
     env_file: [blackduck-config.env , hub-postgres.env]
     healthcheck:
@@ -29,7 +29,7 @@ services:
   webapp:
     links: [ cfssl, logstash, registration, zookeeper]
     user: webapp:root
-    image: blackducksoftware/blackduck-webapp:2019.10.3
+    image: blackducksoftware/blackduck-webapp:2019.12.1
     volumes: ['log-volume:/opt/blackduck/hub/logs', 'webapp-volume:/opt/blackduck/hub/hub-webapp/ldap' ,'secrets-volume:/run/secrets']
     env_file: [blackduck-config.env , hub-postgres.env]
     healthcheck:
@@ -47,7 +47,7 @@ services:
   scan:
     links: [ cfssl, logstash, registration, zookeeper]
     user: scan:root
-    image: blackducksoftware/blackduck-scan:2019.10.3
+    image: blackducksoftware/blackduck-scan:2019.12.1
     volumes: [ 'secrets-volume:/run/secrets' ]
     env_file: [blackduck-config.env , hub-postgres.env]
     healthcheck:
@@ -65,7 +65,7 @@ services:
   jobrunner:
     links: [ cfssl, logstash, registration, zookeeper]
     user: jobrunner:root
-    image: blackducksoftware/blackduck-jobrunner:2019.10.3
+    image: blackducksoftware/blackduck-jobrunner:2019.12.1
     volumes: [ 'secrets-volume:/run/secrets' ]
     env_file: [blackduck-config.env , hub-postgres.env]
     healthcheck:
@@ -79,7 +79,7 @@ services:
     restart: always
     mem_limit: 4608M
   cfssl:
-    image: blackducksoftware/blackduck-cfssl:1.0.0
+    image: blackducksoftware/blackduck-cfssl:1.0.1
     volumes: ['cert-volume:/etc/cfssl']
     env_file: [blackduck-config.env]
     healthcheck:
@@ -91,7 +91,7 @@ services:
     restart: always
     mem_limit: 512M
   logstash:
-    image: blackducksoftware/blackduck-logstash:1.0.4
+    image: blackducksoftware/blackduck-logstash:1.0.5
     volumes: ['log-volume:/var/lib/logstash/data']
     env_file: [blackduck-config.env]
     healthcheck:
@@ -104,7 +104,7 @@ services:
     restart: always
     mem_limit: 1024m
   registration:
-    image: blackducksoftware/blackduck-registration:2019.10.3
+    image: blackducksoftware/blackduck-registration:2019.12.1
     links: [logstash, cfssl]
     volumes: ['config-volume:/opt/blackduck/hub/hub-registration/config']
     env_file: [blackduck-config.env]
@@ -120,7 +120,7 @@ services:
     restart: always
     mem_limit: 640M
   zookeeper:
-    image: blackducksoftware/blackduck-zookeeper:1.0.0
+    image: blackducksoftware/blackduck-zookeeper:1.0.3
     links: [logstash]
     volumes: ['zookeeper-data-volume:/opt/blackduck/zookeeper/data', 'zookeeper-datalog-volume:/opt/blackduck/zookeeper/datalog']
     env_file: [blackduck-config.env]
@@ -133,7 +133,7 @@ services:
     restart: always
     mem_limit: 384M
   webserver:
-    image: blackducksoftware/blackduck-nginx:1.0.9
+    image: blackducksoftware/blackduck-nginx:1.0.14
     ports: ['443:8443']
     env_file: [hub-webserver.env, blackduck-config.env]
     links: [webapp, cfssl, documentation, authentication, scan]
@@ -148,7 +148,7 @@ services:
     mem_limit: 640M
     tmpfs: [/opt/blackduck/hub/webserver/security]
   documentation:
-    image: blackducksoftware/blackduck-documentation:2019.10.3
+    image: blackducksoftware/blackduck-documentation:2019.12.1
     links: [logstash]
     env_file: [blackduck-config.env]
     user: documentation:root
@@ -162,7 +162,7 @@ services:
     restart: always
     mem_limit: 512M
   uploadcache:
-      image: blackducksoftware/blackduck-upload-cache:1.0.9
+      image: blackducksoftware/blackduck-upload-cache:1.0.12
       volumes: ['uploadcache-volume:/opt/blackduck/hub/blackduck-upload-cache/uploads', 'uploadcache-keys-volume:/opt/blackduck/hub/blackduck-upload-cache/keys']
       links:
         - cfssl

docker-compose/docker-compose.yml

@@ -26,7 +26,7 @@ services:
   authentication:
     links: [postgres, cfssl, logstash, registration, zookeeper, webapp]
     user: authentication:root
-    image: blackducksoftware/blackduck-authentication:2019.10.3
+    image: blackducksoftware/blackduck-authentication:2019.12.1
     volumes: ['authentication-volume:/opt/blackduck/hub/hub-authentication/ldap' ]
     env_file: [blackduck-config.env ]
     healthcheck:
@@ -44,7 +44,7 @@ services:
   webapp:
     links: [postgres, cfssl, logstash, registration, zookeeper]
     user: webapp:root
-    image: blackducksoftware/blackduck-webapp:2019.10.3
+    image: blackducksoftware/blackduck-webapp:2019.12.1
     volumes: ['log-volume:/opt/blackduck/hub/logs', 'webapp-volume:/opt/blackduck/hub/hub-webapp/ldap' ]
     env_file: [blackduck-config.env ]
     healthcheck:
@@ -62,7 +62,7 @@ services:
   scan:
     links: [postgres, cfssl, logstash, registration, zookeeper]
     user: scan:root
-    image: blackducksoftware/blackduck-scan:2019.10.3
+    image: blackducksoftware/blackduck-scan:2019.12.1
     volumes: [  ]
     env_file: [blackduck-config.env ]
     healthcheck:
@@ -80,7 +80,7 @@ services:
   jobrunner:
     links: [postgres, cfssl, logstash, registration, zookeeper]
     user: jobrunner:root
-    image: blackducksoftware/blackduck-jobrunner:2019.10.3
+    image: blackducksoftware/blackduck-jobrunner:2019.12.1
     volumes: [  ]
     env_file: [blackduck-config.env ]
     healthcheck:
@@ -94,7 +94,7 @@ services:
     restart: always
     mem_limit: 4608M
   cfssl:
-    image: blackducksoftware/blackduck-cfssl:1.0.0
+    image: blackducksoftware/blackduck-cfssl:1.0.1
     volumes: ['cert-volume:/etc/cfssl']
     env_file: [blackduck-config.env]
     healthcheck:
@@ -106,7 +106,7 @@ services:
     restart: always
     mem_limit: 512M
   logstash:
-    image: blackducksoftware/blackduck-logstash:1.0.4
+    image: blackducksoftware/blackduck-logstash:1.0.5
     volumes: ['log-volume:/var/lib/logstash/data']
     env_file: [blackduck-config.env]
     healthcheck:
@@ -119,7 +119,7 @@ services:
     restart: always
     mem_limit: 1024m
   registration:
-    image: blackducksoftware/blackduck-registration:2019.10.3
+    image: blackducksoftware/blackduck-registration:2019.12.1
     links: [logstash, cfssl]
     volumes: ['config-volume:/opt/blackduck/hub/hub-registration/config']
     env_file: [blackduck-config.env]
@@ -135,7 +135,7 @@ services:
     restart: always
     mem_limit: 640M
   zookeeper:
-    image: blackducksoftware/blackduck-zookeeper:1.0.0
+    image: blackducksoftware/blackduck-zookeeper:1.0.3
     links: [logstash]
     volumes: ['zookeeper-data-volume:/opt/blackduck/zookeeper/data', 'zookeeper-datalog-volume:/opt/blackduck/zookeeper/datalog']
     env_file: [blackduck-config.env]
@@ -148,7 +148,7 @@ services:
     restart: always
     mem_limit: 384M
   webserver:
-    image: blackducksoftware/blackduck-nginx:1.0.9
+    image: blackducksoftware/blackduck-nginx:1.0.14
     ports: ['443:8443']
     env_file: [hub-webserver.env, blackduck-config.env]
     links: [webapp, cfssl, documentation, authentication, scan]
@@ -163,7 +163,7 @@ services:
     mem_limit: 640M
     tmpfs: [/opt/blackduck/hub/webserver/security]
   documentation:
-    image: blackducksoftware/blackduck-documentation:2019.10.3
+    image: blackducksoftware/blackduck-documentation:2019.12.1
     links: [logstash]
     env_file: [blackduck-config.env]
     user: documentation:root
@@ -177,7 +177,7 @@ services:
     restart: always
     mem_limit: 512M
   uploadcache:
-      image: blackducksoftware/blackduck-upload-cache:1.0.9
+      image: blackducksoftware/blackduck-upload-cache:1.0.12
       volumes: ['uploadcache-volume:/opt/blackduck/hub/blackduck-upload-cache/uploads', 'uploadcache-keys-volume:/opt/blackduck/hub/blackduck-upload-cache/keys']
       links:
         - cfssl

docker-swarm/README.md

@@ -435,7 +435,7 @@ secrets:
   - WEBSERVER_CUSTOM_KEY_FILE
 ```
 
-Finally, include the mapping at the bottom of docker-compose.local-overrides.yml:
+Include the mapping at the bottom of docker-compose.local-overrides.yml:
 
 
 ```
@@ -448,6 +448,16 @@ secrets:
       name: "hub_WEBSERVER_CUSTOM_KEY_FILE"
 ```
 
+Finally, point the healthcheck property in the webserver service of docker-compose.local-overrides.yml file to the new certificate from the secret
+
+```
+webserver:
+         healthcheck:
+         test: [CMD, /usr/local/bin/docker-healthcheck.sh,
+         'https://localhost:8443/health-checks/liveness',
+         /run/secrets/WEBSERVER_CUSTOM_CERT_FILE]
+```
+
 ## Support certificate authentication using custom CA
 
 ----