Openssl 3 base images #2874
Openssl 3 base images #2874
Conversation
tarnowsc
force-pushed
the
openssl-3-base-images
branch
from
6fd42bc to
eb40b59
Compare
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
| @@ -1,5 +1,5 @@ | |||
| #!/bin/sh | |||
| httpclient_pem_location="/var/lib/gems/2.5.0/gems/httpclient-2.8.3/lib/httpclient" | |||
| httpclient_pem_location=$(find $GEM_HOME -name httpclient -type d) | |||
There was a problem hiding this comment.
Double quote to prevent globbing and word splitting.
bin/conjurctl
Outdated
| @@ -1,5 +1,6 @@ | |||
| #!/usr/bin/env ruby | |||
| # frozen_string_literal: true | |||
| require "bundler/setup" | |||
There was a problem hiding this comment.
Add an empty line after magic comments.
CHANGELOG.md
Outdated
| @@ -9,6 +9,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. | |||
| - Nothing should go in this section, please add to the latest unreleased version | |||
| (and update the corresponding date), or add a new version. | |||
|
|
|||
| ## [0.0.5] - 2023-07-17 | |||
| ### Security | |||
| - Use newer base images with Ubuntu 22.04, Ruby 3.2 and OpenSSL 3 | |||
There was a problem hiding this comment.
Lists should be surrounded by blank lines
CHANGELOG.md
Outdated
| @@ -9,6 +9,11 @@ | |||
| - Nothing should go in this section, please add to the latest unreleased version | |||
| (and update the corresponding date), or add a new version. | |||
|
|
|||
| ## [0.0.5] - 2023-07-17 | |||
There was a problem hiding this comment.
Headers should be surrounded by blank lines
marek-jakubowski
force-pushed
the
openssl-3-base-images
branch
from
eb40b59 to
a77e0c5
Compare
CHANGELOG.md
Outdated
| ## [1.19.7] - 2023-07-31 | ||
|
|
||
| ### Changed | ||
| - Conjur will now use the new FIPS Base Images. |
There was a problem hiding this comment.
Lists should be surrounded by blank lines
| @@ -1 +1 @@ | |||
| 5.0 | |||
| PR-57 | |||
There was a problem hiding this comment.
will need to be reverted later
There was a problem hiding this comment.
After merging this PR and being able to build appliance from master.
Dockerfile
Outdated
| @@ -1,25 +1,32 @@ | |||
| FROM cyberark/ubuntu-ruby-fips:latest | |||
| FROM registry.tld/cyberark/ubuntu-ruby-builder:22.04 as builder | |||
There was a problem hiding this comment.
will need to be changed back to docker.io
Dockerfile.ubi
Outdated
| @@ -1,14 +1,25 @@ | |||
| # Conjur Base Image (UBI) | |||
| FROM cyberark/ubi-ruby-fips:latest | |||
| FROM registry.tld/cyberark/ubi-ruby-builder:ubi9 as builder | |||
There was a problem hiding this comment.
will need to be changed back to docker.io
dev/Dockerfile.dev
Outdated
| @@ -1,40 +1,53 @@ | |||
| FROM cyberark/phusion-ruby-fips:latest | |||
| FROM registry.tld/cyberark/ubuntu-ruby-builder:22.04 as builder | |||
There was a problem hiding this comment.
will need to be changed back to docker.io
package.sh
Outdated
| @@ -8,14 +8,16 @@ chmod +x docker-debify | |||
| docker run --rm \ | |||
| -v "$(pwd)":"$(pwd)" \ | |||
| --workdir "$(pwd)" \ | |||
| cyberark/phusion-ruby-fips:latest \ | |||
| sh -c "apt-get update -y && apt-get install -y git && bundle lock --update=conjur-api" | |||
| registry.tld/cyberark/ubuntu-ruby-builder:22.04 \ | |||
There was a problem hiding this comment.
will need to be changed back to docker.io
hdabrowski
force-pushed
the
openssl-3-base-images
branch
from
f2c18fd to
392ff88
Compare
CHANGELOG.md
Outdated
| ## [1.20.1] - 2023-07-31 | ||
|
|
||
| ### Changed | ||
| - Conjur will now use the new FIPS Base Images. |
There was a problem hiding this comment.
Line 15, 16 and 17 could be deleted.
CHANGELOG.md
Outdated
| ## [1.20.0] - 2023-07-11 | ||
|
|
||
| ### Added | ||
| - Telemetry support | ||
| [cyberark/conjur#2854](https://github.com/cyberark/conjur/pull/2854) | ||
|
|
||
| ## [1.19.6] - 2023-07-05 |
hdabrowski
force-pushed
the
openssl-3-base-images
branch
from
86c2c3d to
460d72e
Compare
marek-jakubowski
force-pushed
the
openssl-3-base-images
branch
3 times, most recently
from
29c9d81 to
818c118
Compare
| @@ -219,7 +219,7 @@ def self_signed_certificate(rsa_key) | |||
| cert.public_key = rsa_key.public_key | |||
| cert.serial = 0x0 | |||
| cert.version = 2 | |||
| cert.sign rsa_key, OpenSSL::Digest::SHA1.new | |||
| cert.sign rsa_key, OpenSSL::Digest::SHA256.new | |||
There was a problem hiding this comment.
Use OpenSSL::Digest.new('SHA256') instead of OpenSSL::Digest::SHA256.new.
| @@ -219,7 +219,7 @@ | |||
| cert.public_key = rsa_key.public_key | |||
| cert.serial = 0x0 | |||
| cert.version = 2 | |||
| cert.sign rsa_key, OpenSSL::Digest::SHA1.new | |||
| cert.sign rsa_key, OpenSSL::Digest::SHA256.new | |||
There was a problem hiding this comment.
Use parentheses for method calls with arguments.
tarnowsc
force-pushed
the
openssl-3-base-images
branch
3 times, most recently
from
3677639 to
288d037
Compare
rjurekca
force-pushed
the
openssl-3-base-images
branch
from
288d037 to
5af4f83
Compare
tarnowsc
force-pushed
the
openssl-3-base-images
branch
from
5af4f83 to
d609208
Compare
marek-jakubowski
force-pushed
the
openssl-3-base-images
branch
3 times, most recently
from
2a87b04 to
1c1e21b
Compare
tarnowsc
force-pushed
the
openssl-3-base-images
branch
3 times, most recently
from
8f471d6 to
1d6d3e7
Compare
marek-jakubowski
force-pushed
the
openssl-3-base-images
branch
from
1d6d3e7 to
2c4e997
Compare
config/puma.rb
Outdated
| @@ -90,4 +90,3 @@ | |||
| puts "- #{k} from #{v}" | |||
| end | |||
| end | |||
|
|
|||
There was a problem hiding this comment.
[nit] - we do want an empty new line at the end of all files.
dev/Dockerfile.dev
Outdated
| @@ -1,4 +1,4 @@ | |||
| FROM cyberark/ubuntu-ruby-postgres-fips:latest | |||
| FROM registry.tld/cyberark/ubuntu-ruby-postgres-fips:22.04 | |||
There was a problem hiding this comment.
will need to be changed back to docker.io
| @@ -1 +1 @@ | |||
| 5.0 | |||
| PR-57 | |||
There was a problem hiding this comment.
Prepared #2949 to clean this up.
hdabrowski
force-pushed
the
openssl-3-base-images
branch
from
2c4e997 to
6536329
Compare
tarnowsc
force-pushed
the
openssl-3-base-images
branch
from
6536329 to
ccdd984
Compare
tarnowsc
force-pushed
the
openssl-3-base-images
branch
2 times, most recently
from
4964420 to
8feb9b9
Compare
|
Code Climate has analyzed commit 8feb9b9 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 88.5% (0.0% change). View more on Code Climate. |
Desired Outcome
Please describe the desired outcome for this PR. Said another way, what was
the original request that resulted in these code changes? Feel free to copy
this information from the connected issue.
Implemented Changes
Describe how the desired outcome above has been achieved with this PR. In
particular, consider:
Connected Issue/Story
Resolves #[relevant GitHub issue(s), e.g. 76]
CyberArk internal issue ID: [insert issue ID]
Definition of Done
At least 1 todo must be completed in the sections below for the PR to be
merged.
Changelog
CHANGELOG update
Test coverage
changes, or
Documentation
READMEs) were updated in this PRBehavior
Security