From f716c74e2a4b47bcfeaaf60698a1a99eae2a5b97 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Wed, 4 Dec 2024 11:13:05 -0600
Subject: [PATCH 1/3] update tomcat to 10.1.33
---
Dockerfile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 9b37892..98375f7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10
#
##tomcat \
ENV TOMCAT_MAJOR=10 \
- TOMCAT_VERSION=10.1.30 \
+ TOMCAT_VERSION=10.1.33 \
##shib-idp \
VERSION=5.1.3 \
##TIER \
- TIERVERSION=20240930_rocky8_multiarch \
+ TIERVERSION=20241204_rocky8_multiarch \
#################### \
#### OTHER VARS #### \
#################### \
From 9da1fb420e63dd7f75daa73436e3f58cd69a8988 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Mon, 6 Jan 2025 15:57:53 -0600
Subject: [PATCH 2/3] update tomcat to 10.1.34
---
Dockerfile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 98375f7..ce928a2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10
#
##tomcat \
ENV TOMCAT_MAJOR=10 \
- TOMCAT_VERSION=10.1.33 \
+ TOMCAT_VERSION=10.1.34 \
##shib-idp \
VERSION=5.1.3 \
##TIER \
- TIERVERSION=20241204_rocky8_multiarch \
+ TIERVERSION=20250106_rocky8_multiarch \
#################### \
#### OTHER VARS #### \
#################### \
From 62ab639de8290c9851e8f3d89a65130910d060a7 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Tue, 25 Feb 2025 15:57:24 +0000
Subject: [PATCH 3/3] re-base core OS to Rocky 9
---
.trivyignore | 2 +-
Dockerfile | 14 +++++++-------
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/.trivyignore b/.trivyignore
index 5567c04..40c91cd 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,3 +1,3 @@
# Accept the risk
-CVE-2016-1000027
+# CVE-2016-1000027
diff --git a/Dockerfile b/Dockerfile
index ce928a2..a5a2e64 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10
+FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:9.5
########################
### VERSION SETTINGS ###
@@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10
#
##tomcat \
ENV TOMCAT_MAJOR=10 \
- TOMCAT_VERSION=10.1.34 \
+ TOMCAT_VERSION=10.1.36 \
##shib-idp \
VERSION=5.1.3 \
##TIER \
- TIERVERSION=20250106_rocky8_multiarch \
+ TIERVERSION=20250225_rocky9_multiarch \
#################### \
#### OTHER VARS #### \
#################### \
@@ -51,9 +51,9 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
&& echo "NETWORKING=yes" > /etc/sysconfig/network
# Install base deps
-RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
- yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim rsyslog cronie krb5-workstation openssl-devel supervisor fontconfig findutils && \
- yum -y clean all && \
+RUN rm -fr /var/cache/dnf/* && dnf -y clean all && dnf -y update && dnf -y install --setopt=tsflags=nodocs epel-release && \
+ dnf -y --allowerasing install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim rsyslog cronie krb5-workstation openssl-devel supervisor fontconfig findutils && \
+ dnf -y clean all && \
mkdir -p /opt/tier && \
# Install Trusted Certificates
update-ca-trust force-enable
@@ -73,7 +73,7 @@ RUN update-ca-trust extract
# Install Corretto Java JDK (from Amazon repo, more arch independent)
RUN rpm --import https://yum.corretto.aws/corretto.key \
&& curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
- && yum install -y java-17-amazon-corretto-devel
+ && dnf install -y java-17-amazon-corretto-devel
ENV JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto
# Copy IdP installer properties file(s)