From f716c74e2a4b47bcfeaaf60698a1a99eae2a5b97 Mon Sep 17 00:00:00 2001 From: Paul Caskey <pcaskey@internet2.edu> Date: Wed, 4 Dec 2024 11:13:05 -0600 Subject: [PATCH 1/5] update tomcat to 10.1.33 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9b37892..98375f7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10 # ##tomcat \ ENV TOMCAT_MAJOR=10 \ - TOMCAT_VERSION=10.1.30 \ + TOMCAT_VERSION=10.1.33 \ ##shib-idp \ VERSION=5.1.3 \ ##TIER \ - TIERVERSION=20240930_rocky8_multiarch \ + TIERVERSION=20241204_rocky8_multiarch \ #################### \ #### OTHER VARS #### \ #################### \ From 9da1fb420e63dd7f75daa73436e3f58cd69a8988 Mon Sep 17 00:00:00 2001 From: Paul Caskey <pcaskey@internet2.edu> Date: Mon, 6 Jan 2025 15:57:53 -0600 Subject: [PATCH 2/5] update tomcat to 10.1.34 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 98375f7..ce928a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10 # ##tomcat \ ENV TOMCAT_MAJOR=10 \ - TOMCAT_VERSION=10.1.33 \ + TOMCAT_VERSION=10.1.34 \ ##shib-idp \ VERSION=5.1.3 \ ##TIER \ - TIERVERSION=20241204_rocky8_multiarch \ + TIERVERSION=20250106_rocky8_multiarch \ #################### \ #### OTHER VARS #### \ #################### \ From 62ab639de8290c9851e8f3d89a65130910d060a7 Mon Sep 17 00:00:00 2001 From: Paul Caskey <pcaskey@internet2.edu> Date: Tue, 25 Feb 2025 15:57:24 +0000 Subject: [PATCH 3/5] re-base core OS to Rocky 9 --- .trivyignore | 2 +- Dockerfile | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.trivyignore b/.trivyignore index 5567c04..40c91cd 100644 --- a/.trivyignore +++ b/.trivyignore @@ -1,3 +1,3 @@ # Accept the risk -CVE-2016-1000027 +# CVE-2016-1000027 diff --git a/Dockerfile b/Dockerfile index ce928a2..a5a2e64 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10 +FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:9.5 ######################## ### VERSION SETTINGS ### @@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10 # ##tomcat \ ENV TOMCAT_MAJOR=10 \ - TOMCAT_VERSION=10.1.34 \ + TOMCAT_VERSION=10.1.36 \ ##shib-idp \ VERSION=5.1.3 \ ##TIER \ - TIERVERSION=20250106_rocky8_multiarch \ + TIERVERSION=20250225_rocky9_multiarch \ #################### \ #### OTHER VARS #### \ #################### \ @@ -51,9 +51,9 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \ && echo "NETWORKING=yes" > /etc/sysconfig/network # Install base deps -RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \ - yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim rsyslog cronie krb5-workstation openssl-devel supervisor fontconfig findutils && \ - yum -y clean all && \ +RUN rm -fr /var/cache/dnf/* && dnf -y clean all && dnf -y update && dnf -y install --setopt=tsflags=nodocs epel-release && \ + dnf -y --allowerasing install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim rsyslog cronie krb5-workstation openssl-devel supervisor fontconfig findutils && \ + dnf -y clean all && \ mkdir -p /opt/tier && \ # Install Trusted Certificates update-ca-trust force-enable @@ -73,7 +73,7 @@ RUN update-ca-trust extract # Install Corretto Java JDK (from Amazon repo, more arch independent) RUN rpm --import https://yum.corretto.aws/corretto.key \ && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \ - && yum install -y java-17-amazon-corretto-devel + && dnf install -y java-17-amazon-corretto-devel ENV JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto # Copy IdP installer properties file(s) From d44892d79d221d22e1271217308df3e7c2ae7a21 Mon Sep 17 00:00:00 2001 From: Paul Caskey <pcaskey@internet2.edu> Date: Mon, 17 Mar 2025 14:31:41 -0500 Subject: [PATCH 4/5] bump tomcat to 10.1.39 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a5a2e64..889bbb1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:9.5 # ##tomcat \ ENV TOMCAT_MAJOR=10 \ - TOMCAT_VERSION=10.1.36 \ + TOMCAT_VERSION=10.1.39 \ ##shib-idp \ VERSION=5.1.3 \ ##TIER \ - TIERVERSION=20250225_rocky9_multiarch \ + TIERVERSION=20250317_rocky9_multiarch \ #################### \ #### OTHER VARS #### \ #################### \ From 282b92f4dcf8ea007bef41f18408bce491e68d6d Mon Sep 17 00:00:00 2001 From: Paul Caskey <pcaskey@internet2.edu> Date: Thu, 27 Mar 2025 15:39:50 +0000 Subject: [PATCH 5/5] update IdP to 5.1.4 --- Dockerfile | 4 ++-- container_files/idp/idp.installer.properties | 2 +- container_files/system/startup.sh | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 889bbb1..eb0e559 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,9 +8,9 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:9.5 ENV TOMCAT_MAJOR=10 \ TOMCAT_VERSION=10.1.39 \ ##shib-idp \ - VERSION=5.1.3 \ + VERSION=5.1.4 \ ##TIER \ - TIERVERSION=20250317_rocky9_multiarch \ + TIERVERSION=20250327_rocky9_multiarch \ #################### \ #### OTHER VARS #### \ #################### \ diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties index 7f59908..1a54d58 100644 --- a/container_files/idp/idp.installer.properties +++ b/container_files/idp/idp.installer.properties @@ -1,4 +1,4 @@ -idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.3 +idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.4 idp.target.dir=/opt/shibboleth-idp idp.host.name=idp.example.org idp.sealer.password=changeit diff --git a/container_files/system/startup.sh b/container_files/system/startup.sh index 82cc28b..83e8a00 100644 --- a/container_files/system/startup.sh +++ b/container_files/system/startup.sh @@ -58,6 +58,8 @@ rm -f ${IDP_LOG_CFG_FILE}.tmp sed -i -e 's/rolling.RollingFileAppender/FileAppender/g' ${IDP_LOG_CFG_FILE} sed -i -e '/<rollingPolicy/,/<\/rollingPolicy>/d' ${IDP_LOG_CFG_FILE} +# temp for 5.1.4 +sed -i -e 's/<logger name=\"net.shibboleth.idp\" level=\"${idp.loglevel.idp}\"\/>/<logger name=\"net.shibboleth.idp\" level=\"${idp.loglevel.idp}\"\/>\n\n <!-- temporary for 5.1.4 -->\n <logger name=\"org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder\" level=\"ERROR\" \/>/g' ${IDP_LOG_CFG_FILE} #launch supervisord exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf