docker · Dec 4, 2024 · Dec 4, 2024 · Jan 6, 2025 · Jan 6, 2025 · Feb 25, 2025
Showing with 12 additions and 10 deletions.

+1 −1 .trivyignore

+8 −8 Dockerfile

+1 −1 container_files/idp/idp.installer.properties

+2 −0 container_files/system/startup.sh
diff --git a/.trivyignore b/.trivyignore
@@ -1,3 +1,3 @@
 # Accept the risk
-CVE-2016-1000027
+# CVE-2016-1000027
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,16 @@
-FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10
+FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:9.5
 
 ########################
 ### VERSION SETTINGS ###
 ########################
 #
 ##tomcat \
 ENV TOMCAT_MAJOR=10 \
-    TOMCAT_VERSION=10.1.30 \
+    TOMCAT_VERSION=10.1.39 \
 ##shib-idp \
-    VERSION=5.1.3 \
+    VERSION=5.1.4 \
 ##TIER \
-    TIERVERSION=20240930_rocky8_multiarch \
+    TIERVERSION=20250327_rocky9_multiarch \
 #################### \
 #### OTHER VARS #### \
 #################### \
@@ -51,9 +51,9 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
     && echo "NETWORKING=yes" > /etc/sysconfig/network
 
 # Install base deps
-RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
-    yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim rsyslog cronie krb5-workstation openssl-devel supervisor fontconfig findutils && \
-    yum -y clean all && \
+RUN rm -fr /var/cache/dnf/* && dnf -y clean all && dnf -y update && dnf -y install --setopt=tsflags=nodocs epel-release && \
+    dnf -y --allowerasing install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim rsyslog cronie krb5-workstation openssl-devel supervisor fontconfig findutils && \
+    dnf -y clean all && \
     mkdir -p /opt/tier && \
 # Install Trusted Certificates
     update-ca-trust force-enable
@@ -73,7 +73,7 @@ RUN update-ca-trust extract
 # Install Corretto Java JDK (from Amazon repo, more arch independent)
 RUN rpm --import https://yum.corretto.aws/corretto.key \
     && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
-    && yum install -y java-17-amazon-corretto-devel
+    && dnf install -y java-17-amazon-corretto-devel
 ENV JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto
 
 # Copy IdP installer properties file(s)

diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties
@@ -1,4 +1,4 @@
-idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.3
+idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.4
 idp.target.dir=/opt/shibboleth-idp
 idp.host.name=idp.example.org
 idp.sealer.password=changeit

diff --git a/container_files/system/startup.sh b/container_files/system/startup.sh
@@ -58,6 +58,8 @@ rm -f ${IDP_LOG_CFG_FILE}.tmp
 sed -i -e 's/rolling.RollingFileAppender/FileAppender/g' ${IDP_LOG_CFG_FILE}
 sed -i -e '/<rollingPolicy/,/<\/rollingPolicy>/d' ${IDP_LOG_CFG_FILE}
 
+# temp for 5.1.4
+sed -i -e 's/<logger name=\"net.shibboleth.idp\" level=\"${idp.loglevel.idp}\"\/>/<logger name=\"net.shibboleth.idp\" level=\"${idp.loglevel.idp}\"\/>\n\n    <!-- temporary for 5.1.4 -->\n    <logger name=\"org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder\" level=\"ERROR\" \/>/g' ${IDP_LOG_CFG_FILE}
 
 #launch supervisord
 exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf