From a1c01b330ea33d2165eef16e4ec21fdca992f253 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Mon, 23 Sep 2019 14:36:30 +0000
Subject: [PATCH 1/2] remove security whitelist for centos scanning

---
 tests/centos7-clair-whitelist.yaml | 27 ---------------------------
 tests/clairscan.sh                 | 18 +++++++++---------
 2 files changed, 9 insertions(+), 36 deletions(-)
 delete mode 100644 tests/centos7-clair-whitelist.yaml

diff --git a/tests/centos7-clair-whitelist.yaml b/tests/centos7-clair-whitelist.yaml
deleted file mode 100644
index d4d5544..0000000
--- a/tests/centos7-clair-whitelist.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-generalwhitelist:
-  RHSA-2019:2030: python
-  RHSA-2019:2237: nss-softokn
-  RHSA-2019:2237: nss-softokn-freebl
-  RHSA-2019:2118: glibc-common
-  RHSA-2019:2030: python-libs
-  RHSA-2019:2237: nspr
-  RHSA-2019:2075: binutils
-  RHSA-2019:2237: nss-sysinit
-  RHSA-2019:2118: glibc
-  RHSA-2019:2136: libssh2
-  RHSA-2019:2091: systemd
-  RHSA-2019:2189: procps-ng
-  RHSA-2019:2237: nss-util
-  RHSA-2019:2110: rsyslog
-  RHSA-2019:2057: bind-license
-  RHSA-2019:2091: systemd-libs
-  RHSA-2019:2304: openssl-libs
-  RHSA-2019:2237: nss
-  RHSA-2019:2237: nss-tools
-  RHSA-2019:2304: openssl-devel
-  RHSA-2019:2159: unzip
-  RHSA-2019:2181: libcurl
-  RHSA-2019:2197: elfutils-libs
-  RHSA-2019:2181: curl
-  RHSA-2019:2197: elfutils-libelf
-  RHSA-2019:2197: elfutils-default-yama-scope
diff --git a/tests/clairscan.sh b/tests/clairscan.sh
index 8dbae4a..87074f7 100755
--- a/tests/clairscan.sh
+++ b/tests/clairscan.sh
@@ -14,13 +14,13 @@ else
   echo 'using existing clair-scanner...'
 fi
 
-#ensure whitelist file (temporary)
-if [ ! -s ./centos7-clair-whitelist.yaml ]; then
-  echo 'downloading whitelist file...'
-  curl -s -L -o ./centos7-clair-whitelist.yaml https://github.internet2.edu/raw/docker/shib-idp/3.4.4_20190801/tests/centos7-clair-whitelist.yaml
-else
-  echo 'using existing whitelist file...'
-fi
+#if needed, ensure whitelist file
+#if [ ! -s ./centos7-clair-whitelist.yaml ]; then
+#  echo 'downloading whitelist file...'
+#  curl -s -L -o ./centos7-clair-whitelist.yaml https://github.internet2.edu/raw/docker/shib-idp/3.4.4_20190801/tests/centos7-clair-whitelist.yaml
+#else
+#  echo 'using existing whitelist file...'
+#fi
 
 #ensure DB container
 echo 'ensuring a fresh clair-db container...'
@@ -54,8 +54,8 @@ echo 'sending ip addr' ${clairip} 'to clair-scan server...'
 
 #run scan
 echo 'running scan...'
-./clair-scanner -w centos7-clair-whitelist.yaml --ip ${clairip} $1
-#./clair-scanner --ip ${clairip} $1
+#./clair-scanner -w centos7-clair-whitelist.yaml --ip ${clairip} $1
+./clair-scanner --ip ${clairip} $1
 retcode=$?
 
 #eval results

From 1ec39cc223e013f6e4d0e9fe8d1062b3f252750d Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Mon, 23 Sep 2019 14:54:51 +0000
Subject: [PATCH 2/2] bump tomcat to 9.0.26

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b7855d7..6cb826d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,11 +6,11 @@ FROM centos:centos7
 #
 ##tomcat \
 ENV TOMCAT_MAJOR=9 \
-    TOMCAT_VERSION=9.0.24 \
+    TOMCAT_VERSION=9.0.26 \
 ##shib-idp \
     VERSION=3.4.5 \
 ##TIER \
-    TIERVERSION=20190901 \
+    TIERVERSION=20190902 \
 ################## \
 ### OTHER VARS ### \
 ################## \