[Security Fix] Update mysqlclient Utility Container Image

Update Python Packages to non-vulnerable as per Claire Scan Change-Id: I5b099b777c8b1413b36ef7c3326b8005483cd89b
2020-06-18 16:46:58 -05:00 · 2020-06-18 16:46:58 -05:00 · a696df2cd8
commit a696df2cd8
parent a132777b7b
2 changed files with 27 additions and 34 deletions
--- a/charts/mysqlclient-utility/templates/bin/_start.sh.tpl
+++ b/charts/mysqlclient-utility/templates/bin/_start.sh.tpl
@ -13,20 +13,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 set -ex
-# move this into build image v1.0.1 8/13/19
-#sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
 /etc/init.d/rsyslog start

 # for readiness probe
 touch /tmp/done
-
-{{/*
-These lines will disable extra handler, extra formatter, extra level to the
-root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
-These lines will get rid of duplicate logs, generated because of the formatter
-attached by oslo-rootwrap.
-*/}}
-sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
--- a/images/mysqlclient-utility/Dockerfile.ubuntu_bionic
+++ b/images/mysqlclient-utility/Dockerfile.ubuntu_bionic
@ -8,30 +8,36 @@ LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc
      org.opencontainers.image.vendor='The Airship Authors' \
      org.opencontainers.image.licenses='Apache-2.0'

-RUN set -xe && \
-    export DEBIAN_FRONTEND=noninteractive && \
-    sed -i '/nobody/d' /etc/passwd && \
-    echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd && \
-    apt-get update && \
-    apt-get install -y \
-      bash \
-      moreutils \
-      mysql-client \
-      python3 \
-      python3-pip \
-      python3-oslo.rootwrap \
-      python3-openstackclient \
-      python3-swiftclient \
-      curl \
-      pwgen \
-      sudo \
-      rsyslog && \
-    sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf && \
-    apt-get clean -y && \
-    rm -rf \
+RUN set -xe \
+    && export DEBIAN_FRONTEND=noninteractive \
+    && sed -i '/nobody/d' /etc/passwd \
+    && echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
+    && apt-get update  \
+    && apt-get install -y \
+       bash \
+       sudo \
+       rsyslog \
+       pwgen \
+       curl \
+       moreutils \
+       mysql-client \
+       python3.6 \
+       python3-pip \
+    && pip3 install \
+         oslo.rootwrap==5.8.0 \
+         python-openstackclient==3.18.1 \
+         python-swiftclient \
+    && sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf \
+    && apt-get clean -y \
+    && rm -rf \
      /tmp/* \
      /var/cache/debconf/* \
      /var/lib/apt/lists/* \
      /var/tmp/*

+RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/handler.setFormatter/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/os.path.basename/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py
+
 CMD ["/bin/bash"]