From 4f36121dc3e98fa102ccd2940b6db7d24da2dd78 Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 18 Nov 2024 11:18:52 -0500 Subject: [PATCH 01/15] Replace alpine with jdk-slim. --- build.sbt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index e32debb50c..3eff3d40aa 100644 --- a/build.sbt +++ b/build.sbt @@ -64,7 +64,7 @@ lazy val dockerSettings = Seq( } else dockerBuildCommand.value }, Docker / maintainer := "Hmda-Ops", - dockerBaseImage := "eclipse-temurin:21.0.2_13-jdk-alpine", + dockerBaseImage := "openjdk:17.0.1-jdk-slim", dockerRepository := Some("hmda"), dockerCommands := dockerCommands.value.flatMap { case cmd@Cmd("FROM",_) => List(cmd, Cmd("RUN", "apk update"), From 74e8fce3c335e1c75892e0273b551bf1dcb672f5 Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 18 Nov 2024 11:19:29 -0500 Subject: [PATCH 02/15] Remove apk update. --- build.sbt | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/build.sbt b/build.sbt index 3eff3d40aa..55d5085f6d 100644 --- a/build.sbt +++ b/build.sbt @@ -65,12 +65,7 @@ lazy val dockerSettings = Seq( }, Docker / maintainer := "Hmda-Ops", dockerBaseImage := "openjdk:17.0.1-jdk-slim", - dockerRepository := Some("hmda"), - dockerCommands := dockerCommands.value.flatMap { - case cmd@Cmd("FROM",_) => List(cmd, Cmd("RUN", "apk update"), - Cmd("RUN", "rm /var/cache/apk/*")) - case other => List(other) - } + dockerRepository := Some("hmda") ) From 01646c3f683f42d2a19afc0e5ed3cf16723241ab Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 18 Nov 2024 11:33:25 -0500 Subject: [PATCH 03/15] Revert to alpine. --- build.sbt | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/build.sbt b/build.sbt index 55d5085f6d..e32debb50c 100644 --- a/build.sbt +++ b/build.sbt @@ -64,8 +64,13 @@ lazy val dockerSettings = Seq( } else dockerBuildCommand.value }, Docker / maintainer := "Hmda-Ops", - dockerBaseImage := "openjdk:17.0.1-jdk-slim", - dockerRepository := Some("hmda") + dockerBaseImage := "eclipse-temurin:21.0.2_13-jdk-alpine", + dockerRepository := Some("hmda"), + dockerCommands := dockerCommands.value.flatMap { + case cmd@Cmd("FROM",_) => List(cmd, Cmd("RUN", "apk update"), + Cmd("RUN", "rm /var/cache/apk/*")) + case other => List(other) + } ) From 92536fc222ae9924b454a87cf2b03fc79fea4a23 Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 18 Nov 2024 11:39:52 -0500 Subject: [PATCH 04/15] Apk upgrade commands. --- build.sbt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index e32debb50c..6e00297d35 100644 --- a/build.sbt +++ b/build.sbt @@ -67,7 +67,9 @@ lazy val dockerSettings = Seq( dockerBaseImage := "eclipse-temurin:21.0.2_13-jdk-alpine", dockerRepository := Some("hmda"), dockerCommands := dockerCommands.value.flatMap { - case cmd@Cmd("FROM",_) => List(cmd, Cmd("RUN", "apk update"), + case cmd@Cmd("FROM",_) => List(cmd, Cmd("RUN", "apk add --no-cache openssl"), + Cmd("RUN", "apk update"), + Cmd("RUN", "apk upgrade"), Cmd("RUN", "rm /var/cache/apk/*")) case other => List(other) } From b1d8873498ca06e51025055dce9bac9b64a2f7f9 Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 18 Nov 2024 16:04:11 -0500 Subject: [PATCH 05/15] Remove ssl add. --- build.sbt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index 6e00297d35..b902d81e9c 100644 --- a/build.sbt +++ b/build.sbt @@ -67,7 +67,7 @@ lazy val dockerSettings = Seq( dockerBaseImage := "eclipse-temurin:21.0.2_13-jdk-alpine", dockerRepository := Some("hmda"), dockerCommands := dockerCommands.value.flatMap { - case cmd@Cmd("FROM",_) => List(cmd, Cmd("RUN", "apk add --no-cache openssl"), + case cmd@Cmd("FROM",_) => List(cmd, Cmd("RUN", "apk update"), Cmd("RUN", "apk upgrade"), Cmd("RUN", "rm /var/cache/apk/*")) From fffd8596d16f0f132903b154f051f17c5341ea8c Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 25 Nov 2024 12:43:20 -0500 Subject: [PATCH 06/15] Netty common update. --- build.sbt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index b902d81e9c..ebb3b1e724 100644 --- a/build.sbt +++ b/build.sbt @@ -818,4 +818,9 @@ lazy val `hmda-quarterly-data-service` = (project in file ("hmda-quarterly-data- packageSettings ) .dependsOn(common % "compile->compile;test->test") - .dependsOn(`hmda-protocol` % "compile->compile;test->test") \ No newline at end of file + .dependsOn(`hmda-protocol` % "compile->compile;test->test") + +// https://mvnrepository.com/artifact/io.netty/netty-common +libraryDependencies ++= Seq( + "io.netty" % "netty-common" % "4.1.115.Final" % Compile +) From 5b79497ab6227039269e536b03adc936e61438b8 Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 25 Nov 2024 12:44:02 -0500 Subject: [PATCH 07/15] Remove comment. --- build.sbt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index ebb3b1e724..d9f20d6dd4 100644 --- a/build.sbt +++ b/build.sbt @@ -820,7 +820,7 @@ lazy val `hmda-quarterly-data-service` = (project in file ("hmda-quarterly-data- .dependsOn(common % "compile->compile;test->test") .dependsOn(`hmda-protocol` % "compile->compile;test->test") -// https://mvnrepository.com/artifact/io.netty/netty-common libraryDependencies ++= Seq( "io.netty" % "netty-common" % "4.1.115.Final" % Compile ) + From 4debbc759e2123d08f3ce88db3f768b7e2090491 Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Tue, 26 Nov 2024 11:39:59 -0500 Subject: [PATCH 08/15] Remove netty common fix. --- build.sbt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/build.sbt b/build.sbt index d9f20d6dd4..e0ff12bd52 100644 --- a/build.sbt +++ b/build.sbt @@ -820,7 +820,3 @@ lazy val `hmda-quarterly-data-service` = (project in file ("hmda-quarterly-data- .dependsOn(common % "compile->compile;test->test") .dependsOn(`hmda-protocol` % "compile->compile;test->test") -libraryDependencies ++= Seq( - "io.netty" % "netty-common" % "4.1.115.Final" % Compile -) - From 9dd60355c127ae12e38ce44f7e1882d3c0cf5ab3 Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Tue, 26 Nov 2024 11:42:19 -0500 Subject: [PATCH 09/15] Remove netty common fix. --- build.sbt | 1 + 1 file changed, 1 insertion(+) diff --git a/build.sbt b/build.sbt index e0ff12bd52..abacf8e9f9 100644 --- a/build.sbt +++ b/build.sbt @@ -820,3 +820,4 @@ lazy val `hmda-quarterly-data-service` = (project in file ("hmda-quarterly-data- .dependsOn(common % "compile->compile;test->test") .dependsOn(`hmda-protocol` % "compile->compile;test->test") +dependencyOverrides += "com.google.guava" % "guava" % "32.0.1-android" From f218be6c282daac4ef5e44e2ae9e7a4b44d5d8ab Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Fri, 29 Nov 2024 10:04:53 -0500 Subject: [PATCH 10/15] Add 32.0.0-android to build.sbt (does not work). --- build.sbt | 155 +++++++++++++++++++++++++++--------------------------- 1 file changed, 78 insertions(+), 77 deletions(-) diff --git a/build.sbt b/build.sbt index abacf8e9f9..f9e2b09ea1 100644 --- a/build.sbt +++ b/build.sbt @@ -226,45 +226,45 @@ lazy val `check-digit` = (project in file("check-digit")) .dependsOn(common % "compile->compile;test->test") .dependsOn(`hmda-protocol` % "compile->compile;test->test") - lazy val `file-proxy` = (project in file("file-proxy")) - .enablePlugins( - JavaServerAppPackaging, - sbtdocker.DockerPlugin, - AshScriptPlugin - ) - .settings(hmdaBuildSettings: _*) - .settings( - Seq( - libraryDependencies ++= commonDeps ++ akkaDeps ++ akkaHttpDeps ++ circeDeps ++ slickDeps ++ +lazy val `file-proxy` = (project in file("file-proxy")) + .enablePlugins( + JavaServerAppPackaging, + sbtdocker.DockerPlugin, + AshScriptPlugin + ) + .settings(hmdaBuildSettings: _*) + .settings( + Seq( + libraryDependencies ++= commonDeps ++ akkaDeps ++ akkaHttpDeps ++ circeDeps ++ slickDeps ++ enumeratumDeps :+ monix :+ lettuce :+ scalaJava8Compat :+ scalaMock, - Compile / mainClass := Some("hmda.proxy.FileProxy"), - assembly / assemblyJarName := { - s"${name.value}.jar" - }, - assembly/ assemblyMergeStrategy := { - case "application.conf" => MergeStrategy.concat - case "META-INF/io.netty.versions.properties" => MergeStrategy.concat - case "META-INF/MANIFEST.MF" => MergeStrategy.discard - case PathList("META-INF", xs@_*) => MergeStrategy.concat - case PathList("org", "bouncycastle", xs @_*) => MergeStrategy.first - case PathList("jakarta", xs@_*) => MergeStrategy.last - case PathList(ps @ _*) if ps.last endsWith ".proto" => - MergeStrategy.first - case "module-info.class" => MergeStrategy.concat - case x if x.endsWith("/module-info.class") => MergeStrategy.concat - case x if x.endsWith("/LineTokenizer.class") => MergeStrategy.concat - case x if x.endsWith("/LogSupport.class") => MergeStrategy.concat - case x if x.endsWith("/MailcapFile.class") => MergeStrategy.concat - case x if x.endsWith("/MimeTypeFile.class") => MergeStrategy.concat - case x => - val oldStrategy = (assembly / assemblyMergeStrategy).value - oldStrategy(x) - } - ), - dockerSettings, - packageSettings - ) - .dependsOn(common % "compile->compile;test->test") + Compile / mainClass := Some("hmda.proxy.FileProxy"), + assembly / assemblyJarName := { + s"${name.value}.jar" + }, + assembly/ assemblyMergeStrategy := { + case "application.conf" => MergeStrategy.concat + case "META-INF/io.netty.versions.properties" => MergeStrategy.concat + case "META-INF/MANIFEST.MF" => MergeStrategy.discard + case PathList("META-INF", xs@_*) => MergeStrategy.concat + case PathList("org", "bouncycastle", xs @_*) => MergeStrategy.first + case PathList("jakarta", xs@_*) => MergeStrategy.last + case PathList(ps @ _*) if ps.last endsWith ".proto" => + MergeStrategy.first + case "module-info.class" => MergeStrategy.concat + case x if x.endsWith("/module-info.class") => MergeStrategy.concat + case x if x.endsWith("/LineTokenizer.class") => MergeStrategy.concat + case x if x.endsWith("/LogSupport.class") => MergeStrategy.concat + case x if x.endsWith("/MailcapFile.class") => MergeStrategy.concat + case x if x.endsWith("/MimeTypeFile.class") => MergeStrategy.concat + case x => + val oldStrategy = (assembly / assemblyMergeStrategy).value + oldStrategy(x) + } + ), + dockerSettings, + packageSettings + ) + .dependsOn(common % "compile->compile;test->test") lazy val `institutions-api` = (project in file("institutions-api")) @@ -593,46 +593,46 @@ lazy val `hmda-analytics` = (project in file("hmda-analytics")) ) .dependsOn(common % "compile->compile;test->test") - lazy val `hmda-auth` = (project in file("hmda-auth")) - .enablePlugins( - JavaServerAppPackaging, - sbtdocker.DockerPlugin, - AshScriptPlugin - ) - .settings(hmdaBuildSettings: _*) - .settings( - Seq( - libraryDependencies ++= keycloakServerDeps, - Compile / mainClass := Some("hmda.authService.HmdaAuth"), - assembly / assemblyJarName := { - s"${name.value}.jar" - }, - assembly / assemblyMergeStrategy := { - case "application.conf" => MergeStrategy.concat - case "META-INF/io.netty.versions.properties" => MergeStrategy.concat - case "META-INF/MANIFEST.MF" => MergeStrategy.discard - case PathList("META-INF", xs @ _*) => MergeStrategy.concat - case PathList("org", "bouncycastle", xs @_*) => MergeStrategy.first - case PathList("jakarta", xs @ _*) => MergeStrategy.last - case "reference.conf" => MergeStrategy.concat - case PathList(ps @ _*) if ps.last endsWith ".proto" => - MergeStrategy.first - case "module-info.class" => MergeStrategy.concat - case x if x.endsWith("/module-info.class") => MergeStrategy.concat - case x if x.endsWith("/LineTokenizer.class") => MergeStrategy.concat - case x if x.endsWith("/LogSupport.class") => MergeStrategy.concat - case x if x.endsWith("/MailcapFile.class") => MergeStrategy.concat - case x if x.endsWith("/MimeTypeFile.class") => MergeStrategy.concat - case x => +lazy val `hmda-auth` = (project in file("hmda-auth")) + .enablePlugins( + JavaServerAppPackaging, + sbtdocker.DockerPlugin, + AshScriptPlugin + ) + .settings(hmdaBuildSettings: _*) + .settings( + Seq( + libraryDependencies ++= keycloakServerDeps, + Compile / mainClass := Some("hmda.authService.HmdaAuth"), + assembly / assemblyJarName := { + s"${name.value}.jar" + }, + assembly / assemblyMergeStrategy := { + case "application.conf" => MergeStrategy.concat + case "META-INF/io.netty.versions.properties" => MergeStrategy.concat + case "META-INF/MANIFEST.MF" => MergeStrategy.discard + case PathList("META-INF", xs @ _*) => MergeStrategy.concat + case PathList("org", "bouncycastle", xs @_*) => MergeStrategy.first + case PathList("jakarta", xs @ _*) => MergeStrategy.last + case "reference.conf" => MergeStrategy.concat + case PathList(ps @ _*) if ps.last endsWith ".proto" => + MergeStrategy.first + case "module-info.class" => MergeStrategy.concat + case x if x.endsWith("/module-info.class") => MergeStrategy.concat + case x if x.endsWith("/LineTokenizer.class") => MergeStrategy.concat + case x if x.endsWith("/LogSupport.class") => MergeStrategy.concat + case x if x.endsWith("/MailcapFile.class") => MergeStrategy.concat + case x if x.endsWith("/MimeTypeFile.class") => MergeStrategy.concat + case x => val oldStrategy = (assembly / assemblyMergeStrategy).value oldStrategy(x) - } - ), - dockerSettings, - packageSettings - ) - .dependsOn(common % "compile->compile;test->test") - .dependsOn(`institutions-api` % "compile->compile;test->test") + } + ), + dockerSettings, + packageSettings + ) + .dependsOn(common % "compile->compile;test->test") + .dependsOn(`institutions-api` % "compile->compile;test->test") lazy val `rate-limit` = (project in file("rate-limit")) .enablePlugins( @@ -820,4 +820,5 @@ lazy val `hmda-quarterly-data-service` = (project in file ("hmda-quarterly-data- .dependsOn(common % "compile->compile;test->test") .dependsOn(`hmda-protocol` % "compile->compile;test->test") -dependencyOverrides += "com.google.guava" % "guava" % "32.0.1-android" +// https://mvnrepository.com/artifact/com.google.guava/guava +libraryDependencies += "com.google.guava" % "guava" % "32.0.0-android" \ No newline at end of file From 6e94eb475a082a661d6e88f8d05c434fb1e5a85c Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Fri, 29 Nov 2024 10:17:25 -0500 Subject: [PATCH 11/15] Use ThisBuild on build.sbt (does not work). --- build.sbt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build.sbt b/build.sbt index f9e2b09ea1..d210d844e1 100644 --- a/build.sbt +++ b/build.sbt @@ -820,5 +820,4 @@ lazy val `hmda-quarterly-data-service` = (project in file ("hmda-quarterly-data- .dependsOn(common % "compile->compile;test->test") .dependsOn(`hmda-protocol` % "compile->compile;test->test") -// https://mvnrepository.com/artifact/com.google.guava/guava -libraryDependencies += "com.google.guava" % "guava" % "32.0.0-android" \ No newline at end of file +ThisBuild / libraryDependencies += "com.google.guava" % "guava" % "32.0.0-android" \ No newline at end of file From b48dd47dbf3fc30a04f8f63a3825d5ec66fb0fc2 Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Fri, 29 Nov 2024 10:29:13 -0500 Subject: [PATCH 12/15] Add guava exclude. --- build.sbt | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index d210d844e1..63d617615d 100644 --- a/build.sbt +++ b/build.sbt @@ -820,4 +820,10 @@ lazy val `hmda-quarterly-data-service` = (project in file ("hmda-quarterly-data- .dependsOn(common % "compile->compile;test->test") .dependsOn(`hmda-protocol` % "compile->compile;test->test") -ThisBuild / libraryDependencies += "com.google.guava" % "guava" % "32.0.0-android" \ No newline at end of file +ThisBuild / libraryDependencies += "com.google.guava" % "guava" % "32.0.0-android" + +libraryDependencies ++= Seq( + "com.datastax.oss" % "java-driver-core" % "4.15.0" exclude ("com.google.guava", "guava"), + "com.datastax.oss" % "java-driver-shaded-guava" % "25.1-jre-graal-sub-1" exclude ("com.google.guava", "guava"), + "com.google.guava" % "guava" % "32.0.0-android" +) \ No newline at end of file From a9d07ac28f308fc44a2a64a1065ef2c55c763b8a Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Fri, 29 Nov 2024 16:42:36 -0500 Subject: [PATCH 13/15] Correct guava version. --- project/Version.scala | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project/Version.scala b/project/Version.scala index dc45c732f2..c4bc634579 100644 --- a/project/Version.scala +++ b/project/Version.scala @@ -33,7 +33,7 @@ object Version { val lettuce = "6.2.4.RELEASE" val java8Compat = "1.0.2" val scalaMock = "4.3.0" - val guava = "33.0.0-jre" + val guava = "32.0.0-android" val awsSesSdk = "1.12.484" val zeroAllocation = "0.16" val cormorant = "0.3.0" From efb2a1e8617d9a55db7a098333bfcb25e003ca2c Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 2 Dec 2024 14:24:14 -0500 Subject: [PATCH 14/15] Netty common cve resolution. --- build.sbt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/build.sbt b/build.sbt index 63d617615d..523e83d1c0 100644 --- a/build.sbt +++ b/build.sbt @@ -826,4 +826,12 @@ libraryDependencies ++= Seq( "com.datastax.oss" % "java-driver-core" % "4.15.0" exclude ("com.google.guava", "guava"), "com.datastax.oss" % "java-driver-shaded-guava" % "25.1-jre-graal-sub-1" exclude ("com.google.guava", "guava"), "com.google.guava" % "guava" % "32.0.0-android" +) + +ThisBuild / libraryDependencies += "io.netty" % "netty-common" % "4.1.115.Final" + +libraryDependencies ++= Seq( + "io.netty" % "netty-common" % "4.1.94.Final" exclude ("io.netty", "netty-common"), + "io.netty" % "netty-transport-native-unix-common" % "4.1.94.Final" exclude ("io.netty", "netty-common"), + "io.netty" % "netty-common" % "4.1.115.Final" ) \ No newline at end of file From 5e9c53caee08b88268f20c07c908fe6fa910e2cd Mon Sep 17 00:00:00 2001 From: jaredb96 Date: Mon, 2 Dec 2024 15:45:52 -0500 Subject: [PATCH 15/15] Keycloak cve resolution. --- build.sbt | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/build.sbt b/build.sbt index 523e83d1c0..688dc33c99 100644 --- a/build.sbt +++ b/build.sbt @@ -834,4 +834,14 @@ libraryDependencies ++= Seq( "io.netty" % "netty-common" % "4.1.94.Final" exclude ("io.netty", "netty-common"), "io.netty" % "netty-transport-native-unix-common" % "4.1.94.Final" exclude ("io.netty", "netty-common"), "io.netty" % "netty-common" % "4.1.115.Final" +) + +libraryDependencies ++= Seq( + "org.keycloak" % "keycloak-crypto-default" % "25.0.3" exclude ("org.keycloak", "keycloak-core"), + "org.keycloak" % "keycloak-server-spi" % "25.0.3" exclude ("org.keycloak", "keycloak-core"), + "org.keycloak" % "keycloak-server-spi-private" % "25.0.3" exclude ("org.keycloak", "keycloak-core"), + "org.keycloak" % "keycloak-adapter-core" % "25.0.3" exclude ("org.keycloak", "keycloak-core"), + "org.keycloak" % "keycloak-admin-client" % "25.0.3" exclude ("org.keycloak", "keycloak-core"), + "org.keycloak" % "keycloak-common" % "25.0.3" exclude ("org.keycloak", "keycloak-core"), + "org.keycloak" % "keycloak-core" % "26.0.6" ) \ No newline at end of file