Merge remote-tracking branch 'origin/develop' into fb_addWorkflows

LabKey · Feb 23, 2024 · 39ff5fd · 39ff5fd
2 parents cdb7534 + 1e26e07
commit 39ff5fd
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 18 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -86,8 +86,8 @@ ENV CERT_C="US" \
     CERT_OU="IT" \
     CERT_CN="localhost" \
     \
-    CSP_DISPOSITION= \
-    CSP_POLICY= \
+    CSP_REPORT= \
+    CSP_ENFORCE= \
     \
     SMTP_HOST="localhost" \
     SMTP_USER="root" \
@@ -149,7 +149,7 @@ RUN [ -n "${DEBUG}" ] && set -x; \
         apt-get update; \
         apt-get -yq --no-install-recommends install \
             libtcnative-1=1.2.31-1build1 \
-            openssl=3.0.2-0ubuntu1.12 \
+            openssl=3.0.2-0ubuntu1.14 \
             gettext-base=0.21-4ubuntu4 \
             unzip=6.0-26ubuntu3.1 \
             ; \

diff --git a/application.properties b/application.properties
@@ -151,6 +151,7 @@ management.endpoints.web.base-path=/
 
 management.endpoints.enabled-by-default=false
 management.endpoint.health.enabled=true
+management.endpoint.shutdown.enabled=false
 
 management.endpoints.web.exposure.include=health
 management.endpoints.jmx.exposure.exclude=*

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -87,7 +87,7 @@ services:
       - SLEEP=${SLEEP:-0}
 
   pg-community:
-    image: postgres:13
+    image: postgres:15
     # deploy:
     #   resources:
     #     limits:
@@ -198,7 +198,7 @@ services:
       - SLEEP=${SLEEP:-0}
 
   pg-allpg:
-    image: postgres:13
+    image: postgres:15
     # deploy:
     #   resources:
     #     limits:
@@ -307,7 +307,7 @@ services:
       - SLEEP=${SLEEP:-0}
 
   pg-enterprise:
-    image: postgres:13
+    image: postgres:15
     # deploy:
     #   resources:
     #     limits:
@@ -373,8 +373,8 @@ services:
       - MAX_JVM_RAM_PERCENT=${MAX_JVM_RAM_PERCENT:-75.0}
       - JAVA_PRE_JAR_EXTRA=-XX:+UseSerialGC -Xss512k
 
-      - CSP_DISPOSITION=${CSP_DISPOSITION:-}
-      - CSP_POLICY=${CSP_POLICY:-}
+      - CSP_REPORT=${CSP_REPORT:-}
+      - CSP_ENFORCE=${CSP_ENFORCE:-}
 
       # - SMTP_HOST=mailhog
       # - SMTP_PORT=1025
@@ -419,7 +419,7 @@ services:
       - SLEEP=${SLEEP:-0}
 
   pg-lims_starter:
-    image: postgres:13
+    image: postgres:15
     # deploy:
     #   resources:
     #     limits:

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -21,8 +21,8 @@ LOG4J_CONFIG_FILE="${LOG4J_CONFIG_FILE:=log4j2.xml}"
 JSON_OUTPUT="${JSON_OUTPUT:-false}"
 
 # Content Security Policy settings
-CSP_DISPOSITION="${CSP_DISPOSITION:-}"
-CSP_POLICY="${CSP_POLICY:-}"
+CSP_REPORT="${CSP_REPORT:-}"
+CSP_ENFORCE="${CSP_ENFORCE:-}"
 
 # for ecs/datadog, optionally enable APM metrics
 DD_COLLECT_APM="${DD_COLLECT_APM:-false}"
@@ -208,12 +208,13 @@ main() {
   sed -i "s/@@jdbcUser@@/${POSTGRES_USER:-postgres}/" config/application.properties
   sed -i "s/@@jdbcPassword@@/${POSTGRES_PASSWORD:-}/" config/application.properties
 
-  # only set up CSP if both vars are defined, otherwise ignore
-  # note: newlines in CSP_POLICY must be double-escaped (or can leave out entirely). 
-  #       ex: "default-src 'self' https: ;\\\nconnect-src 'self' https: ;\\\n...
-  if [ -n "$CSP_DISPOSITION" ] && [ -n "$CSP_POLICY" ]; then
-    echo "csp.disposition=$CSP_DISPOSITION\n" >> config/application.properties
-    echo "csp.policy=$CSP_POLICY\n" >> config/application.properties
+  # note: leave newlines out of CSP_REPORT/ENFORCE env vars
+  #       ex: "default-src 'self' https: ; connect-src 'self' https: ; ...""
+  if [ -n "$CSP_REPORT" ]; then
+    echo "csp.report=$CSP_REPORT\n" >> config/application.properties
+  fi
+  if [ -n "$CSP_ENFORCE" ]; then
+    echo "csp.enforce=$CSP_ENFORCE\n" >> config/application.properties
   fi
 
   sed -i "s/@@smtpHost@@/${SMTP_HOST}/" config/application.properties
@@ -227,7 +228,7 @@ main() {
   sed -i "s/@@encryptionKey@@/${LABKEY_EK}/" config/application.properties
 
   echo "Purging secrets and other bits from environment variables..."
-  unset POSTGRES_USER POSTGRES_PASSWORD POSTGRES_HOST POSTGRES_PORT POSTGRES_DB POSTGRES_PARAMETERS CSP_DISPOSITION CSP_POLICY
+  unset POSTGRES_USER POSTGRES_PASSWORD POSTGRES_HOST POSTGRES_PORT POSTGRES_DB POSTGRES_PARAMETERS CSP_REPORT CSP_ENFORCE
   unset SMTP_HOST SMTP_USER SMTP_PORT SMTP_PASSWORD SMTP_AUTH SMTP_FROM SMTP_STARTTLS
   unset LABKEY_CREATE_INITIAL_USER LABKEY_CREATE_INITIAL_USER_APIKEY LABKEY_INITIAL_USER_APIKEY LABKEY_INITIAL_USER_EMAIL LABKEY_INITIAL_USER_GROUP LABKEY_INITIAL_USER_ROLE
   unset LABKEY_EK SLEEP