diff --git a/Justfile b/Justfile index 648beffb2..7f67569a6 100644 --- a/Justfile +++ b/Justfile @@ -9,7 +9,7 @@ BUILDX_PATH := "" RSC_VERSION := "2024.08.0" RSPM_VERSION := "2024.08.2-9" -RSW_VERSION := "2024.04.2+764.pro1" +RSW_VERSION := "2024.09.0+375.pro3" DRIVERS_VERSION := "2023.05.0" DRIVERS_VERSION_RHEL := DRIVERS_VERSION + "-1" diff --git a/docker-bake.hcl b/docker-bake.hcl index 8309c0ef2..5db138635 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -8,7 +8,7 @@ variable PACKAGE_MANAGER_VERSION { } variable WORKBENCH_VERSION { - default = "2024.04.2+764.pro1" + default = "2024.09.0+375.pro3" } variable DRIVERS_VERSION { @@ -96,9 +96,8 @@ function get_tags { variable BASE_BUILD_MATRIX { default = { builds = [ - {os = "ubuntu2204", r_primary = "4.2.3", r_alternate = "4.1.3", py_primary = "3.9.17", py_alternate = "3.8.17"}, - {os = "ubuntu2204", r_primary = "4.2.3", r_alternate = "4.1.3", py_primary = "3.12.1", py_alternate = "3.11.7"}, {os = "ubuntu2204", r_primary = "4.4.0", r_alternate = "4.3.3", py_primary = "3.12.1", py_alternate = "3.11.7"}, + {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"}, ] } } @@ -168,7 +167,7 @@ variable CONTENT_BUILD_MATRIX { variable R_SESSION_COMPLETE_BUILD_MATRIX { default = { builds = [ - {os = "ubuntu2204", r_primary = "4.4.0", r_alternate = "4.3.3", py_primary = "3.12.1", py_alternate = "3.11.7"}, + {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"}, ] } } @@ -176,7 +175,7 @@ variable R_SESSION_COMPLETE_BUILD_MATRIX { variable WORKBENCH_BUILD_MATRIX { default = { builds = [ - {os = "ubuntu2204", r_primary = "4.4.0", r_alternate = "4.3.3", py_primary = "3.12.1", py_alternate = "3.11.7"}, + {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"}, ] } } @@ -184,7 +183,7 @@ variable WORKBENCH_BUILD_MATRIX { variable WORKBENCH_GOOGLE_CLOUD_WORKSTATION_BUILD_MATRIX { default = { builds = [ - {os = "ubuntu2204", r_primary = "4.4.0", r_alternate = "4.3.3", py_primary = "3.12.1", py_alternate = "3.11.7"}, + {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"}, ] } } @@ -192,7 +191,7 @@ variable WORKBENCH_GOOGLE_CLOUD_WORKSTATION_BUILD_MATRIX { variable WORKBENCH_MICROSOFT_AZURE_ML_BUILD_MATRIX { default = { builds = [ - {os = "ubuntu2204", r_primary = "4.2.3", r_alternate = "4.1.3", py_primary = "3.9.17", py_alternate = "3.8.17"}, + {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"}, ] } } diff --git a/r-session-complete/.env b/r-session-complete/.env index 43fc3794d..8ba538cd6 100644 --- a/r-session-complete/.env +++ b/r-session-complete/.env @@ -1,4 +1,4 @@ R_VERSION=4.1.0 PYTHON_VERSION=3.9.5 -RSW_VERSION=2024.04.2+764.pro1 +RSW_VERSION=2024.09.0+375.pro3 DRIVERS_VERSION=2024.03.0-1 diff --git a/r-session-complete/Dockerfile.ubuntu2204 b/r-session-complete/Dockerfile.ubuntu2204 index 7db63af7c..83e4369d4 100644 --- a/r-session-complete/Dockerfile.ubuntu2204 +++ b/r-session-complete/Dockerfile.ubuntu2204 @@ -6,7 +6,7 @@ ARG R_VERSION_ALT=4.3.3 ARG PYTHON_VERSION=3.9.17 ARG PYTHON_VERSION_ALT=3.8.17 ARG JUPYTERLAB_VERSION=3.6.5 -ARG RSW_VERSION=2024.04.2+764.pro1 +ARG RSW_VERSION=2024.09.0+375.pro3 ARG RSW_NAME=rstudio-workbench ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64 ARG SCRIPTS_DIR=/opt/positscripts @@ -43,10 +43,6 @@ RUN ln -s /lib/rstudio-server/bin/quarto/bin/quarto /usr/local/bin/quarto ### Install TinyTeX using Quarto ### RUN $SCRIPTS_DIR/install_quarto.sh --install-tinytex --add-path-tinytex -COPY maybe_install_vs_code.sh /tmp/maybe_install_vs_code.sh -RUN /tmp/maybe_install_vs_code.sh \ - && rm /tmp/maybe_install_vs_code.sh - RUN /opt/python/"${PYTHON_VERSION}"/bin/pip install \ jupyter \ jupyterlab=="${JUPYTERLAB_VERSION}" \ diff --git a/r-session-complete/README.md b/r-session-complete/README.md index 351078ce6..20381c600 100644 --- a/r-session-complete/README.md +++ b/r-session-complete/README.md @@ -7,7 +7,7 @@ # Supported tags and respective Dockerfile links -* [`jammy`, `ubuntu2204`, `jammy-2024.04.2`, `ubuntu2204-2024.04.2`](https://github.com/rstudio/rstudio-docker-products/blob/main/r-session-complete/Dockerfile.ubuntu2204) +* [`jammy`, `ubuntu2204`, `jammy-2024.09.0`, `ubuntu2204-2024.09.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/r-session-complete/Dockerfile.ubuntu2204) # What are the r-session-complete images? diff --git a/r-session-complete/maybe_install_vs_code.sh b/r-session-complete/maybe_install_vs_code.sh deleted file mode 100755 index 949f744f7..000000000 --- a/r-session-complete/maybe_install_vs_code.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -ex - -major=$(echo ${RSW_VERSION} | cut -d. -f1) -minor=$(echo ${RSW_VERSION} | cut -d. -f2) -if [ ${major} -lt 2022 ] || [ ${major} -eq 2022 ] && [ ${minor} -lt 12 ]; then - echo "Installing VS Code" - rstudio-server install-vs-code /opt/code-server/ - ln -s /opt/code-server/bin/code-server /usr/local/bin/code-server -else - echo "VS Code is already installed" -fi diff --git a/workbench-for-google-cloud-workstations/.env b/workbench-for-google-cloud-workstations/.env index 114613d09..238825926 100644 --- a/workbench-for-google-cloud-workstations/.env +++ b/workbench-for-google-cloud-workstations/.env @@ -1,5 +1,5 @@ -RSW_VERSION=2024.04.2+764.pro1 -RSW_TAG_VERSION=2024.04.2-764.pro1 +RSW_VERSION=2024.09.0+375.pro3 +RSW_TAG_VERSION=2024.09.0-375.pro3 RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64 RSW_NAME=rstudio-workbench PYTHON_VERSION=3.11.9 diff --git a/workbench-for-google-cloud-workstations/Dockerfile.ubuntu2204 b/workbench-for-google-cloud-workstations/Dockerfile.ubuntu2204 index d62faba03..9e8186f29 100644 --- a/workbench-for-google-cloud-workstations/Dockerfile.ubuntu2204 +++ b/workbench-for-google-cloud-workstations/Dockerfile.ubuntu2204 @@ -10,7 +10,7 @@ ARG PYTHON_VERSION_ALT=3.10.14 ARG PYTHON_VERSION_JUPYTER=3.10.14 ARG JUPYTERLAB_VERSION=3.6.7 ARG DRIVERS_VERSION=2023.05.0 -ARG RSW_VERSION=2024.04.2+764.pro1 +ARG RSW_VERSION=2024.09.0+375.pro3 ARG RSW_NAME=rstudio-workbench ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64 ARG SCRIPTS_DIR=/opt/positscripts @@ -141,7 +141,7 @@ ADD --chmod=755 https://raw.githubusercontent.com/rstudio/wait-for-it/master/wai RUN mkdir -p /var/lib/rstudio-server/monitor/log \ && chown -R rstudio-server:rstudio-server /var/lib/rstudio-server/monitor \ && mkdir -p /startup/custom/ \ - && printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0027' >> /etc/pam.d/common-session + && printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0077' >> /etc/pam.d/common-session COPY --chmod=755 TurboActivate.dat /opt/rstudio-license/license-manager.conf COPY --chmod=755 license-manager-shim /opt/rstudio-license/license-manager diff --git a/workbench-for-google-cloud-workstations/conf/launcher.conf b/workbench-for-google-cloud-workstations/conf/launcher.conf index dc48bd190..f41786f50 100644 --- a/workbench-for-google-cloud-workstations/conf/launcher.conf +++ b/workbench-for-google-cloud-workstations/conf/launcher.conf @@ -4,7 +4,6 @@ port=5559 server-user=rstudio-server admin-group=rstudio-server authorization-enabled=1 -enable-debug-logging=1 [cluster] name=Local diff --git a/workbench-for-google-cloud-workstations/conf/vscode.conf b/workbench-for-google-cloud-workstations/conf/vscode.conf index 405ff90eb..4160a8ef6 100644 --- a/workbench-for-google-cloud-workstations/conf/vscode.conf +++ b/workbench-for-google-cloud-workstations/conf/vscode.conf @@ -1,4 +1,4 @@ enabled=1 -args=--verbose --host=0.0.0.0 +args=--host=0.0.0.0 -# exe=/usr/lib/rstudio-server/bin/code-server/bin/code-server +# exe=/usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server diff --git a/workbench-for-google-cloud-workstations/pam/rstudio-session b/workbench-for-google-cloud-workstations/pam/rstudio-session index 81bbcd184..3f6f23c86 100644 --- a/workbench-for-google-cloud-workstations/pam/rstudio-session +++ b/workbench-for-google-cloud-workstations/pam/rstudio-session @@ -17,7 +17,7 @@ password sufficient pam_sss.so use_authtok password required pam_unix.so try_first_pass nullok sha512 shadow password optional pam_permit.so -session required pam_mkhomedir.so skel=/etc/skel umask=0027 +session required pam_mkhomedir.so skel=/etc/skel umask=0077 session required pam_env.so readenv=1 session required pam_env.so readenv=1 envfile=/etc/default/locale session required pam_limits.so diff --git a/workbench-for-google-cloud-workstations/test/goss.yaml b/workbench-for-google-cloud-workstations/test/goss.yaml index 8285d1b74..b4aa98e14 100644 --- a/workbench-for-google-cloud-workstations/test/goss.yaml +++ b/workbench-for-google-cloud-workstations/test/goss.yaml @@ -70,8 +70,11 @@ file: exists: true owner: rstudio-server group: rstudio-server - /usr/lib/rstudio-server/bin/code-server/bin/code-server: + /usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server: exists: true + # Old code-server location + /usr/lib/rstudio-server/bin/code-server/bin/code-server: + exists: false /etc/rstudio/vscode.conf: exists: true /etc/rstudio/jupyter.conf: @@ -106,7 +109,7 @@ file: /etc/pam.d/common-session: exists: true contents: - - "/^session required pam_mkhomedir.so skel=/etc/skel umask=0027$/" + - "/^session required pam_mkhomedir.so skel=/etc/skel umask=0077$/" /etc/sssd/sssd.conf: exists: true owner: root diff --git a/workbench-for-microsoft-azure-ml/.env b/workbench-for-microsoft-azure-ml/.env index 5cb6825f1..8ed04719c 100644 --- a/workbench-for-microsoft-azure-ml/.env +++ b/workbench-for-microsoft-azure-ml/.env @@ -1,4 +1,4 @@ -RSW_VERSION=2024.04.2+764.pro1 +RSW_VERSION=2024.09.0+375.pro3 RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/bionic/amd64 RSW_NAME=rstudio-workbench PYTHON_VERSION=3.9.14 diff --git a/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 b/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 index 1f6437c9a..ac1ec2834 100644 --- a/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 +++ b/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 @@ -7,7 +7,7 @@ ARG PYTHON_VERSION=3.9.17 ARG PYTHON_VERSION_ALT=3.8.17 ARG PYTHON_VERSION_JUPYTER=3.8.17 ARG JUPYTERLAB_VERSION=3.6.7 -ARG RSW_VERSION=2024.04.2+764.pro1 +ARG RSW_VERSION=2024.09.0+375.pro3 ARG RSW_NAME=rstudio-workbench ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64 ARG SCRIPTS_DIR=/opt/positscripts @@ -187,5 +187,5 @@ LABEL \ azure.ii.endpoints='[{"label":"connect","target":8787,"protocol":"http"}]' \ org.opencontainers.image.description='A professional integrated development environment for data science teams using R and Python' \ org.opencontainers.image.title='RStudio Workbench' \ - org.opencontainers.image.version='2024.04.2+764.pro1' \ + org.opencontainers.image.version='2024.09.0+375.pro3' \ org.opencontainers.image.url='https://www.rstudio.com/products/workbench/' diff --git a/workbench-for-microsoft-azure-ml/conf/launcher.conf b/workbench-for-microsoft-azure-ml/conf/launcher.conf index c73ef787c..a058867a7 100644 --- a/workbench-for-microsoft-azure-ml/conf/launcher.conf +++ b/workbench-for-microsoft-azure-ml/conf/launcher.conf @@ -5,7 +5,6 @@ server-user=rstudio-server admin-group=rstudio-server authorization-enabled=1 thread-pool-size=4 -enable-debug-logging=1 [cluster] name=Local diff --git a/workbench-for-microsoft-azure-ml/conf/vscode.conf b/workbench-for-microsoft-azure-ml/conf/vscode.conf index c6abf3ac7..4160a8ef6 100644 --- a/workbench-for-microsoft-azure-ml/conf/vscode.conf +++ b/workbench-for-microsoft-azure-ml/conf/vscode.conf @@ -1,3 +1,4 @@ enabled=1 -exe=/opt/code-server/bin/code-server -args=--verbose --host=0.0.0.0 +args=--host=0.0.0.0 + +# exe=/usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server diff --git a/workbench-for-microsoft-azure-ml/test/goss.yaml b/workbench-for-microsoft-azure-ml/test/goss.yaml index 5983284a2..221316fc0 100644 --- a/workbench-for-microsoft-azure-ml/test/goss.yaml +++ b/workbench-for-microsoft-azure-ml/test/goss.yaml @@ -78,8 +78,11 @@ file: exists: true owner: rstudio-server group: rstudio-server - /usr/lib/rstudio-server/bin/code-server/bin/code-server: + /usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server: exists: true + # Old code-server location + /usr/lib/rstudio-server/bin/code-server/bin/code-server: + exists: false /etc/rstudio/vscode.conf: exists: true /tmp/startup.log: diff --git a/workbench/.env b/workbench/.env index c5852ccd4..2c1af1c85 100644 --- a/workbench/.env +++ b/workbench/.env @@ -1,4 +1,4 @@ -RSW_VERSION=2024.04.2+764.pro1 +RSW_VERSION=2024.09.0+375.pro3 RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/bionic/amd64 RSW_NAME=rstudio-workbench PYTHON_VERSION=3.9.17 diff --git a/workbench/Dockerfile.ubuntu2204 b/workbench/Dockerfile.ubuntu2204 index 544fe97bb..f76f011fd 100644 --- a/workbench/Dockerfile.ubuntu2204 +++ b/workbench/Dockerfile.ubuntu2204 @@ -7,7 +7,7 @@ ARG PYTHON_VERSION=3.9.17 ARG PYTHON_VERSION_ALT=3.8.17 ARG PYTHON_VERSION_JUPYTER=3.8.17 ARG JUPYTERLAB_VERSION=3.6.7 -ARG RSW_VERSION=2024.04.2+764.pro1 +ARG RSW_VERSION=2024.09.0+375.pro3 ARG RSW_NAME=rstudio-workbench ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64 ARG SCRIPTS_DIR=/opt/positscripts @@ -73,10 +73,6 @@ RUN ln -s /lib/rstudio-server/bin/quarto/bin/quarto /usr/local/bin/quarto ### Install TinyTeX using Quarto ### RUN $SCRIPTS_DIR/install_quarto.sh --install-tinytex --add-path-tinytex -COPY maybe_install_vs_code.sh /tmp/maybe_install_vs_code.sh -RUN /tmp/maybe_install_vs_code.sh \ - && rm /tmp/maybe_install_vs_code.sh - COPY --chmod=0775 startup.sh /usr/local/bin/startup.sh COPY startup-launcher/* /startup/launcher/ COPY startup-user-provisioning/* /startup/user-provisioning/ @@ -107,7 +103,7 @@ COPY conf/* /etc/rstudio/ RUN mkdir -p /var/lib/rstudio-server/monitor/log && \ chown -R rstudio-server:rstudio-server /var/lib/rstudio-server/monitor && \ mkdir -p /startup/custom/ && \ - printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0027' >> /etc/pam.d/common-session + printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0077' >> /etc/pam.d/common-session EXPOSE 8787/tcp EXPOSE 5559/tcp diff --git a/workbench/NEWS.md b/workbench/NEWS.md index ab9e0af06..f118fcdfd 100644 --- a/workbench/NEWS.md +++ b/workbench/NEWS.md @@ -1,4 +1,9 @@ +# 2024.09.0 + +- Update umask for user home directory from 0022 to 0077 to improve security of directory permissions + # 2023.03.1 + - No changes # 2023.03.0 diff --git a/workbench/README.md b/workbench/README.md index 92584be7c..3b36732e5 100644 --- a/workbench/README.md +++ b/workbench/README.md @@ -7,7 +7,7 @@ # Supported tags and respective Dockerfile links -* [`jammy`, `ubuntu2204`, `jammy-2024.04.2`, `ubuntu2204-2024.04.2`](https://github.com/rstudio/rstudio-docker-products/blob/main/workbench/Dockerfile.ubuntu2204) +* [`jammy`, `ubuntu2204`, `jammy-2024.09.0`, `ubuntu2204-2024.09.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/workbench/Dockerfile.ubuntu2204) # What is RStudio Workbench? diff --git a/workbench/conf/launcher.conf b/workbench/conf/launcher.conf index c73ef787c..a058867a7 100644 --- a/workbench/conf/launcher.conf +++ b/workbench/conf/launcher.conf @@ -5,7 +5,6 @@ server-user=rstudio-server admin-group=rstudio-server authorization-enabled=1 thread-pool-size=4 -enable-debug-logging=1 [cluster] name=Local diff --git a/workbench/conf/vscode.conf b/workbench/conf/vscode.conf index 405ff90eb..4160a8ef6 100644 --- a/workbench/conf/vscode.conf +++ b/workbench/conf/vscode.conf @@ -1,4 +1,4 @@ enabled=1 -args=--verbose --host=0.0.0.0 +args=--host=0.0.0.0 -# exe=/usr/lib/rstudio-server/bin/code-server/bin/code-server +# exe=/usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server diff --git a/workbench/maybe_install_vs_code.sh b/workbench/maybe_install_vs_code.sh deleted file mode 100755 index 949f744f7..000000000 --- a/workbench/maybe_install_vs_code.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -ex - -major=$(echo ${RSW_VERSION} | cut -d. -f1) -minor=$(echo ${RSW_VERSION} | cut -d. -f2) -if [ ${major} -lt 2022 ] || [ ${major} -eq 2022 ] && [ ${minor} -lt 12 ]; then - echo "Installing VS Code" - rstudio-server install-vs-code /opt/code-server/ - ln -s /opt/code-server/bin/code-server /usr/local/bin/code-server -else - echo "VS Code is already installed" -fi diff --git a/workbench/pam/rstudio-session b/workbench/pam/rstudio-session index 81bbcd184..3f6f23c86 100644 --- a/workbench/pam/rstudio-session +++ b/workbench/pam/rstudio-session @@ -17,7 +17,7 @@ password sufficient pam_sss.so use_authtok password required pam_unix.so try_first_pass nullok sha512 shadow password optional pam_permit.so -session required pam_mkhomedir.so skel=/etc/skel umask=0027 +session required pam_mkhomedir.so skel=/etc/skel umask=0077 session required pam_env.so readenv=1 session required pam_env.so readenv=1 envfile=/etc/default/locale session required pam_limits.so diff --git a/workbench/test/goss.yaml b/workbench/test/goss.yaml index 297662dec..a8fce2d53 100644 --- a/workbench/test/goss.yaml +++ b/workbench/test/goss.yaml @@ -69,14 +69,11 @@ file: exists: true owner: rstudio-server group: rstudio-server - {{ $version_split := split "." .Env.RSW_VERSION }} - {{ if or (ge ($version_split._0 | atoi) 2025) (and (ge ($version_split._0 | atoi) 2024) (ge ($version_split._1 | atoi) 7)) }} /usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server: exists: true - {{ else }} + # Old code-server location /usr/lib/rstudio-server/bin/code-server/bin/code-server: - exists: true - {{ end }} + exists: false /var/lib/rstudio-launcher/Local/jobs/buildkitsandbox: exists: false /etc/rstudio/vscode.conf: @@ -88,7 +85,7 @@ file: /etc/pam.d/common-session: exists: true contains: - - "/^session required pam_mkhomedir.so skel=/etc/skel umask=0027$/" + - "/^session required pam_mkhomedir.so skel=/etc/skel umask=0077$/" /etc/sssd/sssd.conf: exists: true owner: root