Bump Tenable.sc to 5.20.1, S6 Overlay to 3.1.0.1 and tided the Tenable repo

Dockerfile

@@ -2,22 +2,24 @@ FROM centos:7
 
 VOLUME /opt/sc
 
-ENV SC_VER=5.17.0-el7
-ARG S6_OVERLAY_VERSION=2.2.0.1
+ENV SC_VER=5.20.1-el7
+ARG S6_OVERLAY_VERSION=3.1.0.1
 
 WORKDIR /tmp
 
-RUN rpm --import https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable
+COPY Tenable.repo /etc/yum.repos.d/Tenable.repo
 
-COPY yum.repo /etc/yum.repos.d/Tenable.repo
-
-RUN yum -y update \
- && yum install -y wget java-1.8.0-openjdk \
- && wget https://github.com/just-containers/s6-overlay/releases/download/v$S6_OVERLAY_VERSION/s6-overlay-amd64.tar.gz \
- && tar xzf s6-overlay-amd64.tar.gz -C / --exclude="./bin" \
- && tar xzf s6-overlay-amd64.tar.gz -C /usr ./bin \
+RUN sed -i.backup 's/^enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf \
+ && yum -y update \
+ && rpm --import https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable \
+ && yum install -y wget java-1.8.0-openjdk xz-utils \
  && yum -y clean all
 
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
+RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
+RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
+
 EXPOSE 443
 
 RUN useradd tns

README.md

@@ -27,7 +27,7 @@ To upgrade the container, add the following flags to the `docker-compose.yml` fi
 
 	environment:
 	 - INSTALL=yes
-	 - SC_VER=5.17.0-el7
+	 - SC_VER=5.20.1-el7
 
 The `SC_VER` environment variable should match the package versions listed here: [https://www.tenable.com/downloads/tenable-sc](https://www.tenable.com/downloads/tenable-sc).
 

yum.repo → Tenable.repo

@@ -2,12 +2,14 @@
 name=Tenable-$releasever - Platform
 baseurl=https://appliance.cloud.tenable.com/repos/$releasever/tenable/platform/$basearch
 gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Tenable
 mdpolicy=group:all
 skip_if_unavailable=1
 
 [tenable-applications]
 name=Tenable-$releasever - Applications
 baseurl=https://appliance.cloud.tenable.com/repos/$releasever/tenable/applications/$basearch
 gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Tenable
 mdpolicy=group:all
 skip_if_unavailable=1

container-files/etc/cont-init.d/01-install-tenablesc

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 FILE="/opt/sc/.install"
 
 if [[ ! -f $FILE ]] || [[ -n "$INSTALL" ]]; then

container-files/etc/services.d/httpd/finish

@@ -1,2 +1,2 @@
-#!/usr/bin/execlineb -P
+#!/command/execlineb -P
 rm -f /opt/sc/support/logs/httpd.pid

container-files/etc/services.d/httpd/run

@@ -1,2 +1,2 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 source /opt/sc/.scenv && exec $SC_ROOT/support/bin/httpd -k start -DFOREGROUND

container-files/etc/services.d/jobd/finish

@@ -1,2 +1,2 @@
-#!/usr/bin/execlineb -P
+#!/command/execlineb -P
 rm -f /opt/sc/daemon/Jobd.pid

container-files/etc/services.d/jobd/run

@@ -1,2 +1,2 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 source /opt/sc/.scenv && exec $SC_ROOT/support/bin/php -f $SC_ROOT/daemons/Jobd.php