Merge pull request #844 from rstudio/dev

Release Workbench 2024.09.0, including umask changes from dev
rstudio · Sep 24, 2024 · bfbd48e · bfbd48e
2 parents b10466d + 6fc98c6
commit bfbd48e
Show file tree

Hide file tree

Showing 26 changed files with 47 additions and 76 deletions.
diff --git a/Justfile b/Justfile
@@ -9,7 +9,7 @@ BUILDX_PATH := ""
 
 RSC_VERSION := "2024.08.0"
 RSPM_VERSION := "2024.08.2-9"
-RSW_VERSION := "2024.04.2+764.pro1"
+RSW_VERSION := "2024.09.0+375.pro3"
 
 DRIVERS_VERSION := "2023.05.0"
 DRIVERS_VERSION_RHEL := DRIVERS_VERSION + "-1"

diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -8,7 +8,7 @@ variable PACKAGE_MANAGER_VERSION {
 }
 
 variable WORKBENCH_VERSION {
-    default = "2024.04.2+764.pro1"
+    default = "2024.09.0+375.pro3"
 }
 
 variable DRIVERS_VERSION {
@@ -96,9 +96,8 @@ function get_tags {
 variable BASE_BUILD_MATRIX {
     default = {
         builds = [
-            {os = "ubuntu2204", r_primary = "4.2.3", r_alternate = "4.1.3", py_primary = "3.9.17", py_alternate = "3.8.17"},
-            {os = "ubuntu2204", r_primary = "4.2.3", r_alternate = "4.1.3", py_primary = "3.12.1", py_alternate = "3.11.7"},
             {os = "ubuntu2204", r_primary = "4.4.0", r_alternate = "4.3.3", py_primary = "3.12.1", py_alternate = "3.11.7"},
+            {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"},
         ]
     }
 }
@@ -168,31 +167,31 @@ variable CONTENT_BUILD_MATRIX {
 variable R_SESSION_COMPLETE_BUILD_MATRIX {
     default = {
         builds = [
-            {os = "ubuntu2204", r_primary = "4.4.0", r_alternate = "4.3.3", py_primary = "3.12.1", py_alternate = "3.11.7"},
+            {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"},
         ]
     }
 }
 
 variable WORKBENCH_BUILD_MATRIX {
     default = {
         builds = [
-            {os = "ubuntu2204", r_primary = "4.4.0", r_alternate = "4.3.3", py_primary = "3.12.1", py_alternate = "3.11.7"},
+            {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"},
         ]
     }
 }
 
 variable WORKBENCH_GOOGLE_CLOUD_WORKSTATION_BUILD_MATRIX {
     default = {
         builds = [
-            {os = "ubuntu2204", r_primary = "4.4.0", r_alternate = "4.3.3", py_primary = "3.12.1", py_alternate = "3.11.7"},
+            {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"},
         ]
     }
 }
 
 variable WORKBENCH_MICROSOFT_AZURE_ML_BUILD_MATRIX {
     default = {
         builds = [
-            {os = "ubuntu2204", r_primary = "4.2.3", r_alternate = "4.1.3", py_primary = "3.9.17", py_alternate = "3.8.17"},
+            {os = "ubuntu2204", r_primary = "4.4.1", r_alternate = "4.3.3", py_primary = "3.12.6", py_alternate = "3.11.10"},
         ]
     }
 }

diff --git a/r-session-complete/.env b/r-session-complete/.env
@@ -1,4 +1,4 @@
 R_VERSION=4.1.0
 PYTHON_VERSION=3.9.5
-RSW_VERSION=2024.04.2+764.pro1
+RSW_VERSION=2024.09.0+375.pro3
 DRIVERS_VERSION=2024.03.0-1
diff --git a/r-session-complete/Dockerfile.ubuntu2204 b/r-session-complete/Dockerfile.ubuntu2204
@@ -6,7 +6,7 @@ ARG R_VERSION_ALT=4.3.3
 ARG PYTHON_VERSION=3.9.17
 ARG PYTHON_VERSION_ALT=3.8.17
 ARG JUPYTERLAB_VERSION=3.6.5
-ARG RSW_VERSION=2024.04.2+764.pro1
+ARG RSW_VERSION=2024.09.0+375.pro3
 ARG RSW_NAME=rstudio-workbench
 ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64
 ARG SCRIPTS_DIR=/opt/positscripts
@@ -43,10 +43,6 @@ RUN ln -s /lib/rstudio-server/bin/quarto/bin/quarto /usr/local/bin/quarto
 ### Install TinyTeX using Quarto ###
 RUN $SCRIPTS_DIR/install_quarto.sh --install-tinytex --add-path-tinytex
 
-COPY maybe_install_vs_code.sh /tmp/maybe_install_vs_code.sh
-RUN /tmp/maybe_install_vs_code.sh \
-    && rm /tmp/maybe_install_vs_code.sh
-
 RUN /opt/python/"${PYTHON_VERSION}"/bin/pip install \
       jupyter \
       jupyterlab=="${JUPYTERLAB_VERSION}" \

diff --git a/r-session-complete/README.md b/r-session-complete/README.md
@@ -7,7 +7,7 @@
 
 # Supported tags and respective Dockerfile links
 
-* [`jammy`, `ubuntu2204`, `jammy-2024.04.2`, `ubuntu2204-2024.04.2`](https://github.com/rstudio/rstudio-docker-products/blob/main/r-session-complete/Dockerfile.ubuntu2204)
+* [`jammy`, `ubuntu2204`, `jammy-2024.09.0`, `ubuntu2204-2024.09.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/r-session-complete/Dockerfile.ubuntu2204)
 
 # What are the r-session-complete images?
 

diff --git a/r-session-complete/maybe_install_vs_code.sh b/r-session-complete/maybe_install_vs_code.sh
diff --git a/workbench-for-google-cloud-workstations/.env b/workbench-for-google-cloud-workstations/.env
@@ -1,5 +1,5 @@
-RSW_VERSION=2024.04.2+764.pro1
-RSW_TAG_VERSION=2024.04.2-764.pro1
+RSW_VERSION=2024.09.0+375.pro3
+RSW_TAG_VERSION=2024.09.0-375.pro3
 RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64
 RSW_NAME=rstudio-workbench
 PYTHON_VERSION=3.11.9

diff --git a/workbench-for-google-cloud-workstations/Dockerfile.ubuntu2204 b/workbench-for-google-cloud-workstations/Dockerfile.ubuntu2204
@@ -10,7 +10,7 @@ ARG PYTHON_VERSION_ALT=3.10.14
 ARG PYTHON_VERSION_JUPYTER=3.10.14
 ARG JUPYTERLAB_VERSION=3.6.7
 ARG DRIVERS_VERSION=2023.05.0
-ARG RSW_VERSION=2024.04.2+764.pro1
+ARG RSW_VERSION=2024.09.0+375.pro3
 ARG RSW_NAME=rstudio-workbench
 ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64
 ARG SCRIPTS_DIR=/opt/positscripts
@@ -141,7 +141,7 @@ ADD --chmod=755 https://raw.githubusercontent.com/rstudio/wait-for-it/master/wai
 RUN mkdir -p /var/lib/rstudio-server/monitor/log \
     && chown -R rstudio-server:rstudio-server /var/lib/rstudio-server/monitor \
     && mkdir -p /startup/custom/ \
-    && printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0027' >> /etc/pam.d/common-session
+    && printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0077' >> /etc/pam.d/common-session
 
 COPY --chmod=755 TurboActivate.dat /opt/rstudio-license/license-manager.conf
 COPY --chmod=755 license-manager-shim /opt/rstudio-license/license-manager

diff --git a/workbench-for-google-cloud-workstations/conf/launcher.conf b/workbench-for-google-cloud-workstations/conf/launcher.conf
@@ -4,7 +4,6 @@ port=5559
 server-user=rstudio-server
 admin-group=rstudio-server
 authorization-enabled=1
-enable-debug-logging=1
 
 [cluster]
 name=Local

diff --git a/workbench-for-google-cloud-workstations/conf/vscode.conf b/workbench-for-google-cloud-workstations/conf/vscode.conf
@@ -1,4 +1,4 @@
 enabled=1
-args=--verbose --host=0.0.0.0
+args=--host=0.0.0.0
 
-# exe=/usr/lib/rstudio-server/bin/code-server/bin/code-server
+# exe=/usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server
diff --git a/workbench-for-google-cloud-workstations/pam/rstudio-session b/workbench-for-google-cloud-workstations/pam/rstudio-session
@@ -17,7 +17,7 @@ password sufficient pam_sss.so use_authtok
 password required pam_unix.so try_first_pass nullok sha512 shadow
 password optional pam_permit.so
 
-session required pam_mkhomedir.so skel=/etc/skel umask=0027
+session required pam_mkhomedir.so skel=/etc/skel umask=0077
 session required pam_env.so readenv=1
 session required pam_env.so readenv=1 envfile=/etc/default/locale
 session required pam_limits.so

diff --git a/workbench-for-google-cloud-workstations/test/goss.yaml b/workbench-for-google-cloud-workstations/test/goss.yaml
@@ -70,8 +70,11 @@ file:
     exists: true
     owner: rstudio-server
     group: rstudio-server
-  /usr/lib/rstudio-server/bin/code-server/bin/code-server:
+  /usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server:
     exists: true
+  # Old code-server location
+  /usr/lib/rstudio-server/bin/code-server/bin/code-server:
+    exists: false
   /etc/rstudio/vscode.conf:
     exists: true
   /etc/rstudio/jupyter.conf:
@@ -106,7 +109,7 @@ file:
   /etc/pam.d/common-session:
     exists: true
     contents:
-      - "/^session required pam_mkhomedir.so skel=/etc/skel umask=0027$/"
+      - "/^session required pam_mkhomedir.so skel=/etc/skel umask=0077$/"
   /etc/sssd/sssd.conf:
     exists: true
     owner: root

diff --git a/workbench-for-microsoft-azure-ml/.env b/workbench-for-microsoft-azure-ml/.env
@@ -1,4 +1,4 @@
-RSW_VERSION=2024.04.2+764.pro1
+RSW_VERSION=2024.09.0+375.pro3
 RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/bionic/amd64
 RSW_NAME=rstudio-workbench
 PYTHON_VERSION=3.9.14

diff --git a/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204 b/workbench-for-microsoft-azure-ml/Dockerfile.ubuntu2204
@@ -7,7 +7,7 @@ ARG PYTHON_VERSION=3.9.17
 ARG PYTHON_VERSION_ALT=3.8.17
 ARG PYTHON_VERSION_JUPYTER=3.8.17
 ARG JUPYTERLAB_VERSION=3.6.7
-ARG RSW_VERSION=2024.04.2+764.pro1
+ARG RSW_VERSION=2024.09.0+375.pro3
 ARG RSW_NAME=rstudio-workbench
 ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64
 ARG SCRIPTS_DIR=/opt/positscripts
@@ -187,5 +187,5 @@ LABEL \
      azure.ii.endpoints='[{"label":"connect","target":8787,"protocol":"http"}]' \
      org.opencontainers.image.description='A professional integrated development environment for data science teams using R and Python' \
      org.opencontainers.image.title='RStudio Workbench' \
-     org.opencontainers.image.version='2024.04.2+764.pro1' \
+     org.opencontainers.image.version='2024.09.0+375.pro3' \
      org.opencontainers.image.url='https://www.rstudio.com/products/workbench/'
diff --git a/workbench-for-microsoft-azure-ml/conf/launcher.conf b/workbench-for-microsoft-azure-ml/conf/launcher.conf
@@ -5,7 +5,6 @@ server-user=rstudio-server
 admin-group=rstudio-server
 authorization-enabled=1
 thread-pool-size=4
-enable-debug-logging=1
 
 [cluster]
 name=Local

diff --git a/workbench-for-microsoft-azure-ml/conf/vscode.conf b/workbench-for-microsoft-azure-ml/conf/vscode.conf
@@ -1,3 +1,4 @@
 enabled=1
-exe=/opt/code-server/bin/code-server
-args=--verbose --host=0.0.0.0
+args=--host=0.0.0.0
+
+# exe=/usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server
diff --git a/workbench-for-microsoft-azure-ml/test/goss.yaml b/workbench-for-microsoft-azure-ml/test/goss.yaml
@@ -78,8 +78,11 @@ file:
     exists: true
     owner: rstudio-server
     group: rstudio-server
-  /usr/lib/rstudio-server/bin/code-server/bin/code-server:
+  /usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server:
     exists: true
+  # Old code-server location
+  /usr/lib/rstudio-server/bin/code-server/bin/code-server:
+    exists: false
   /etc/rstudio/vscode.conf:
     exists: true
   /tmp/startup.log:

diff --git a/workbench/.env b/workbench/.env
@@ -1,4 +1,4 @@
-RSW_VERSION=2024.04.2+764.pro1
+RSW_VERSION=2024.09.0+375.pro3
 RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/bionic/amd64
 RSW_NAME=rstudio-workbench
 PYTHON_VERSION=3.9.17

diff --git a/workbench/Dockerfile.ubuntu2204 b/workbench/Dockerfile.ubuntu2204
@@ -7,7 +7,7 @@ ARG PYTHON_VERSION=3.9.17
 ARG PYTHON_VERSION_ALT=3.8.17
 ARG PYTHON_VERSION_JUPYTER=3.8.17
 ARG JUPYTERLAB_VERSION=3.6.7
-ARG RSW_VERSION=2024.04.2+764.pro1
+ARG RSW_VERSION=2024.09.0+375.pro3
 ARG RSW_NAME=rstudio-workbench
 ARG RSW_DOWNLOAD_URL=https://download2.rstudio.org/server/jammy/amd64
 ARG SCRIPTS_DIR=/opt/positscripts
@@ -73,10 +73,6 @@ RUN ln -s /lib/rstudio-server/bin/quarto/bin/quarto /usr/local/bin/quarto
 ### Install TinyTeX using Quarto ###
 RUN $SCRIPTS_DIR/install_quarto.sh --install-tinytex --add-path-tinytex
 
-COPY maybe_install_vs_code.sh /tmp/maybe_install_vs_code.sh
-RUN /tmp/maybe_install_vs_code.sh \
-    && rm /tmp/maybe_install_vs_code.sh
-
 COPY --chmod=0775 startup.sh /usr/local/bin/startup.sh
 COPY startup-launcher/* /startup/launcher/
 COPY startup-user-provisioning/* /startup/user-provisioning/
@@ -107,7 +103,7 @@ COPY conf/* /etc/rstudio/
 RUN mkdir -p /var/lib/rstudio-server/monitor/log && \
     chown -R rstudio-server:rstudio-server /var/lib/rstudio-server/monitor && \
     mkdir -p /startup/custom/ && \
-    printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0027' >> /etc/pam.d/common-session
+    printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0077' >> /etc/pam.d/common-session
 
 EXPOSE 8787/tcp
 EXPOSE 5559/tcp

diff --git a/workbench/NEWS.md b/workbench/NEWS.md
@@ -1,4 +1,9 @@
+# 2024.09.0
+
+- Update umask for user home directory from 0022 to 0077 to improve security of directory permissions
+
 # 2023.03.1
+
 - No changes
 
 # 2023.03.0

diff --git a/workbench/README.md b/workbench/README.md
@@ -7,7 +7,7 @@
 
 # Supported tags and respective Dockerfile links
 
-* [`jammy`, `ubuntu2204`, `jammy-2024.04.2`, `ubuntu2204-2024.04.2`](https://github.com/rstudio/rstudio-docker-products/blob/main/workbench/Dockerfile.ubuntu2204)
+* [`jammy`, `ubuntu2204`, `jammy-2024.09.0`, `ubuntu2204-2024.09.0`](https://github.com/rstudio/rstudio-docker-products/blob/main/workbench/Dockerfile.ubuntu2204)
 
 # What is RStudio Workbench?
 

diff --git a/workbench/conf/launcher.conf b/workbench/conf/launcher.conf
@@ -5,7 +5,6 @@ server-user=rstudio-server
 admin-group=rstudio-server
 authorization-enabled=1
 thread-pool-size=4
-enable-debug-logging=1
 
 [cluster]
 name=Local

diff --git a/workbench/conf/vscode.conf b/workbench/conf/vscode.conf
@@ -1,4 +1,4 @@
 enabled=1
-args=--verbose --host=0.0.0.0
+args=--host=0.0.0.0
 
-# exe=/usr/lib/rstudio-server/bin/code-server/bin/code-server
+# exe=/usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server
diff --git a/workbench/maybe_install_vs_code.sh b/workbench/maybe_install_vs_code.sh
diff --git a/workbench/pam/rstudio-session b/workbench/pam/rstudio-session
@@ -17,7 +17,7 @@ password sufficient pam_sss.so use_authtok
 password required pam_unix.so try_first_pass nullok sha512 shadow
 password optional pam_permit.so
 
-session required pam_mkhomedir.so skel=/etc/skel umask=0027
+session required pam_mkhomedir.so skel=/etc/skel umask=0077
 session required pam_env.so readenv=1
 session required pam_env.so readenv=1 envfile=/etc/default/locale
 session required pam_limits.so

diff --git a/workbench/test/goss.yaml b/workbench/test/goss.yaml
@@ -69,14 +69,11 @@ file:
     exists: true
     owner: rstudio-server
     group: rstudio-server
-  {{ $version_split := split "." .Env.RSW_VERSION }}
-  {{ if or (ge ($version_split._0 | atoi) 2025) (and (ge ($version_split._0 | atoi) 2024) (ge ($version_split._1 | atoi) 7)) }}
   /usr/lib/rstudio-server/bin/pwb-code-server/bin/code-server:
     exists: true
-  {{ else }}
+  # Old code-server location
   /usr/lib/rstudio-server/bin/code-server/bin/code-server:
-    exists: true
-  {{ end }}
+    exists: false
   /var/lib/rstudio-launcher/Local/jobs/buildkitsandbox:
     exists: false
   /etc/rstudio/vscode.conf:
@@ -88,7 +85,7 @@ file:
   /etc/pam.d/common-session:
     exists: true
     contains:
-      - "/^session required pam_mkhomedir.so skel=/etc/skel umask=0027$/"
+      - "/^session required pam_mkhomedir.so skel=/etc/skel umask=0077$/"
   /etc/sssd/sssd.conf:
     exists: true
     owner: root