set CipherSpec to ANY_TLS12 and refresh security (#362 )

Update to UBI 7.7-98
Temporarily remove Docker 1.12 test in Travis
2019-08-28 17:01:15 +01:00 · 2019-08-28 15:10:14 +01:00 · 2019-08-28 14:21:40 +01:00 · 2019-08-28 14:21:40 +01:00 · 2019-08-07 16:02:46 +01:00
22 changed files with 64 additions and 871 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -35,20 +35,18 @@ jobs:
      env:
        - BASE_IMAGE=ubuntu:16.04
        - DOCKER_DOWNGRADE="echo nothing to be done"
-    - env:
+    # TEMPORARY removal of Docker 1.12 test, due to errors from apt repository
-        - BASE_IMAGE=centos:7
+    # - if: type IN (pull_request) OR tag IS present
-        - DOCKER_DOWNGRADE="echo nothing to be done"
+    #   env: 
-    - if: type IN (pull_request) OR tag IS present
+    #     - BASE_IMAGE=ubuntu:16.04
-      env: 
+    #     - DOCKER_DOWNGRADE="docker save -o images.tar mqadvanced-server-dev mq-dev-jms-test &&
-        - BASE_IMAGE=ubuntu:16.04
+    #       sudo apt-get autoremove -y docker-ce &&
-        - DOCKER_DOWNGRADE="docker save -o images.tar mqadvanced-server-dev mq-dev-jms-test &&
+    #       curl -fsSL \"https://apt.dockerproject.org/gpg\" | sudo apt-key add - &&
-          sudo apt-get autoremove -y docker-ce &&
+    #       sudo apt-add-repository \"deb https://apt.dockerproject.org/repo ubuntu-$(lsb_release -cs) main\" &&
-          curl -fsSL \"https://apt.dockerproject.org/gpg\" | sudo apt-key add - &&
+    #       sudo apt-get update &&
-          sudo apt-add-repository \"deb https://apt.dockerproject.org/repo ubuntu-$(lsb_release -cs) main\" &&
+    #       sudo apt-get install docker-engine=1.12.6-0~ubuntu-$(lsb_release -cs) &&
-          sudo apt-get update &&
+    #       docker load -q -i images.tar &&
-          sudo apt-get install docker-engine=1.12.6-0~ubuntu-$(lsb_release -cs) &&
+    #       export DOCKER_API_VERSION=\"1.24\""
          docker load -q -i images.tar &&
          export DOCKER_API_VERSION=\"1.24\""
 before_install:
  - ./install-build-deps-ubuntu.sh
@@ -61,8 +59,7 @@ before_script:
  - make deps
  - echo -en 'travis_fold:end:deps\\r'
  - echo 'Building Developer image...' && echo -en 'travis_fold:start:build-devserver\\r'
-  # Use the containerized build explicitly
+  - make build-devserver
  - make build-devserver-ctr
  - echo -en 'travis_fold:end:build-devserver\\r'
  - echo 'Building Developer JMS test image...' && echo -en 'travis_fold:start:build-devjmstest\\r'
  - make build-devjmstest
--- a/2
+++ b/2
@@ -13,7 +13,7 @@
 # limitations under the License.
 ARG BASE_IMAGE=registry.access.redhat.com/ubi7/ubi-minimal
-ARG BASE_TAG=7.6-237
+ARG BASE_TAG=7.7-98
 ###############################################################################
 # Build stage to build Go code
 ###############################################################################
--- a/129
+++ b/129
@@ -19,7 +19,7 @@
 # MQ_VERSION is the fully qualified MQ version number to build
 MQ_VERSION ?= 9.1.3.0
 # RELEASE shows what release of the container code has been built
-RELEASE ?= 1
+RELEASE ?= 2
 # MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can
 # be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture
 # Does not apply to MQ Advanced for Developers.
@@ -37,12 +37,12 @@ MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server
 MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev
 # MQ_TAG is the tag of the built MQ Advanced image & MQ Advanced for Developers image
 MQ_TAG ?=$(MQ_VERSION)-$(ARCH)
 # DOCKER is the Docker command to run.  Defaults to "podman" if it's available, otherwise "docker"
 DOCKER ?= $(shell type -p podman || echo docker)
 # MQ_PACKAGES specifies the MQ packages (.deb or .rpm) to install.  Defaults vary on base image.
 MQ_PACKAGES ?=MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesWeb*.rpm MQSeriesAMS-*.rpm
 # MQM_UID is the UID to use for the "mqm" user
 MQM_UID ?= 888
 # COMMAND is the container command to run.  "podman" or "docker"
 COMMAND ?=$(shell type -p podman 2>&1 >/dev/null && echo podman || echo docker)
 ###############################################################################
 # Other variables
@@ -71,14 +71,6 @@ SPACE:= $(EMPTY) $(EMPTY)
 # MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field).  e.g. 9.1.3 instead of 9.1.3.0
 MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION))))
 # Set variable if running on a Red Hat Enterprise Linux host
 ifneq ($(wildcard /etc/redhat-release),)
 REDHAT_RELEASE = $(shell cat /etc/redhat-release)
 ifeq "$(findstring Red Hat,$(REDHAT_RELEASE))" "Red Hat"
    RHEL_HOST = "true"
 endif
 endif
 ifneq (,$(findstring Microsoft,$(shell uname -r)))
 	DOWNLOADS_DIR=$(patsubst /mnt/c%,C:%,$(realpath ./downloads/))
 else ifneq (,$(findstring Windows,$(shell echo ${OS})))
@@ -107,14 +99,8 @@ MQ_ARCHIVE_DEV_9.1.3.0=mqadv_dev913_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).ta
 ###############################################################################
 # Build targets
 ###############################################################################
 .PHONY: vars
 vars:
 	@echo $(MQ_ARCHIVE_ARCH)
 	@echo $(MQ_ARCHIVE_TYPE)
 	@echo $(MQ_ARCHIVE)
 .PHONY: default
-default: build-devserver test
+default: build-devserver
 # Build all components (except incubating ones)
 .PHONY: all
@@ -196,24 +182,16 @@ test-advancedserver-cover: test/docker/vendor coverage
 	tail -q -n +2 ./coverage/unit.cov ./coverage/docker.cov  >> ./coverage/combined.cov
 	go tool cover -html=./coverage/combined.cov -o ./coverage/combined.html
 # Build an MQ image.  The commands used are slightly different between Docker and Podman
 define build-mq
-	# Create a temporary network to use for the build
+	$(if $(findstring docker,$(COMMAND)), @docker network create build,)
-	$(DOCKER) network create build
+	$(if $(findstring docker,$(COMMAND)), @docker run --rm --name $(BUILD_SERVER_CONTAINER) --network build --network-alias build --volume $(DOWNLOADS_DIR):/usr/share/nginx/html:ro --detach docker.io/nginx:alpine,)
-	# Start a web server to host the MQ downloadable (tar.gz) file
+	$(eval EXTRA_ARGS=$(if $(findstring docker,$(COMMAND)), --network build --build-arg MQ_URL=http://build:80/$4, --volume $(DOWNLOADS_DIR):/var/downloads --build-arg MQ_URL=file:///var/downloads/$4))
 	$(DOCKER) run \
 	  --rm \
 	  --name $(BUILD_SERVER_CONTAINER) \
 	  --network build \
 	  --network-alias build \
 	  --volume $(DOWNLOADS_DIR):/usr/share/nginx/html:ro \
 	  --detach \
 	  docker.io/nginx:alpine
 	# Build the new image
-	$(DOCKER) build \
+	$(COMMAND) build \
 	  --tag $1:$2 \
 	  --file $3 \
-	  --network build \
+		$(EXTRA_ARGS) \
 	  --build-arg MQ_URL=http://build:80/$4 \
 	  --build-arg MQ_PACKAGES="$(MQ_PACKAGES)" \
 	  --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" \
 	  --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" \
@@ -229,76 +207,44 @@ define build-mq
 	  --label vcs-type=git \
 	  --label vcs-url=$(IMAGE_SOURCE) \
 	  --target $5 \
-	  . ; $(DOCKER) kill $(BUILD_SERVER_CONTAINER) && $(DOCKER) network rm build
+	  .
-endef
+	$(if $(findstring docker,$(COMMAND)), @docker kill $(BUILD_SERVER_CONTAINER))
-
+	$(if $(findstring docker,$(COMMAND)), @docker network rm build)
 define build-mq-ctr
 	buildah/mq-buildah $1 $2 \
 	  --file /src/Dockerfile-server \
 	  --build-arg MQ_URL="file:///src/downloads/$3" \
 	  --build-arg MQ_PACKAGES="$(MQ_PACKAGES)" \
 	  --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" \
 	  --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" \
 	  --build-arg IMAGE_TAG="$1:$2" \
 	  --build-arg MQM_UID=$(MQM_UID) \
 	  --label version=$(MQ_VERSION) \
 	  --label name=$1 \
 	  --label build-date=$(shell date +%Y-%m-%dT%H:%M:%S%z) \
 	  --label release="$(RELEASE)" \
 	  --label architecture="$(ARCH)" \
 	  --label run="docker run -d -e LICENSE=accept $1:$2" \
 	  --label vcs-ref=$(IMAGE_REVISION) \
 	  --label vcs-type=git \
 	  --label vcs-url=$(IMAGE_SOURCE) \
 	  --target $4
 endef
 DOCKER_SERVER_VERSION=$(shell docker version --format "{{ .Server.Version }}")
 DOCKER_CLIENT_VERSION=$(shell docker version --format "{{ .Client.Version }}")
-.PHONY: docker-version
+PODMAN_VERSION=$(shell podman version --format "{{ .Version }}")
-docker-version:
+.PHONY: command-version
 command-version:
 # If we're using Docker, then check it's recent enough to support multi-stage builds
 ifneq (,$(findstring docker,$(COMMAND)))
 	@test "$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker client 17.05 or greater is required" && exit 1)
 	@test "$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker server 17.05 or greater is required" && exit 1)
-
+endif
-.PHONY: build-advancedserver
+ifneq (,$(findstring podman,$(COMMAND)))
-ifdef RHEL_HOST
+	@test "$(word 1,$(subst ., ,$(PODMAN_VERSION)))" -ge "1" || (echo "Error: Podman version 1.0 or greater is required" && exit 1)
 # Build using Buildah inside a container on RHEL hosts
 build-advancedserver: build-advancedserver-ctr
 else
 build-advancedserver: build-advancedserver-host
 endif
 .PHONY: build-advancedserver-host
-build-advancedserver-host: downloads/$(MQ_ARCHIVE) docker-version
+build-advancedserver-host: build-advancedserver
 .PHONY: build-advancedserver
 build-advancedserver: log-build-env downloads/$(MQ_ARCHIVE) command-version
 	$(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)"$(END)))
 	$(call build-mq,$(MQ_IMAGE_ADVANCEDSERVER),$(MQ_TAG),Dockerfile-server,$(MQ_ARCHIVE),mq-server)
-.PHONY: build-advancedserver-ctr
+.PHONY: build-devserver-host
-build-advancedserver-ctr: downloads/$(MQ_ARCHIVE)
+build-devserver-host: build-devserver
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) in a container"$(END)))
 	$(call build-mq-ctr,$(MQ_IMAGE_ADVANCEDSERVER),$(MQ_TAG),$(MQ_ARCHIVE),mq-server)
 .PHONY: build-devserver
-ifdef RHEL_HOST
+build-devserver: log-build-env downloads/$(MQ_ARCHIVE_DEV) command-version
 # Build using Buildah inside a container on RHEL hosts
 build-devserver: build-devserver-ctr
 else
 build-devserver: build-devserver-host
 endif
 .PHONY: build-devserver-host
 build-devserver-host: downloads/$(MQ_ARCHIVE_DEV) docker-version
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER):$(MQ_TAG)"$(END)))
 	$(call build-mq,$(MQ_IMAGE_DEVSERVER),$(MQ_TAG),Dockerfile-server,$(MQ_ARCHIVE_DEV),mq-dev-server)
 .PHONY: build-devserver-ctr
 build-devserver-ctr: downloads/$(MQ_ARCHIVE_DEV)
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER):$(MQ_TAG) in a container"$(END)))
 	$(call build-mq-ctr,$(MQ_IMAGE_DEVSERVER),$(MQ_TAG),$(MQ_ARCHIVE_DEV),mq-dev-server)
 .PHONY: build-advancedserver-cover
-build-advancedserver-cover: docker-version
+build-advancedserver-cover: command-version
-	$(DOCKER) build --build-arg BASE_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) -t $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)-cover -f Dockerfile-server.cover .
+	$(COMMAND) build --build-arg BASE_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) -t $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)-cover -f Dockerfile-server.cover .
 .PHONY: build-explorer
 build-explorer: downloads/$(MQ_ARCHIVE_DEV)
@@ -309,13 +255,22 @@ build-sdk: downloads/$(MQ_ARCHIVE_DEV)
 	$(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_SDK)"$(END)))
 	$(call build-mq,mq-sdk,$(MQ_TAG),incubating/mq-sdk/Dockerfile,$(MQ_SDK_ARCHIVE),mq-sdk)
-.PHONY: debug-vars
+.PHONY: log-build-env
-debug-vars:
+log-build-vars:
 	$(info $(SPACER)$(shell printf $(TITLE)"Build environment"$(END)))
 	@echo ARCH=$(ARCH)
 	@echo MQ_VERSION=$(MQ_VERSION)
 	@echo MQ_VERSION_VRM=$(MQ_VERSION_VRM)
 	@echo MQ_ARCHIVE=$(MQ_ARCHIVE)
 	@echo MQ_IMAGE_DEVSERVER=$(MQ_IMAGE_DEVSERVER)
 	@echo MQ_IMAGE_ADVANCEDSERVER=$(MQ_IMAGE_ADVANCEDSERVER)
 	@echo COMMAND=$(COMMAND)
 	@echo MQM_UID=$(MQM_UID)
 .PHONY: log-build-env
 log-build-env: log-build-vars
 	$(info $(SPACER)$(shell printf $(TITLE)"Build environment - $(COMMAND) info"$(END)))
 	@echo Command version: $(shell $(COMMAND) --version)
 	$(COMMAND) info
 include formatting.mk
--- a/buildah/Dockerfile
+++ b/buildah/Dockerfile
@@ -1,23 +0,0 @@
 # © Copyright IBM Corporation 2019
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Fedora includes more recent versions of buildah (need buildah V1.7 to get 
 # multi-stage builds to work properly)
 FROM docker.io/fedora:29
 RUN yum install -y buildah
 COPY build.sh /usr/local/bin/build
 RUN chmod +x /usr/local/bin/build
 ENV STORAGE_DRIVER=vfs
 ENV BUILDAH_ISOLATION=chroot
 ENTRYPOINT ["build"]
--- a/buildah/build.sh
+++ b/buildah/build.sh
@@ -1,41 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a container image from a Dockerfile using Buildah
 # If the Docker socket is available, the image will be pushed to Docker once built.
 readonly IMAGE=$1:$2
 shift
 shift
 readonly SRC="/src"
 readonly OCI_DIR="/var/oci"
 echo "****************************************"
 echo " Inside the Buildah container"
 echo "****************************************"
 set -ex
 # Build using the supplied options.  Always pass the source directory in, and 
 # use it as the build context
 buildah build-using-dockerfile --tag ${IMAGE} --volume /src:/src "$@" /src
 if [ -e ${OCI_DIR} ]; then
  buildah push ${IMAGE} oci-archive:${OCI_DIR}/${IMAGE}
 fi
 if [ -e /var/run/docker.sock ]; then
  buildah push ${IMAGE} docker-daemon:${IMAGE}
 fi
--- a/buildah/mq-buildah
+++ b/buildah/mq-buildah
@@ -1,51 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build and run a container image with Buildah installed
 if [ $# -eq 0 ]; then
  echo "Usage: $0 imageName imageTag buildah-options"
  exit 1
 fi
 readonly SCRIPT_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
 readonly DIR=${SCRIPT_DIR}/..
 readonly BUILDAH_IMAGE=mq-buildah
 RUN_OPTS="--volume ${DIR}:/src --cap-add SYS_ADMIN --rm --interactive --tty"
 CMD="docker"
 # If Docker is installed, then map the Docker socket into the container, to
 # allow buildah to push the resulting image into Docker's image store
 # WARNING: This means that the buildah container can do anything the "docker"
 # can do.
 command -v docker
 if [[ $? == 0 && -e /var/run/docker.sock ]]; then
  RUN_OPTS="${RUN_OPTS} --volume /var/run/docker.sock:/var/run/docker.sock"
 fi
 command -v podman
 if [[ $? -eq 0 ]]; then
  CMD="podman"
  OCI_DIR="/tmp/mq-buildah"
  mkdir -p ${OCI_DIR}
  RUN_OPTS="${RUN_OPTS} --volume ${OCI_DIR}:/var/oci"
  echo "Image archives will be written to ${OCI_DIR}"
 fi
 ${CMD} build --tag ${BUILDAH_IMAGE} --file ${SCRIPT_DIR}/Dockerfile ${SCRIPT_DIR}
 set -x
 ${CMD} run ${RUN_OPTS} ${BUILDAH_IMAGE} "$@"
--- a/cmd/runmqserver/tls.go
+++ b/cmd/runmqserver/tls.go
@@ -73,12 +73,9 @@ func configureWebTLS(label string) error {
 func configureTLSDev() error {
 	const mqsc string = "/etc/mqm/20-dev-tls.mqsc"
 	const mqscTemplate string = mqsc + ".tpl"
 	const sslCipherSpec string = "TLS_RSA_WITH_AES_128_CBC_SHA256"
 	if os.Getenv("MQ_DEV") == "true" {
-		err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{
+		err := mqtemplate.ProcessTemplateFile(mqscTemplate, mqsc, map[string]string{}, log)
 			"SSLCipherSpec": sslCipherSpec,
 		}, log)
 		if err != nil {
 			return err
 		}
--- a/docs/building.md
+++ b/docs/building.md
@@ -4,7 +4,7 @@
 You need to have the following tools installed:
-* [Docker](https://www.docker.com/) V17.06.1 or later
+* [Docker](https://www.docker.com/) V17.06.1 or later, or [Podman](https://podman.io) V1.0 or later
 * [GNU make](https://www.gnu.org/software/make/)
 If you are working in the Windows Subsystem for Linux, follow [this guide by Microsoft to set up Docker](https://blogs.msdn.microsoft.com/commandline/2017/12/08/cross-post-wsl-interoperability-with-docker/) first.
@@ -17,13 +17,7 @@ This procedure works for building the MQ Continuous Delivery release, on `amd64`
 2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.3_LINUX_X86-64.tar.gz`) in the `downloads` directory
 3. Run `make build-advancedserver`
-> **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server.  The MQ container build uses a Red Hat Universal Base Image, so you need the "MQ for Linux" RPM files.
+> **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server; the other is for Ubuntu.  The MQ container build uses a Red Hat Universal Base Image, so you need the "MQ for Linux" RPM files.
 You can build a different version of MQ by setting the `MQ_VERSION` environment variable, for example:
 ```bash
 MQ_VERSION=9.1.0.0 make build-advancedserver
 ```
 If you have an MQ archive file with a different file name, you can specify a particular file (which must be in the `downloads` directory).  You should also specify the MQ version, so that the resulting image is tagged correctly, for example:
@@ -36,11 +30,6 @@ Run `make build-devserver`, which will download the latest version of MQ Advance
 You can use the environment variable `MQ_ARCHIVE_DEV` to specify an alternative local file to install from (which must be in the `downloads` directory).
 ## Building from a Red Hat Enterprise Linux host
 Red Hat Enterprise Linux (RHEL) offers a suite of container tools, including Buildah for building container images, and Podman for running containers.  Buildah can accept input described in a [Dockerfile](https://docs.docker.com/engine/reference/builder/).  This MQ sample uses a multi-stage build, which requires a recent version of Podman, which is not yet available in Red Hat Enterprise Linux V7.  Therefore, if you are on a RHEL host, then the `build-devserver` and `build-advancedserver` targets are run using a more recent version of Buildah from inside a container.
 The containerized build process on a RHEL host will write an OCI compliant archive file to `/tmp/mq-buildah`.  If a version of Docker is installed on the host, it will also push the image into Docker's internal image registry.
 ## Installed components
 This image includes the core MQ server, Java, language packs, GSKit, and web server.  This can be configured by setting the `MQ_PACKAGES` argument to `make`.
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -2,6 +2,8 @@
 In order to use the image, it is necessary to accept the terms of the IBM MQ license.  This is achieved by specifying the environment variable `LICENSE` equal to `accept` when running the image.  You can also view the license terms by setting this variable to `view`. Failure to set the variable will result in the termination of the container with a usage statement.  You can view the license in a different language by also setting the `LANG` environment variable.
 > **Note**: You can use `podman` instead of `docker` in any of the examples on this page.
 ## Running with the default configuration
 You can run a queue manager with the default configuration and a listener on port 1414 using the following command.  For example, the following command creates and starts a queue manager called `QM1`, and maps port 1414 on the host to the MQ listener on port 1414 inside the container, as well as port 9443 on the host to the web console on port 9443 inside the container:
--- a/etc/mqm/15-tls.mqsc.tpl
+++ b/etc/mqm/15-tls.mqsc.tpl
@@ -16,4 +16,4 @@
 * Set the keystore location for the queue manager
 ALTER QMGR SSLKEYR('{{ .SSLKeyR }}')
 ALTER QMGR CERTLABL('{{ .CertificateLabel }}')
-
+REFRESH SECURITY(*) TYPE(SSL)
--- a/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
+++ b/incubating/mqadvanced-server-dev/20-dev-tls.mqsc.tpl
@@ -14,5 +14,5 @@
 * limitations under the License.
 * Set the cipherspec for dev channels
-ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.APP.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
-ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH({{ .SSLCipherSpec }}) SSLCAUTH(OPTIONAL)
+ALTER CHANNEL('DEV.ADMIN.SVRCONN') CHLTYPE(SVRCONN) SSLCIPH(ANY_TLS12) SSLCAUTH(OPTIONAL)
--- a/mq-advanced-server-rhel/README.md
+++ b/mq-advanced-server-rhel/README.md
@@ -1,5 +0,0 @@
 # RHEL-based container build
 Build scripts for building a container image based on Red Hat Enterprise Linux (RHEL), using the [`buildah`](https://github.com/containers/buildah) tool.  buildah is supported on RHEL V7.5 and greater.
 WARNING: The code in this directory is not currently in use, pending deletion.  The MQ container is now built using a Red Hat UBI image, using "podman build".
--- a/mq-advanced-server-rhel/go-build.sh
+++ b/mq-advanced-server-rhel/go-build.sh
@@ -1,49 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Builds and tests the golang programs used by the MQ image.
 set -ex
 # Handle a GOPATH with multiple entries (just choose the first one)
 IFS=':' read -ra DIR <<< "$GOPATH"
 cd ${DIR[0]}/src/github.com/ibm-messaging/mq-container/
 # Build and test the Go code
 mkdir -p build
 cd build
 rm -f chkmqready chkmqhealthy runmqserver runmqdevserver
 if [ "$MQDEV" = "TRUE" ]; then 
    # Build and test the Go code
    go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" --tags 'mqdev' ../cmd/runmqserver/
    go build ../cmd/runmqdevserver/
 else 
    go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" ../cmd/runmqserver/
 fi
 go build ../cmd/chkmqready/
 go build ../cmd/chkmqhealthy/
 go test -v ../cmd/runmqserver/
 go test -v ../cmd/chkmqready/
 go test -v ../cmd/chkmqhealthy/
 if [ "$MQDEV" = "TRUE" ]; then 
    go test -v ../cmd/runmqdevserver
 fi
 go test -v ../internal/...
 go vet ../cmd/... ../internal/...
--- a/mq-advanced-server-rhel/go-buildah.sh
+++ b/mq-advanced-server-rhel/go-buildah.sh
@@ -1,49 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Run the Go build script inside the Go container, mounting the source
 # directory in
 function usage {
  echo "Usage: $0 TAG DevModeFlag"
  exit 20
 }
 if [ "$#" -ne 2 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly tag=$1
 readonly dev=$2
 IMAGE_REVISION=${IMAGE_REVISION:="Not Applicable"}
 IMAGE_SOURCE=${IMAGE_SOURCE:="Not Applicable"}
 # Run the build in a container
 # Note the ":Z" on the volume is to allow the container to access the files when SELinux is enabled
 # Note the "podman" network is used explicitly, to avoid problems other CNI networks (e.g. on an OpenShift node)
 podman run \
  --volume ${PWD}:/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/:Z \
  --env IMAGE_REVISION="$IMAGE_REVISION" \
  --env IMAGE_SOURCE="$IMAGE_SOURCE" \
  --env MQDEV=${dev} \
  --user $(id -u) \
  --rm \
  --network podman \
  ${tag} \
  bash -c "cd /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/ && ./mq-advanced-server-rhel/go-build.sh"
--- a/mq-advanced-server-rhel/install-mq-rhel.sh
+++ b/mq-advanced-server-rhel/install-mq-rhel.sh
@@ -1,88 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Install one or more MQ components into a buildah container
 set -ex
 function usage {
  echo "Usage: $0 MQContainer MountLocation ARCHIVENAME PACKAGES"
  exit 20
 }
 if [ "$#" -ne 4 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly ctr_mq=$1
 readonly mnt_mq=$2
 readonly archive=$3
 readonly mq_packages=$4
 readonly dir_extract=/tmp/extract
 readonly mqm_uid=888
 readonly mqm_gid=888
 if [ ! -d ${dir_extract}/MQServer ]; then
  mkdir -p ${dir_extract}
  echo Extracting $archive
  tar -zxf $archive -C ${dir_extract}
  echo Extracting finished
 fi
 # Accept the MQ license
 buildah run --user root --volume ${dir_extract}:/mnt/mq-download:Z $ctr_mq -- /mnt/mq-download/MQServer/mqlicense.sh -text_only -accept
 # Install MQ
 buildah run --user root --volume ${dir_extract}:/mnt/mq-download:Z $ctr_mq -- bash -c "cd /mnt/mq-download/MQServer && rpm -ivh $mq_packages"
 rm -rf ${dir_extract}/MQServer
 # Remove 32-bit libraries from 64-bit container
 find $mnt_mq/opt/mqm $mnt_mq/var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
 # Remove tar.gz files unpacked by RPM postinst scripts
 find $mnt_mq/opt/mqm -name '*.tar.gz' -delete
 # Recommended: Set the default MQ installation (makes the MQ commands available on the PATH)
 buildah run $ctr_mq -- /opt/mqm/bin/setmqinst -p /opt/mqm -i
 mkdir -p $mnt_mq/run/runmqserver
 chown ${mqm_uid}:${mqm_gid} $mnt_mq/run/runmqserver
 # Remove the directory structure under /var/mqm which was created by the installer
 rm -rf $mnt_mq/var/mqm
 # Create the mount point for volumes, ensuring MQ has permissions to all directories
 mkdir -p $mnt_mq/mnt/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/mnt/mqm/data
 # Create the directory for MQ configuration files
 mkdir -p /etc/mqm
 install --directory --mode 0775 --owner ${mqm_uid} --group root $mnt_mq/etc/mqm
 # Create a symlink for /var/mqm -> /mnt/mqm/data
 buildah run --user root $ctr_mq -- ln -s /mnt/mqm/data /var/mqm
 # Optional: Set these values for the IBM Cloud Vulnerability Report
 sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $mnt_mq/etc/login.defs
 sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' $mnt_mq/etc/login.defs
 sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $mnt_mq/etc/pam.d/password-auth
 buildah run $ctr_mq -- cp -rs /opt/mqm/licenses/ /
--- a/mq-advanced-server-rhel/mq-buildah.sh
+++ b/mq-advanced-server-rhel/mq-buildah.sh
@@ -1,173 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image, using the buildah tool
 set -x
 set -e
 function usage {
  echo "Usage: $0 ARCHIVE-NAME PACKAGES TAG VERSION MQDevFlag"
  exit 20
 }
 if [ "$#" -ne 5 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 ###############################################################################
 # Setup MQ server working container
 ###############################################################################
 # Use RHEL 7 minimal container (which doesn't include things like Python or Yum)
 readonly ctr_mq=$(buildah from rhel7-minimal)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq" ]
 then
  echo "ERROR: mnt_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly archive=downloads/$1
 readonly packages=$2
 readonly tag=$3
 readonly version=$4
 readonly mqdev=$5
 readonly mqm_uid=888
 readonly mqm_gid=888
 ###############################################################################
 # Install MQ server
 ###############################################################################
 microdnf_opts="--nodocs"
 # Check whether the host is registered with Red Hat
 if subscription-manager status ; then
  # Host is subscribed, but the minimal image has no enabled repos
  # Note that the "bc" package is the only one in "extras"
  microdnf_opts="${microdnf_opts} --enablerepo=rhel-7-server-rpms --enablerepo=rhel-7-server-extras-rpms"
 else
  # Use the Yum repositories configured on the host
  cp -R /etc/yum.repos.d/* ${mnt_mq}/etc/yum.repos.d/
 fi
 buildah run ${ctr_mq} -- microdnf ${microdnf_opts} install \
  bash \
  bc \
  coreutils \
  file \
  findutils \
  gawk \
  glibc-common \
  grep \
  passwd \
  procps-ng \
  sed \
  shadow-utils \
  tar \
  util-linux \
  which
 # Install "sudo" if using MQ Advanced for Developers
 if [ "$mqdev" = "TRUE" ]; then
  buildah run ${ctr_mq} -- microdnf ${microdnf_opts} install sudo
 fi
 # Clean up cached files
 buildah run ${ctr_mq} -- microdnf ${microdnf_opts} clean all
 rm -rf ${mnt_mq}/etc/yum.repos.d/*
 buildah run --user root $ctr_mq -- groupadd --system --gid ${mqm_gid} mqm
 buildah run --user root $ctr_mq -- useradd --system --uid ${mqm_uid} --gid mqm --groups 0 mqm
 # Install MQ server packages into the MQ builder image
 ./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr_mq} "${mnt_mq}" "${archive}" "${packages}"
 # Create the directory for MQ configuration files
 mkdir -p ${mnt_mq}/etc/mqm
 chown ${mqm_uid}:${mqm_gid} ${mnt_mq}/etc/mqm
 # Install the Go binaries into the image
 install --mode 0750 --owner ${mqm_uid} --group 0 ./build/runmqserver ${mnt_mq}/usr/local/bin/
 install --mode 6750 --owner ${mqm_uid} --group 0 ./build/chk* ${mnt_mq}/usr/local/bin/
 install --mode 0750 --owner ${mqm_uid} --group 0 ./NOTICES.txt ${mnt_mq}/opt/mqm/licenses/notices-container.txt
 install --directory --mode 0775 --owner ${mqm_uid} --group 0 ${mnt_mq}/run/runmqserver
 buildah run --user root $ctr_mq -- touch /run/termination-log
 buildah run --user root $ctr_mq -- chown mqm:root /run/termination-log
 buildah run --user root $ctr_mq -- chmod 0660 /run/termination-log
 # Copy in licenses from installed packages
 install --mode 0550 --owner root --group root ./mq-advanced-server-rhel/writePackages.sh ${mnt_mq}/usr/local/bin/writePackages
 buildah run --user root $ctr_mq -- /usr/local/bin/writePackages
 # Copy web XML files
 cp -R web ${mnt_mq}/etc/mqm/web
 # Make "mqm" the owner of all the config files
 chown --recursive ${mqm_uid}:${mqm_gid} ${mnt_mq}/etc/mqm/*
 chmod --recursive 0750 ${mnt_mq}/etc/mqm/*
 ###############################################################################
 # Final Buildah commands
 ###############################################################################
 if [ "$mqdev" = "TRUE" ]; then
  OSTAG="mq messaging developer"
  DISNAME="IBM MQ Advanced Server Developer Edition"
  PID="98102d16795c4263ad9ca075190a2d4d"
 else
  OSTAG="mq messaging"
  DISNAME="IBM MQ Advanced Server"
  PID="4486e8c4cc9146fd9b3ce1f14a2dfc5b"
 fi
 buildah config \
  --port 1414/tcp \
  --port 9157/tcp \
  --port 9443/tcp \
  --os linux \
  --label architecture=amd64 \
  --label io.openshift.tags="$OSTAG" \
  --label io.k8s.display-name="$DISNAME" \
  --label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label name="${tag%:*}" \
  --label vendor="IBM" \
  --label version="$version" \
  --label release="1" \
  --label run="docker run -d -e LICENSE=accept --name ibm-mq ${tag%:*}" \
  --label summary="$DISNAME" \
  --label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label IBM_PRODUCT_ID="$PID" \
  --label IBM_PRODUCT_NAME="$DISNAME" \
  --label IBM_PRODUCT_VERSION="$version" \
  --env AMQ_ADDITIONAL_JSON_LOG=1 \
  --env LANG=en_US.UTF-8 \
  --env LOG_FORMAT=basic \
  --entrypoint runmqserver \
  --user ${mqm_uid} \
  $ctr_mq
 buildah unmount $ctr_mq
 buildah commit $ctr_mq $tag
 buildah rm $ctr_mq
--- a/mq-advanced-server-rhel/mq-golang-sdk-buildah.sh
+++ b/mq-advanced-server-rhel/mq-golang-sdk-buildah.sh
@@ -1,65 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image for building Go programs which use MQ
 set -ex
 function usage {
  echo "Usage: $0 REDIST-ARCHIVE-NAME TAG"
  exit 20
 }
 if [ "$#" -ne 2 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 readonly mq_redist_archive=downloads/$1
 readonly tag=$2
 # Use Red Hat's Go toolset image as the base
 readonly ctr_mq=$(buildah from devtools/go-toolset-7-rhel7)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq_go=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq_go" ]
 then
  echo "ERROR: mnt_mq_go is empty. Check above output for errors"
  exit 50
 fi
 # Install the MQ redistributable client (including header files) into the Go builder image
 mkdir -p ${mnt_mq_go}/opt/mqm
 tar -xzf ${mq_redist_archive} -C ${mnt_mq_go}/opt/mqm
 # Clean up Yum files
 rm -rf ${mnt_mq_go}/etc/yum.repos.d/*
 buildah unmount ${ctr_mq}
 # Set environment variables for MQ/Go compilation
 buildah config \
  --os linux \
  --env CGO_CFLAGS="-I/opt/mqm/inc/" \
  --env CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" \
  ${ctr_mq}
 buildah commit ${ctr_mq} ${tag}
 buildah rm ${ctr_mq}
--- a/mq-advanced-server-rhel/mqdev-buildah.sh
+++ b/mq-advanced-server-rhel/mqdev-buildah.sh
@@ -1,121 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Build a RHEL image of MQ Advanced for Developers, using the buildah tool
 set -x
 set -e
 function usage {
  echo "Usage: $0 BASETAG TAG VERSION"
  exit 20
 }
 if [ "$#" -ne 3 ]; then
  echo "ERROR: Invalid number of parameters"
  usage
 fi
 ###############################################################################
 # Setup MQ server working container
 ###############################################################################
 # Use a "scratch" container, so the resulting image has minimal files
 # Resulting image won't have yum, for example
 readonly basetag=$1
 readonly ctr_mq=$(buildah from $basetag)
 if [ -z "$ctr_mq" ]
 then
  echo "ERROR: ctr_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly mnt_mq=$(buildah mount $ctr_mq)
 if [ -z "$mnt_mq" ]
 then
  echo "ERROR: mnt_mq is empty. Check above output for errors"
  exit 50
 fi
 readonly tag=$2
 readonly version=$3
 readonly mqm_uid=888
 readonly mqm_gid=888
 # WARNING: This is what allows the mqm user to change the password of any other user
 # It's used by runmqdevserver to change the admin/app passwords.
 echo "mqm    ALL = NOPASSWD: /usr/sbin/chpasswd" > $mnt_mq/etc/sudoers.d/mq-dev-config
 # Run these commands inside the container so that the SELinux context is handled correctly
 buildah run --user root $ctr_mq -- useradd --gid mqm admin
 buildah run --user root $ctr_mq -- groupadd --system mqclient
 buildah run --user root $ctr_mq -- useradd --gid mqclient app
 buildah run --user root $ctr_mq -- bash -c "echo admin:passw0rd | chpasswd"
 mkdir --parents $mnt_mq/run/runmqdevserver
 chown ${mqm_uid}:${mqm_gid} $mnt_mq/run/runmqdevserver
 # Copy runmqdevserver program
 install --mode 0750 --owner ${mqm_uid} --group ${mqm_gid} ./build/runmqdevserver ${mnt_mq}/usr/local/bin/
 install --directory --mode 0775 --owner ${mqm_uid} --group 0 ${mnt_mq}/run/runmqdevserver
 # Copy template files
 cp ./incubating/mqadvanced-server-dev/*.tpl ${mnt_mq}/etc/mqm/
 # Copy web XML files for default developer configuration
 cp -R incubating/mqadvanced-server-dev/web/ ${mnt_mq}/etc/mqm/web
 # Make "mqm" the owner of all the config files
 chown --recursive ${mqm_uid}:${mqm_gid} ${mnt_mq}/etc/mqm/*
 chmod --recursive 0750 ${mnt_mq}/etc/mqm/*
 ###############################################################################
 # Final Buildah commands
 ###############################################################################
 buildah config \
  --port 1414/tcp \
  --port 9157/tcp \
  --port 9443/tcp \
  --os linux \
  --label architecture=amd64 \
  --label io.openshift.tags="mq messaging developer" \
  --label io.k8s.display-name="IBM MQ Advanced Server Developer Edition" \
  --label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label name="${tag%:*}" \
  --label vendor="IBM" \
  --label version="$version" \
  --label release="1" \
  --label run="docker run -d -e LICENSE=accept --name ibm-mq-dev ${tag%:*}" \
  --label summary="IBM MQ Advanced Server Developer Edition" \
  --label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
  --label IBM_PRODUCT_ID="98102d16795c4263ad9ca075190a2d4d" \
  --label IBM_PRODUCT_NAME="IBM MQ Advanced Server Developer Edition" \
  --label IBM_PRODUCT_VERSION="$version" \
  --env AMQ_ADDITIONAL_JSON_LOG=1 \
  --env LANG=en_US.UTF-8 \
  --env LOG_FORMAT=basic \
  --env MQ_ADMIN_PASSWORD=passw0rd \
  --env MQ_DEV=true \
  --entrypoint runmqdevserver \
  --user ${mqm_uid} \
  $ctr_mq
 buildah unmount $ctr_mq
 buildah commit $ctr_mq $tag
 buildah rm $ctr_mq
--- a/mq-advanced-server-rhel/writePackages.sh
+++ b/mq-advanced-server-rhel/writePackages.sh
@@ -1,30 +0,0 @@
 #!/bin/bash
 # -*- mode: sh -*-
 # © Copyright IBM Corporation 2018, 2019
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Copy in licenses from installed packages
 set -e 
 rm -f /licenses/installed_package_notices
 for p in $(rpm -qa | sort)
 do 
  rpm -qi $p >> /licenses/installed_package_notices
  printf "\n" >> /licenses/installed_package_notices
 done
 chmod 0444 /licenses/installed_package_notices
--- a/test-image/20-config.mqsc
+++ b/test-image/20-config.mqsc
@@ -1,19 +0,0 @@
 * © Copyright IBM Corporation 2017
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 DEFINE CHANNEL(PASSWORD.SVRCONN) CHLTYPE(SVRCONN) REPLACE
 SET CHLAUTH(PASSWORD.SVRCONN) TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allow privileged users on this channel')
 SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('BackStop rule')
 SET CHLAUTH(PASSWORD.SVRCONN) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
 ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
--- a/test-image/30-security.mqsc
+++ b/test-image/30-security.mqsc
@@ -1,15 +0,0 @@
 * © Copyright IBM Corporation 2017
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 REFRESH SECURITY TYPE(CONNAUTH)
--- a/test-image/Dockerfile
+++ b/test-image/Dockerfile
@@ -1,18 +0,0 @@
 # © Copyright IBM Corporation 2015, 2017
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 FROM mqadvanced
 RUN useradd alice -G mqm && \
    echo alice:passw0rd | chpasswd
 COPY *.mqsc /etc/mqm/
Author	SHA1	Message	Date
Rob Parker	1aab07c6ed	set CipherSpec to ANY_TLS12 and refresh security (#362 )	2019-08-28 17:01:15 +01:00
Luke Powlett	556ac6aec2	Update to UBI 7.7-98	2019-08-28 15:10:14 +01:00
Arthur Barr	950aecf300	Temporarily remove Docker 1.12 test in Travis	2019-08-28 14:21:40 +01:00
Arthur Barr	492c6876ca	Use podman build if available	2019-08-28 14:21:40 +01:00
Luke Powlett	9896e53cba	increment release in makefile	2019-08-07 16:02:46 +01:00