1 ##############################################################################
2 # Copyright (c) 2019 AT&T, ENEA AB, Nokia and others #
4 # Licensed under the Apache License, Version 2.0 (the "License"); #
5 # you maynot use this file except in compliance with the License. #
7 # You may obtain a copy of the License at #
8 # http://www.apache.org/licenses/LICENSE-2.0 #
10 # Unless required by applicable law or agreed to in writing, software #
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
13 # See the License for the specific language governing permissions and #
14 # limitations under the License. #
15 ##############################################################################
17 # ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds
18 FROM ubuntu:18.04 as build
20 # Install dependencies
21 COPY pip-requirements.txt /wheels/requirements/pip-requirements.txt
22 RUN apt-get update && apt-get -y install \
37 autoconf automake autotools-dev m4 \
38 linux-headers-generic \
39 libaio-dev libattr1-dev libcap-dev
43 RUN pip3 install wheel
44 RUN pip3 wheel -r /wheels/requirements/pip-requirements.txt
45 RUN git clone https://gerrit.akraino.org/r/validation /opt/akraino/validation
48 RUN mkdir -p /opt/akraino /root/src
50 RUN git clone https://github.com/linux-test-project/ltp.git
52 RUN make autotools && \
53 ./configure --prefix=/opt/ltp && \
54 make -j $(getconf _NPROCESSORS_ONLN) 2>&1 | tee ../build-log.txt && \
55 make install 2>&1 | tee ../install-log.txt
56 RUN tar czvf /opt/akraino/ltp.tar.gz /opt/ltp
58 RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-remote.tar.gz ./lynis
60 # Fetches vuls databases (invalidate cache using unique timestamp)
61 SHELL ["/bin/bash", "-c"]
62 RUN if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi && \
63 wget https://dl.google.com/go/go1.14.linux-$HOST_ARCH.tar.gz -P /root/ --progress=dot:giga && \
65 tar -xzf go1.14.linux-$HOST_ARCH.tar.gz -C /root/ && \
66 rm go1.14.linux-$HOST_ARCH.tar.gz && \
67 export GOROOT=/root/go && \
68 export GOPATH=/root/go/src/github.com && \
69 export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
70 mkdir -p /root/go/src/github.com/future-architect && \
71 cd /root/go/src/github.com/future-architect && \
72 git clone https://github.com/future-architect/vuls && \
75 mkdir -p /root/go/src/github.com/kotakanbe && \
76 git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git && \
77 cd /root/go/src/github.com/kotakanbe/go-cve-dictionary/ && \
79 git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git && \
80 cd /root/go/src/github.com/kotakanbe/goval-dictionary && \
82 mkdir -p /root/go/src/github.com/knqyf263 && \
83 git -C /root/go/src/github.com/knqyf263 clone https://github.com/knqyf263/gost.git && \
84 cd /root/go/src/github.com/knqyf263/gost && \
87 ADD db.tar.gz /opt/akraino/validation/tests/os/vuls/
88 ADD db.tar.gz.timestamp /root/
90 export GOROOT=/root/go && \
91 export GOPATH=/root/go/src/github.com && \
92 export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
93 for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -quiet -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \
94 goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_16.sqlite3 16 && \
95 goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_18.sqlite3 18 && \
96 goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos.sqlite3 7 && \
97 gost fetch redhat --http-proxy=${HTTP_PROXY} --dbpath=/opt/akraino/validation/tests/os/vuls/gost_centos.sqlite3 --threads=$(nproc) && \
98 cd /opt/akraino/validation/tests/os/vuls && \
99 tar cvzf db.tar.gz *.sqlite3 && \
102 # Copy binaries into the final container and install robot framework, bluval dependencies
104 COPY --from=build /wheels /wheels
105 COPY --from=build /opt/akraino/validation /opt/akraino/validation
106 COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
107 COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
108 COPY --from=build /root/go/bin /root/go/bin
109 COPY --from=build /root/go/src/github.com/bin /root/go/src/github.com/bin
111 RUN apt-get update && apt-get -y install \
114 python3-pip python3.6 && \
115 cd /usr/bin && ln -s python3 python && \
116 pip3 install -r /wheels/requirements/pip-requirements.txt \
118 pip3 install -r /opt/akraino/validation/bluval/requirements.txt && \
120 rm -rf /root/.cache/pip/* && \
121 rm -rf /var/cache/apt/* && \
122 rm -rf /var/lib/apt/lists/*