##############################################################################
# ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds
-FROM ubuntu:18.04 as build
+FROM ubuntu as build
# Install dependencies
COPY pip-requirements.txt /wheels/requirements/pip-requirements.txt
RUN apt-get update && apt-get -y install \
- python3-pip \
gcc \
git \
- libc-dev \
- libffi6 \
- libffi-dev \
make \
- libssl-dev \
wget \
- golint \
- sqlite3 \
- debian-goodies \
- build-essential \
- pkg-config \
- autoconf automake autotools-dev m4 \
linux-headers-generic \
- libaio-dev libattr1-dev libcap-dev
+ build-essential \
+ libssl-dev \
+ libffi-dev \
+ python-dev \
+ python3-pip \
+ automake \
+ autoconf \
+ pkgconf
# Build binaries
WORKDIR /wheels
export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
mkdir -p /root/go/src/github.com/future-architect && \
cd /root/go/src/github.com/future-architect && \
- git clone https://github.com/future-architect/vuls && \
+ git clone https://github.com/future-architect/vuls -b v0.10.0 && \
cd vuls && \
make install && \
mkdir -p /root/go/src/github.com/kotakanbe && \
- git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git && \
+ git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git -b v0.5.0 && \
cd /root/go/src/github.com/kotakanbe/go-cve-dictionary/ && \
make install && \
- git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git && \
+ git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git -b v0.2.8 && \
cd /root/go/src/github.com/kotakanbe/goval-dictionary && \
make install && \
mkdir -p /root/go/src/github.com/knqyf263 && \
- git -C /root/go/src/github.com/knqyf263 clone https://github.com/knqyf263/gost.git && \
+ git -C /root/go/src/github.com/knqyf263 clone https://github.com/knqyf263/gost.git -b v0.1.3 && \
cd /root/go/src/github.com/knqyf263/gost && \
make install
for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -quiet -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \
goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_16.sqlite3 16 && \
goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_18.sqlite3 18 && \
- goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos.sqlite3 7 && \
+ goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos_7.sqlite3 7 && \
+ goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos_8.sqlite3 8 && \
gost fetch redhat --http-proxy=${HTTP_PROXY} --dbpath=/opt/akraino/validation/tests/os/vuls/gost_centos.sqlite3 --threads=$(nproc) && \
cd /opt/akraino/validation/tests/os/vuls && \
tar cvzf db.tar.gz *.sqlite3 && \
rm *.sqlite3
# Copy binaries into the final container and install robot framework, bluval dependencies
-FROM ubuntu:18.04
+FROM ubuntu
COPY --from=build /wheels /wheels
COPY --from=build /opt/akraino/validation /opt/akraino/validation
COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz