X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=docker%2Fos%2FDockerfile;h=1981b16d49bc7819f91c3066a3b0213dc8d38e37;hb=7655975fa9382b76be6ebcc28cb4b1531b5e6880;hp=291267b78f7a736a620f7f02b726109f22bfb967;hpb=35aa365da408361021f18273296d382bdb08a74b;p=validation.git

diff --git a/docker/os/Dockerfile b/docker/os/Dockerfile
index 291267b..1981b16 100644
--- a/docker/os/Dockerfile
+++ b/docker/os/Dockerfile
@@ -28,7 +28,12 @@ RUN apt-get update && apt-get -y install \
     libffi-dev \
     make \
     libssl-dev \
+    wget \
+    golint \
+    sqlite3 \
+    debian-goodies \
     build-essential \
+    pkg-config \
     autoconf automake autotools-dev m4 \
     linux-headers-generic \
     libaio-dev libattr1-dev libcap-dev
@@ -49,21 +54,72 @@ RUN make autotools && \
     make -j $(getconf _NPROCESSORS_ONLN) 2>&1 | tee ../build-log.txt && \
     make install 2>&1 | tee ../install-log.txt
 RUN tar czvf /opt/akraino/ltp.tar.gz /opt/ltp
+WORKDIR /root/src
+RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-remote.tar.gz ./lynis
 
-# Copy binaries into the final container and install robot framework
+# Fetches vuls databases (invalidate cache using unique timestamp)
+SHELL ["/bin/bash", "-c"]
+RUN if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi && \
+    wget https://dl.google.com/go/go1.14.linux-$HOST_ARCH.tar.gz -P /root/ --progress=dot:giga && \
+    cd /root/ && \
+    tar -xzf go1.14.linux-$HOST_ARCH.tar.gz -C /root/ && \
+    rm go1.14.linux-$HOST_ARCH.tar.gz && \
+    export GOROOT=/root/go && \
+    export GOPATH=/root/go/src/github.com && \
+    export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
+    mkdir -p /root/go/src/github.com/future-architect && \
+    cd /root/go/src/github.com/future-architect && \
+    git clone https://github.com/future-architect/vuls && \
+    cd vuls && \
+    make install && \
+    mkdir -p /root/go/src/github.com/kotakanbe && \
+    git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git && \
+    cd /root/go/src/github.com/kotakanbe/go-cve-dictionary/ && \
+    make install && \
+    git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git && \
+    cd /root/go/src/github.com/kotakanbe/goval-dictionary && \
+    make install && \
+    mkdir -p /root/go/src/github.com/knqyf263 && \
+    git -C /root/go/src/github.com/knqyf263 clone https://github.com/knqyf263/gost.git && \
+    cd /root/go/src/github.com/knqyf263/gost && \
+    make install
+
+ADD db.tar.gz /opt/akraino/validation/tests/os/vuls/
+ADD db.tar.gz.timestamp /root/
+RUN \
+    export GOROOT=/root/go && \
+    export GOPATH=/root/go/src/github.com && \
+    export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
+    for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -quiet -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \
+    goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_16.sqlite3 16 && \
+    goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_18.sqlite3 18 && \
+    goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos.sqlite3 7 && \
+    gost fetch redhat --http-proxy=${HTTP_PROXY} --dbpath=/opt/akraino/validation/tests/os/vuls/gost_centos.sqlite3 --threads=$(nproc) && \
+    cd /opt/akraino/validation/tests/os/vuls && \
+    tar cvzf db.tar.gz *.sqlite3 && \
+    rm *.sqlite3
+
+# Copy binaries into the final container and install robot framework, bluval dependencies
 FROM ubuntu:18.04
 COPY --from=build /wheels /wheels
 COPY --from=build /opt/akraino/validation /opt/akraino/validation
 COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
+COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
+COPY --from=build /root/go/bin /root/go/bin
+COPY --from=build /root/go/src/github.com/bin /root/go/src/github.com/bin
 
 RUN apt-get update && apt-get -y install \
-    python3-pip && \
+    openssh-client \
+    sshpass \
+    python3-pip python3.6 && \
+    cd /usr/bin && ln -s python3 python && \
     pip3 install -r /wheels/requirements/pip-requirements.txt \
                  -f /wheels && \
+    pip3 install -r /opt/akraino/validation/bluval/requirements.txt && \
     rm -rf /wheels && \
     rm -rf /root/.cache/pip/* && \
     rm -rf /var/cache/apt/* && \
     rm -rf /var/lib/apt/lists/*
 
-# Install blueval dependencies
-RUN pip3 install -r /opt/akraino/validation/bluval/requirements.txt
+ENV LC_ALL=C.UTF-8
+ENV LANG=C.UTF-8