docker/os/Dockerfile

   1 ##############################################################################
   2 # Copyright (c) 2019 AT&T, ENEA AB, Nokia and others                         #
   3 #                                                                            #
   4 # Licensed under the Apache License, Version 2.0 (the "License");            #
   5 # you maynot use this file except in compliance with the License.            #
   6 #                                                                            #
   7 # You may obtain a copy of the License at                                    #
   8 #       http://www.apache.org/licenses/LICENSE-2.0                           #
   9 #                                                                            #
  10 # Unless required by applicable law or agreed to in writing, software        #
  11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
  12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
  13 # See the License for the specific language governing permissions and        #
  14 # limitations under the License.                                             #
  15 ##############################################################################
  16
  17 # ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds
  18 FROM ubuntu:18.04 as build
  19
  20 # Install dependencies
  21 COPY pip-requirements.txt /wheels/requirements/pip-requirements.txt
  22 RUN apt-get update && apt-get -y install \
  23     python3-pip \
  24     gcc \
  25     git \
  26     libc-dev \
  27     libffi6 \
  28     libffi-dev \
  29     make \
  30     libssl-dev \
  31     golint \
  32     sqlite3 \
  33     debian-goodies \
  34     build-essential \
  35     autoconf automake autotools-dev m4 \
  36     linux-headers-generic \
  37     libaio-dev libattr1-dev libcap-dev
  38
  39 # Build binaries
  40 WORKDIR /wheels
  41 RUN pip3 install wheel
  42 RUN pip3 wheel -r /wheels/requirements/pip-requirements.txt
  43 RUN git clone https://gerrit.akraino.org/r/validation /opt/akraino/validation
  44
  45 # Build ltp tests
  46 RUN mkdir -p /opt/akraino /root/src
  47 WORKDIR  /root/src
  48 RUN git clone https://github.com/linux-test-project/ltp.git
  49 WORKDIR /root/src/ltp
  50 RUN make autotools && \
  51     ./configure --prefix=/opt/ltp && \
  52     make -j $(getconf _NPROCESSORS_ONLN) 2>&1 | tee ../build-log.txt && \
  53     make install 2>&1 | tee ../install-log.txt
  54 RUN tar czvf /opt/akraino/ltp.tar.gz /opt/ltp
  55 WORKDIR /root/src
  56 RUN git clone https://github.com/CISOfy/lynis && tar czvf /opt/akraino/lynis-remote.tar.gz ./lynis
  57
  58 # Copy binaries into the final container and install robot framework
  59 FROM ubuntu:18.04
  60 COPY --from=build /wheels /wheels
  61 COPY --from=build /opt/akraino/validation /opt/akraino/validation
  62 COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
  63 COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
  64
  65
  66 RUN apt-get update && apt-get -y upgrade && apt-get -y install \
  67     python3-pip python3.6 \
  68     sqlite \
  69     debian-goodies \
  70     wget \
  71     curl apt-transport-https ca-certificates software-properties-common && \
  72     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
  73     add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
  74     apt-get update && \
  75     apt-get install -y docker-ce && \
  76     cd /usr/bin && ln -s python3 python && \
  77     pip3 install -r /wheels/requirements/pip-requirements.txt \
  78                  -f /wheels && \
  79     rm -rf /wheels && \
  80     rm -rf /root/.cache/pip/* && \
  81     rm -rf /var/cache/apt/* && \
  82     rm -rf /var/lib/apt/lists/*
  83
  84 # Fetches vuls databases
  85 SHELL ["/bin/bash", "-c"]
  86 RUN wget https://dl.google.com/go/go1.12.6.linux-amd64.tar.gz -P /root/ && \
  87     cd /root/ && \
  88     tar -xzf go1.12.6.linux-amd64.tar.gz -C /root/ && \
  89     export GOROOT=/root/go && \
  90     export GOPATH=/root/go/src && \
  91     export PATH=$PATH:/root/go/bin:/root/go/src/bin && \
  92     mkdir -p /root/go/src/github.com/future-architect && \
  93     cd /root/go/src/github.com/future-architect && \
  94     git clone https://github.com/future-architect/vuls && \
  95     cd vuls && \
  96     make install && \
  97     mkdir -p /root/go/src/github.com/kotakanbe && \
  98     git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git && \
  99     cd /root/go/src/github.com/kotakanbe/go-cve-dictionary/ && \
 100     make install && \
 101     mkdir /opt/akraino/validation/tests/os/vuls/ && \
 102     for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \
 103     git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git && \
 104     cd /root/go/src/github.com/kotakanbe/goval-dictionary && \
 105     make install && \
 106     goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval.sqlite3 16 && \
 107     cd /opt/akraino/validation/tests/os/vuls && \
 108     tar cvzf db.tar.gz *.sqlite3 && \
 109     rm *.sqlite3
 110
 111 # Install bluval dependencies
 112 RUN pip3 install -r /opt/akraino/validation/bluval/requirements.txt
 113 ENV LC_ALL=C.UTF-8
 114 ENV LANG=C.UTF-8