##############################################################################
# ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds
-FROM ubuntu:18.04 as build
+FROM ubuntu as build
# Install dependencies
COPY pip-requirements.txt /wheels/requirements/pip-requirements.txt
RUN apt-get update && apt-get -y install \
- python3-pip \
gcc \
git \
- libc-dev \
- libffi6 \
- libffi-dev \
make \
- libssl-dev \
wget \
- golint \
- sqlite3 \
- debian-goodies \
- build-essential \
- pkg-config \
- autoconf automake autotools-dev m4 \
linux-headers-generic \
- libaio-dev libattr1-dev libcap-dev
+ build-essential \
+ libssl-dev \
+ libffi-dev \
+ python-dev \
+ python3-pip \
+ automake \
+ autoconf \
+ pkgconf
# Build binaries
WORKDIR /wheels
# Fetches vuls databases (invalidate cache using unique timestamp)
SHELL ["/bin/bash", "-c"]
RUN if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi && \
- wget https://dl.google.com/go/go1.12.6.linux-$HOST_ARCH.tar.gz -P /root/ --progress=dot:giga && \
+ wget https://dl.google.com/go/go1.14.linux-$HOST_ARCH.tar.gz -P /root/ --progress=dot:giga && \
cd /root/ && \
- tar -xzf go1.12.6.linux-$HOST_ARCH.tar.gz -C /root/ && \
- rm go1.12.6.linux-$HOST_ARCH.tar.gz && \
+ tar -xzf go1.14.linux-$HOST_ARCH.tar.gz -C /root/ && \
+ rm go1.14.linux-$HOST_ARCH.tar.gz && \
export GOROOT=/root/go && \
- export GOPATH=/root/go/src && \
- export PATH=$PATH:/root/go/bin:/root/go/src/bin && \
+ export GOPATH=/root/go/src/github.com && \
+ export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
mkdir -p /root/go/src/github.com/future-architect && \
cd /root/go/src/github.com/future-architect && \
- git clone https://github.com/future-architect/vuls && \
+ git clone https://github.com/future-architect/vuls -b v0.10.0 && \
cd vuls && \
make install && \
mkdir -p /root/go/src/github.com/kotakanbe && \
- git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git && \
+ git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git -b v0.5.0 && \
cd /root/go/src/github.com/kotakanbe/go-cve-dictionary/ && \
make install && \
- git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git && \
+ git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git -b v0.2.8 && \
cd /root/go/src/github.com/kotakanbe/goval-dictionary && \
make install && \
mkdir -p /root/go/src/github.com/knqyf263 && \
- git -C /root/go/src/github.com/knqyf263 clone https://github.com/knqyf263/gost.git && \
+ git -C /root/go/src/github.com/knqyf263 clone https://github.com/knqyf263/gost.git -b v0.1.3 && \
cd /root/go/src/github.com/knqyf263/gost && \
make install
ADD db.tar.gz.timestamp /root/
RUN \
export GOROOT=/root/go && \
- export GOPATH=/root/go/src && \
- export PATH=$PATH:/root/go/bin:/root/go/src/bin && \
+ export GOPATH=/root/go/src/github.com && \
+ export PATH=$PATH:/root/go/bin:/root/go/src/github.com/bin && \
for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -quiet -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \
goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_16.sqlite3 16 && \
goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_ubuntu_18.sqlite3 18 && \
- goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos.sqlite3 7 && \
+ goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos_7.sqlite3 7 && \
+ goval-dictionary fetch-redhat -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval_centos_8.sqlite3 8 && \
gost fetch redhat --http-proxy=${HTTP_PROXY} --dbpath=/opt/akraino/validation/tests/os/vuls/gost_centos.sqlite3 --threads=$(nproc) && \
cd /opt/akraino/validation/tests/os/vuls && \
tar cvzf db.tar.gz *.sqlite3 && \
rm *.sqlite3
# Copy binaries into the final container and install robot framework, bluval dependencies
-FROM ubuntu:18.04
+FROM ubuntu
COPY --from=build /wheels /wheels
COPY --from=build /opt/akraino/validation /opt/akraino/validation
COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
COPY --from=build /root/go/bin /root/go/bin
-COPY --from=build /root/go/src/bin /root/go/src/bin
+COPY --from=build /root/go/src/github.com/bin /root/go/src/github.com/bin
RUN apt-get update && apt-get -y install \
+ openssh-client \
+ sshpass \
python3-pip python3.6 && \
cd /usr/bin && ln -s python3 python && \
pip3 install -r /wheels/requirements/pip-requirements.txt \
Code Review / validation.git / blobdiff