From b9a45066ae938311f460dae238d08a90a9a932f4 Mon Sep 17 00:00:00 2001 From: Stefano Ortolani Date: Mon, 15 Jul 2024 18:00:34 +0100 Subject: [PATCH] Debug --- core/Dockerfile | 254 +++--------------------------------------------- 1 file changed, 11 insertions(+), 243 deletions(-) diff --git a/core/Dockerfile b/core/Dockerfile index a9431ab..6d6df52 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -1,35 +1,9 @@ ARG DOCKER_HUB_PROXY="" - -# FROM "${DOCKER_HUB_PROXY}ubuntu:24.04" as php-base -# ENV DEBIAN_FRONTEND noninteractive -# ENV LC_ALL C.UTF-8 -# -# # Uncomment when building in corporate environments -# # COPY ./rootca.crt /usr/local/share/ca-certificates/rootca.pem -# # COPY ./rootca.crt /usr/lib/ssl/cert.pem -# -# RUN apt-get update; apt-get upgrade; apt-get install -y --no-install-recommends \ -# ca-certificates \ -# && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* -# -# # COPY files/etc/apt/sources.list.d/ondrej-ubuntu-php-noble.sources /etc/apt/sources.list.d/ondrej-ubuntu-php-noble.sources -# # COPY files/etc/apt/sources.list.d/ondrej-ubuntu-nginx-mainline-noble.sources /etc/apt/sources.list.d/ondrej-ubuntu-nginx-mainline-noble.sources -# -# # RUN apt-get update; apt-get install -y --no-install-recommends \ -# # software-properties-common -# # # && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* -# # RUN add-apt-repository ppa:ondrej/php -# # RUN add-apt-repository ppa:ondrej/nginx-mainline -# # RUN apt-get update - - FROM "${DOCKER_HUB_PROXY}ubuntu:24.04" as composer-build ENV DEBIAN_FRONTEND noninteractive ENV COMPOSER_ALLOW_SUPERUSER 1 ENV COMPOSER_IPRESOLVE 4 - ARG CORE_TAG - ARG CORE_COMMIT RUN apt-get update; apt-get install -y --no-install-recommends \ ca-certificates \ @@ -49,6 +23,7 @@ FROM "${DOCKER_HUB_PROXY}ubuntu:24.04" as composer-build # && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* WORKDIR /tmp + COPY files/composer.json /tmp/composer.json ADD https://raw.githubusercontent.com/MISP/MISP/${CORE_COMMIT:-${CORE_TAG}}/app/composer.json /tmp COPY --from=composer:latest /usr/bin/composer /usr/bin/composer @@ -60,222 +35,15 @@ FROM "${DOCKER_HUB_PROXY}ubuntu:24.04" as composer-build RUN php /out/bin/composer config --no-interaction allow-plugins.composer/installers true RUN php /out/bin/composer config --no-interaction secure-http false RUN php /out/bin/composer install -vvvvv --ignore-platform-reqs - RUN php /out/bin/composer require --ignore-platform-reqs --with-all-dependencies --no-interaction \ - supervisorphp/supervisor:^4.0 \ - guzzlehttp/guzzle \ - lstrojny/fxmlrpc \ - php-http/message \ - php-http/message-factory \ - # docker image specific dependencies - elasticsearch/elasticsearch:^8.7.0 \ - jakub-onderka/openid-connect-php:^1.0.0 \ - aws/aws-sdk-php + # RUN php /out/bin/composer require --ignore-platform-reqs --with-all-dependencies --no-interaction \ + # supervisorphp/supervisor:^4.0 \ + # guzzlehttp/guzzle \ + # lstrojny/fxmlrpc \ + # php-http/message \ + # php-http/message-factory \ + # # docker image specific dependencies + # elasticsearch/elasticsearch:^8.7.0 \ + # jakub-onderka/openid-connect-php:^1.0.0 \ + # aws/aws-sdk-php ENTRYPOINT ["tail", "-f", "/dev/null"] - - -# FROM php-base as php-build -# ENV DEBIAN_FRONTEND noninteractive -# ENV TZ Etc/UTC -# -# RUN apt-get install -y --no-install-recommends \ -# gcc \ -# g++ \ -# make \ -# php7.4 \ -# php7.4-dev \ -# php7.4-xml \ -# libfuzzy-dev \ -# librdkafka-dev \ -# libsimdjson-dev \ -# libzstd-dev \ -# git \ -# php-pear \ -# && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* -# -# RUN apt-cache search pecl -# -# RUN update-alternatives --set php /usr/bin/php7.4 -# RUN update-alternatives --set php-config /usr/bin/php-config7.4 -# RUN update-alternatives --set phpize /usr/bin/phpize7.4 -# -# RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib -# RUN pecl channel-update pecl.php.net && \ -# pecl install ssdeep && \ -# pecl install rdkafka && \ -# pecl install simdjson && \ -# pecl install zstd -# RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && \ -# cd php-ext-brotli && phpize && ./configure && make && make install -# -# -# FROM php-base as python-build -# ENV DEBIAN_FRONTEND noninteractive -# ARG CORE_TAG -# ARG CORE_COMMIT -# ARG PYPI_REDIS_VERSION -# ARG PYPI_LIEF_VERSION -# ARG PYPI_PYDEEP2_VERSION -# ARG PYPI_PYTHON_MAGIC_VERSION -# ARG PYPI_MISP_LIB_STIX2_VERSION -# ARG PYPI_MAEC_VERSION -# ARG PYPI_MIXBOX_VERSION -# ARG PYPI_CYBOX_VERSION -# ARG PYPI_PYMISP_VERSION -# -# RUN apt-get install -y --no-install-recommends \ -# git \ -# python3-pip \ -# && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* -# -# # Download MISP using git in the /var/www/ directory. Remove unnecessary items. -# RUN <<-EOF -# if [ ! -z "${CORE_COMMIT}" ]; then -# git clone https://github.com/MISP/MISP.git /var/www/MISP && cd /var/www/MISP && git checkout "${CORE_COMMIT}" -# else -# git clone --branch "${CORE_TAG}" --depth 1 https://github.com/MISP/MISP.git /var/www/MISP -# fi -# cd /var/www/MISP || exit; git submodule update --init --recursive . -# EOF -# -# RUN <<-EOF -# mkdir /wheels -# -# # Add additional dependencies (container specific) -# # The "set" line contains the list of modules we want to ensure are present. -# # PYPI_MODULE_NAME_VERSION env vars can be set to specify the version desired, -# # e.g. PYPI_SURICATA_VERSION="==2.0" to specify exactly version 2.0 for the suricata package -# # -# # 1. Check for presence of each module in requirements.txt -# # 2. If missing, add it (with optional version from env (defaults to empty string)) -# # 3. If present, replace with our specified version if it exists, otherwise leave -# # the upstream version alone. -# set -- "redis" "lief" "pydeep2" "python-magic" "misp-lib-stix2" "maec" "mixbox" "cybox" "pymisp" -# for mod in "$@"; do -# mod_version_var=$(echo "PYPI_${mod}_VERSION" | tr '[:lower:]' '[:upper:]' | tr '-' '_') -# mod_version=$(eval "echo \"\$$mod_version_var\"") -# grep -q ${mod} /var/www/MISP/requirements.txt -# exists=$? -# if [ "${exists}" -eq "1" ]; then -# echo "Adding missing module ${mod} with version '${mod_version}'" -# echo ${mod}${mod_version} >> /var/www/MISP/requirements.txt -# else -# if [ "$(echo ${mod_version} | wc -m)" -gt 1 ]; then -# echo "Overwriting existing module ${mod}, version '${mod_version}'" -# sed -i "/${mod}/s/.*/${mod}${mod_version}/" /var/www/MISP/requirements.txt -# else -# echo "Skipping overwriting ${mod} due to missing version variable" -# fi -# fi -# done; -# -# pip wheel --no-cache-dir -w /wheels/ -r /var/www/MISP/requirements.txt -# -# # Remove files we do not care for -# rm -r /var/www/MISP/PyMISP -# find /var/www/MISP/INSTALL/* ! -name 'MYSQL.sql' -type f -exec rm {} + -# find /var/www/MISP/INSTALL/* ! -name 'MYSQL.sql' -type l -exec rm {} + -# # Remove most files in .git - we do not use git functionality in docker -# find /var/www/MISP/.git/* ! -name HEAD -exec rm -rf {} + -# EOF -# -# -# FROM php-base -# ENV DEBIAN_FRONTEND noninteractive -# ARG CORE_TAG -# ARG CORE_COMMIT -# ARG PHP_VER -# -# RUN apt-get install -y --no-install-recommends \ -# gettext \ -# procps \ -# sudo \ -# nginx \ -# supervisor \ -# cron \ -# openssl \ -# gpg \ -# gpg-agent \ -# mariadb-client \ -# rsync \ -# python3-pip \ -# # PHP Requirements -# php7.4 \ -# php7.4-apcu \ -# php7.4-curl \ -# php7.4-xml \ -# php7.4-intl \ -# php7.4-bcmath \ -# php7.4-mbstring \ -# php7.4-mysql \ -# php7.4-redis \ -# php7.4-gd \ -# php7.4-fpm \ -# php7.4-zip \ -# php7.4-ldap \ -# libmagic1 \ -# libldap-common \ -# librdkafka1 \ -# libbrotli1 \ -# libsimdjson19 \ -# libzstd1 \ -# ssdeep \ -# libfuzzy2 \ -# # Unsure we need these -# zip unzip \ -# # Require for advanced an unattended configuration -# curl jq \ -# && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* -# -# RUN update-alternatives --set php /usr/bin/php7.4 -# -# # Install python modules -# COPY --from=python-build /wheels /wheels -# RUN pip install --break-system-packages --no-cache-dir /wheels/*.whl && rm -rf /wheels -# -# # PHP: install prebuilt libraries, then install the app's PHP deps -# COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/# php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/zstd.so", "/usr/lib/php/${PHP_VER}/"] -# -# # Do an early chown to limit image size -# COPY --from=python-build --chown=www-data:www-data --chmod=0550 /var/www/MISP /var/www/MISP -# COPY --from=composer-build --chown=www-data:www-data --chmod=0550 /tmp/Vendor /var/www/MISP/app/Vendor -# COPY --from=composer-build --chown=www-data:www-data --chmod=0550 /tmp/Plugin /var/www/MISP/app/Plugin -# -# # Gather these in one layer, only act on actual directories under /etc/php/ -# RUN <<-EOF -# set -- "ssdeep" "rdkafka" "brotli" "simdjson" "zstd" -# for mod in "$@"; do -# for dir in /etc/php/*/; do -# echo "extension=${mod}.so" > "${dir}mods-available/${mod}.ini" -# done; -# phpenmod "${mod}" -# done; -# phpenmod redis -# EOF -# -# # nginx -# RUN rm /etc/nginx/sites-enabled/*; mkdir -p /run/php /etc/nginx/certs -# -# # Make a copy of the file and configuration stores, so we can sync from it -# -# # The spirit of the upstream dockerization is to make: -# # 1) User and group aligned in terms of permissions -# # 2) Files executable and read only, because of some rogue scripts like 'cake' -# # 3) Directories writable, because sometimes MISP add new files -# -# RUN <<-EOF -# cp -R /var/www/MISP/app/files /var/www/MISP/app/files.dist -# cp -R /var/www/MISP/app/Config /var/www/MISP/app/Config.dist -# find /var/www/MISP \( ! -user www-data -or ! -group www-data \) -exec chown www-data:www-data '{}' +; -# find /var/www/MISP -not -perm 550 -type f -exec chmod 0550 '{}' +; -# find /var/www/MISP -not -perm 770 -type d -exec chmod 0770 '{}' +; -# # Diagnostics wants this file to be present and writable even if we do not use git in docker land -# touch /var/www/MISP/.git/ORIG_HEAD && chmod 0600 /var/www/MISP/.git/ORIG_HEAD && chown www-data:www-data /var/www/MISP/.git/ORIG_HEAD -# EOF -# -# # Copy all our image specific files to appropriate locations -# COPY files/ / -# ENTRYPOINT [ "/entrypoint.sh" ] -# -# # Change Workdirectory -# WORKDIR /var/www/MISP# \ No newline at end of file