github.com/crowdsecurity/crowdsec@v1.6.1/Dockerfile.debian

github.com/crowdsecurity/crowdsec@v1.6.1/Dockerfile.debian (about)

     1  # vim: set ft=dockerfile:
     2  FROM golang:1.21.9-bookworm AS build
     3  
     4  ARG BUILD_VERSION
     5  
     6  WORKDIR /go/src/crowdsec
     7  
     8  ENV DEBIAN_FRONTEND=noninteractive
     9  ENV DEBCONF_NOWARNINGS="yes"
    10  
    11  # We like to choose the release of re2 to use, the debian version is usually older.
    12  ENV RE2_VERSION=2023-03-01
    13  ENV BUILD_VERSION=${BUILD_VERSION}
    14  
    15  # wizard.sh requires GNU coreutils
    16  RUN apt-get update && \
    17      apt-get install -y -q git gcc libc-dev make bash gettext binutils-gold coreutils tzdata && \
    18      wget https://github.com/google/re2/archive/refs/tags/${RE2_VERSION}.tar.gz && \
    19      tar -xzf ${RE2_VERSION}.tar.gz && \
    20      cd re2-${RE2_VERSION} && \
    21      make && \
    22      make install && \
    23      echo "githubciXXXXXXXXXXXXXXXXXXXXXXXX" > /etc/machine-id && \
    24      go install github.com/mikefarah/yq/v4@v4.40.4
    25  
    26  COPY . .
    27  
    28  RUN make clean release DOCKER_BUILD=1 BUILD_STATIC=1 && \
    29      cd crowdsec-v* && \
    30      ./wizard.sh --docker-mode && \
    31      cd - >/dev/null && \
    32      cscli hub update && \
    33      ./docker/preload-hub-items && \
    34      cscli collections install crowdsecurity/linux && \
    35      cscli parsers install crowdsecurity/whitelists
    36  
    37      # In case we need to remove agents here..
    38      # cscli machines list -o json | yq '.[].machineId' | xargs -r cscli machines delete
    39  
    40  FROM debian:bookworm-slim as slim
    41  
    42  ENV DEBIAN_FRONTEND=noninteractive
    43  ENV DEBCONF_NOWARNINGS="yes"
    44  
    45  RUN apt-get update && \
    46      apt-get install -y -q --install-recommends --no-install-suggests \
    47      procps \
    48      systemd \
    49      iproute2 \
    50      ca-certificates \
    51      bash \
    52      tzdata \
    53      rsync && \
    54      mkdir -p /staging/etc/crowdsec && \
    55      mkdir -p /staging/etc/crowdsec/acquis.d && \
    56      mkdir -p /staging/var/lib/crowdsec && \
    57      mkdir -p /var/lib/crowdsec/data
    58  
    59  COPY --from=build /go/bin/yq /usr/local/bin/crowdsec /usr/local/bin/cscli /usr/local/bin/
    60  COPY --from=build /etc/crowdsec /staging/etc/crowdsec
    61  COPY --from=build /go/src/crowdsec/docker/docker_start.sh /
    62  COPY --from=build /go/src/crowdsec/docker/config.yaml /staging/etc/crowdsec/config.yaml
    63  RUN yq -n '.url="http://0.0.0.0:8080"' | install -m 0600 /dev/stdin /staging/etc/crowdsec/local_api_credentials.yaml && \
    64      yq eval -i ".plugin_config.group = \"nogroup\"" /staging/etc/crowdsec/config.yaml
    65  
    66  ENTRYPOINT /bin/bash docker_start.sh
    67  
    68  FROM slim as plugins
    69  
    70  # Due to the wizard using cp -n, we have to copy the config files directly from the source as -n does not exist in busybox cp
    71  # The files are here for reference, as users will need to mount a new version to be actually able to use notifications
    72  COPY --from=build \
    73      /go/src/crowdsec/cmd/notification-email/email.yaml \
    74      /go/src/crowdsec/cmd/notification-http/http.yaml \
    75      /go/src/crowdsec/cmd/notification-slack/slack.yaml \
    76      /go/src/crowdsec/cmd/notification-splunk/splunk.yaml \
    77      /go/src/crowdsec/cmd/notification-sentinel/sentinel.yaml \
    78      /staging/etc/crowdsec/notifications/
    79  
    80  COPY --from=build /usr/local/lib/crowdsec/plugins /usr/local/lib/crowdsec/plugins
    81  
    82  FROM slim as geoip
    83  
    84  COPY --from=build /var/lib/crowdsec /staging/var/lib/crowdsec
    85  
    86  FROM plugins as full
    87  
    88  COPY --from=build /var/lib/crowdsec /staging/var/lib/crowdsec