-
Notifications
You must be signed in to change notification settings - Fork 91
/
Copy pathDockerfile
144 lines (125 loc) · 4.72 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
FROM alpine:3
EXPOSE 22 5432 8081 9392
ENTRYPOINT [ "/opt/setup/scripts/entrypoint.sh" ]
CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
ARG SUPVISD=supervisorctl
ARG GVMD_USER
ARG GVMD_PASSWORD
ARG USERNAME=admin
ARG PASSWORD=adminpassword
ARG PASSWORD_FILE=none
ARG TIMEOUT=15
ARG DEBUG=N
ARG RELAYHOST=smtp
ARG SMTPPORT=25
ARG AUTO_SYNC=true
ARG CERTIFICATE=none
ARG CERTIFICATE_KEY=none
ARG HTTPS=true
ARG TZ=Etc/UTC
ARG SSHD=false
ARG DB_PASSWORD=none
COPY config /opt/setup/
COPY scripts /opt/setup/scripts/
RUN chmod -R +x /opt/setup/scripts/*.sh
RUN mkdir -p /repo/main \
&& mkdir -p /repo/community
COPY apk-build/target/ /repo/
COPY apk-build/user.abuild/*.pub /etc/apk/keys/
ENV SUPVISD=${SUPVISD:-supervisorctl} \
USERNAME=${USERNAME:-${GVMD_USER:-admin}} \
PASSWORD=${PASSWORD:-${GVMD_PASSWORD:-admin}} \
PASSWORD_FILE=${PASSWORD_FILE:-${GVMD_PASSWORD_FILE:-none}} \
TIMEOUT=${TIMEOUT:-15} \
DEBUG=${DEBUG:-N} \
RELAYHOST=${RELAYHOST:-smtp} \
SMTPPORT=${SMTPPORT:-25} \
AUTO_SYNC=${AUTO_SYNC:-true} \
HTTPS=${HTTPS:-true} \
CERTIFICATE=${CERTIFICATE:-none} \
CERTIFICATE_KEY=${CERTIFICATE_KEY:-none} \
TZ=${TZ:-Etc/UTC} \
SSHD=${SSHD:-false} \
DB_PASSWORD=${DB_PASSWORD:-none} \
DB_PASSWORD_FILE=${DB_PASSWORD:-none} \
LANG=en_US.UTF-8 \
LANGUAGE=en_US.UTF-8 \
LC_ALL=en_US.UTF-8\
SYSTEM_DIST=alpine
ENV MUSL_LOCPATH="/usr/share/i18n/locales/musl"
RUN { \
echo '@custcom /repo/community/'; \
echo 'https://dl-5.alpinelinux.org/alpine/v3.14/main/' ; \
echo 'https://dl-5.alpinelinux.org/alpine/v3.14/community/' ;\
echo 'https://dl-4.alpinelinux.org/alpine/v3.14/main/' ; \
echo 'https://dl-4.alpinelinux.org/alpine/v3.14/community/' ;\
echo 'https://dl-cdn.alpinelinux.org/alpine/v3.14/main/' ; \
echo 'https://dl-cdn.alpinelinux.org/alpine/v3.14/community/' ; \
} >/etc/apk/repositories \
&& cat /etc/apk/repositories \
&& apk upgrade --no-cache --available \
# install libintl
# then install dev dependencies for musl-locales
# clone the sources
# build and install musl-locales
# remove sources and compile artifacts
# lastly remove dev dependencies again
&& apk --no-cache add libintl sudo \
&& apk --no-cache --virtual .locale_build add cmake make musl-dev gcc gettext-dev git \
&& git clone https://gitlab.com/rilian-la-te/musl-locales \
&& cd musl-locales && cmake -DLOCALE_PROFILE=OFF -DCMAKE_INSTALL_PREFIX:PATH=/usr . && make && make install \
&& cd .. && rm -r musl-locales \
&& apk del --no-cache .locale_build \
&& sleep 10 \
&& apk add --no-cache --allow-untrusted logrotate curl wget su-exec tzdata postfix mailx bash openssh supervisor openssh-client-common libxslt xmlstarlet zip sshpass socat net-snmp-tools samba-client py3-lxml py3-gvm@custcom openvas@custcom openvas-smb@custcom openvas-config@custcom gvmd@custcom gvm-libs@custcom greenbone-security-assistant@custcom ospd-openvas@custcom \
&& mkdir -p /var/log/supervisor/ \
&& su -c "mkdir -p /var/lib/gvm/.ssh/ && chmod 700 /var/lib/gvm/.ssh/ && touch /var/lib/gvm/.ssh/authorized_keys && chmod 644 /var/lib/gvm/.ssh/authorized_keys" gvm
COPY gvm-sync-data/gvm-sync-data.tar.xz /opt/gvm-sync-data.tar.xz
COPY report_formats/* /report_formats/
#COPY config /opt/setup/
#COPY scripts /opt/setup/scripts/
#RUN chmod -R +x /opt/setup/scripts/*.sh
#COPY scripts/* /
#COPY config/supervisord.conf /etc/supervisord.conf
#COPY config/logrotate-gvm.conf /etc/logrotate.d/gvm
#COPY config/redis-openvas.conf /etc/redis/redis-openvas.conf
#COPY config/sshd_config /etc/ssh/sshd_config
#COPY config/* /opt/config/
ARG SETUP=0
ARG OPT_PDF=0
ENV SETUP=${SETUP:-0} \
OPT_PDF=${OPT_PDF:-0}
RUN env \
&& chmod -R +x /opt/setup/scripts/*.sh \
&& if [ "${SETUP}" == "1" ]; then \
ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime && echo "$TZ" >/etc/timezone \
&& /usr/bin/supervisord -c /etc/supervisord.conf || true ; \
unset SETUP ;\
fi \
&& rm -rfv /var/lib/gvm/CA || true \
&& rm -rfv /var/lib/gvm/private || true \
&& rm /etc/localtime || true\
&& echo "Etc/UTC" >/etc/timezone \
&& rm -rfv /tmp/* /var/cache/apk/* \
&& echo "!!! FINISH Setup !!!"
ENV SETUP=0
# Addons
RUN if [ "${OPT_PDF}" == "1" ]; then apk add --no-cache --allow-untrusted texlive texmf-dist-latexextra texmf-dist-fontsextra ; fi
VOLUME [ "/opt/database", "/var/lib/openvas/plugins", "/var/lib/gvm", "/etc/ssh" ]
#
# Owned by User gvm
#
# /run/ospd
# /var/lib/openvas/plugins
# /var/lib/gvm
# /var/lib/gvm/gvmd
# /var/lib/gvm/gvmd/gnupg
# /var/log/gvm
#
# Owned by Group gvm
#
# /run/ospd
# /var/lib/gvm
# /var/lib/gvm/gvmd
# /var/lib/gvm/gvmd/gnupg
#