From 8d3a5fb4af7b6cc47cc3068e7362b57a1b1176fa Mon Sep 17 00:00:00 2001 From: Ariel Morelli Date: Tue, 9 Aug 2022 11:15:58 +0200 Subject: [PATCH] docker: use docker buildx to build multi architecture --- Dockerfile | 89 +++++++++++++++++--------------- dockerfiles/docker-entrypoint.sh | 3 +- dockerfiles/update_db_image.sh | 11 +++- 3 files changed, 59 insertions(+), 44 deletions(-) diff --git a/Dockerfile b/Dockerfile index fdf50050ca..ec67653e1e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,40 +3,44 @@ # Copyright (C) 2020 Olliver Schinagl # Copyright (C) 2021-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -# hadolint ignore=DL3007 latest is the latest stable for alpine -FROM index.docker.io/library/alpine:latest AS builder +FROM index.docker.io/library/rust:1.62.1-bullseye AS builder WORKDIR /src COPY . /src/ -# hadolint ignore=DL3008 We want the latest stable versions -RUN apk add --no-cache \ - bsd-compat-headers \ - bzip2-dev \ - check-dev \ +ENV DEBIAN_FRONTEND noninteractive + +RUN apt update && apt install -y \ cmake \ - curl-dev \ - file \ - fts-dev \ - g++ \ + bison \ + flex \ + gcc \ git \ - json-c-dev \ + make \ + man-db \ + net-tools \ + pkg-config \ + python3 \ + python3-pip \ + python3-pytest \ + check \ + libbz2-dev \ + libcurl4-openssl-dev \ + libjson-c-dev \ libmilter-dev \ - libtool \ + libncurses5-dev \ + libpcre2-dev \ + libssl-dev \ libxml2-dev \ - linux-headers \ - make \ - ncurses-dev \ - openssl-dev \ - pcre2-dev \ - py3-pytest \ - zlib-dev \ - rust \ - cargo \ + zlib1g-dev \ + && \ + rm -rf /var/cache/apt/archives \ + && \ + mkdir -p "./build" && cd "./build" \ && \ - mkdir -p "./build" && cd "./build" && \ cmake .. \ + -DCARGO_HOME="/src/build" \ -DCMAKE_BUILD_TYPE="Release" \ -DCMAKE_INSTALL_PREFIX="/usr" \ -DCMAKE_INSTALL_LIBDIR="/usr/lib" \ @@ -47,8 +51,10 @@ RUN apk add --no-cache \ -DENABLE_JSON_SHARED=ON \ -DENABLE_MAN_PAGES=OFF \ -DENABLE_MILTER=ON \ - -DENABLE_STATIC_LIB=OFF && \ - make DESTDIR="/clamav" -j$(($(nproc) - 1)) install && \ + -DENABLE_STATIC_LIB=OFF \ + && \ + make DESTDIR="/clamav" -j$(($(nproc) - 1)) install \ + && \ rm -r \ "/clamav/usr/include" \ "/clamav/usr/lib/pkgconfig/" \ @@ -77,38 +83,39 @@ RUN apk add --no-cache \ -e "s|^\#\(LogTime\).*|\1 yes|" \ -e "s|.*\(\ClamdSocket\) .*|\1 unix:/run/clamav/clamd.sock|" \ "/clamav/etc/clamav/clamav-milter.conf.sample" > "/clamav/etc/clamav/clamav-milter.conf" || \ - exit 1 && \ + exit 1 \ + && \ ctest -V -FROM index.docker.io/library/alpine:latest +FROM index.docker.io/library/debian:11-slim LABEL maintainer="ClamAV bugs " EXPOSE 3310 EXPOSE 7357 +ENV DEBIAN_FRONTEND=noninteractive ENV TZ Etc/UTC -RUN apk add --no-cache \ - fts \ - json-c \ - libbz2 \ - libcurl \ - libltdl \ - libmilter \ - libstdc++ \ +RUN apt-get update && apt-get install -y \ + libbz2-1.0 \ + libcurl4 \ + libssl1.1 \ + libjson-c5 \ + libmilter1.0.1 \ + libncurses5 \ + libpcre2-8-0 \ libxml2 \ - ncurses-libs \ - pcre2 \ - tini \ + zlib1g \ tzdata \ - zlib \ && \ - addgroup -S "clamav" && \ - adduser -D -G "clamav" -h "/var/lib/clamav" -s "/bin/false" -S "clamav" && \ + rm -rf /var/cache/apt/archives && \ + groupadd "clamav" && \ + useradd -g clamav -s /bin/false --home-dir /var/lib/clamav -c "Clam Antivirus" clamav && \ install -d -m 755 -g "clamav" -o "clamav" "/var/log/clamav" COPY --from=builder "/clamav" "/" + COPY "./dockerfiles/clamdcheck.sh" "/usr/local/bin/" COPY "./dockerfiles/docker-entrypoint.sh" "/init" diff --git a/dockerfiles/docker-entrypoint.sh b/dockerfiles/docker-entrypoint.sh index c7508f0ec5..a1cd99c6e9 100755 --- a/dockerfiles/docker-entrypoint.sh +++ b/dockerfiles/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/sbin/tini /bin/sh +#!/usr/bin/env sh # SPDX-License-Identifier: GPL-2.0-or-later # # Copyright (C) 2021 Olliver Schinagl @@ -15,6 +15,7 @@ if [ ! -d "/run/clamav" ]; then fi # Assign ownership to the database directory, just in case it is a mounted volume +mkdir -p /var/lib/clamav chown -R clamav:clamav /var/lib/clamav # run command if it is not starting with a "-" and is an executable in PATH diff --git a/dockerfiles/update_db_image.sh b/dockerfiles/update_db_image.sh index 6dfc2a5612..8a9c8767e4 100755 --- a/dockerfiles/update_db_image.sh +++ b/dockerfiles/update_db_image.sh @@ -8,6 +8,7 @@ set -eu DEF_CLAMAV_DOCKER_IMAGE="clamav/clamav" DEF_DOCKER_REGISTRY="registry.hub.docker.com" +DOCKER_BUILDKIT_IMAGE="multiarch/qemu-user-static" usage() @@ -72,6 +73,12 @@ docker_tags_get() done } +config_docker_buildx() +{ + docker buildx install + docker buildx create --use --name=builder --driver docker-container --driver-opt image=${DOCKER_BUILDKIT_IMAGE} || true +} + clamav_db_update() { if [ -z "${clamav_docker_tags:-}" ]; then @@ -83,8 +90,7 @@ clamav_db_update() { echo "FROM ${docker_registry}/${clamav_docker_image}:${_tag}" echo "RUN freshclam --foreground --stdout && rm /var/lib/clamav/freshclam.dat || rm /var/lib/clamav/mirrors.dat || true" - } | docker image build --pull --rm --tag "${docker_registry}/${clamav_docker_image}:${_tag%%_base}" - - docker image push "${docker_registry}/${clamav_docker_image}:${_tag%%_base}" + } | docker buildx build --platform linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64 --pull --push --rm --tag "${docker_registry}/${clamav_docker_image}:${_tag%%_base}" - done } @@ -132,6 +138,7 @@ main() docker_registry="${docker_registry:-${DOCKER_REGISTRY:-${DEF_DOCKER_REGISTRY}}}" init + config_docker_buildx docker_tags_get clamav_db_update