FROM quay.io/centos/centos:7
LABEL maintainer="Timo Trinks"

# Initial setup - install basic software packages, create dedicated build user with sudo permissions (as required in MISP SPEC file)
USER root
RUN yum clean all && yum -y update && yum -y upgrade
RUN yum install -y wget git curl yum-plugins-core findutils rpm-build make krb5-workstation yum-utils epel-release sudo libcaca-devel lua-devel cmake gcc gcc-c++
RUN yum clean all
RUN useradd -m builduser
# Not happy about this but the MISP spec wants sudo
RUN echo "builduser        ALL=(ALL)       NOPASSWD: ALL" | (su -c 'EDITOR="tee" visudo -f /etc/sudoers.d/builduser')
# Kerberos workaround hack in a systemd-less container
RUN cat /etc/krb5.conf | sed -e 's/ default_ccache_name/#default_ccache_name/g' > /tmp/krb5_tmp.conf && mv -f /tmp/krb5_tmp.conf /etc/krb5.conf

# Set up a rudimentary user RPM Build Environment under CentOS and pull in MISP SPEC file
USER builduser
RUN mkdir -p /home/builduser/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
WORKDIR /home/builduser/rpmbuild/SPECS
RUN for specfile in faup.spec gtcaca.spec misp.spec; do wget https://raw.githubusercontent.com/MISP/MISP-RPM/rhel79/SPECS/$specfile; done

# Install additional build specific packages - fedora-packager will set up Kerberos env for koji land (https://koji.fedoraproject.org)
# (NOTE: faup.spec will throw a Error: No Package found for gtcaca-devel - so, build gtaca packages first and install gtcaca-devel before proceeding with faup build
RUN sudo yum install -y fedora-packager koji fedpkg centos-release-scl
RUN sudo yum-builddep -y gtcaca.spec misp.spec

# 1.) GTCACA BUILD
RUN rpmbuild -ba gtcaca.spec
WORKDIR /home/builduser/rpmbuild/RPMS/x86_64
RUN sudo yum localinstall -y gtcaca-devel-*.el7.x86_64.rpm

# 2.) FAUP BUILD
WORKDIR /home/builduser/rpmbuild/SPECS
RUN sudo yum-builddep -y faup.spec
RUN rpmbuild -ba faup.spec

# 3.) MISP BUILD - pull down MISP specific SOURCE files
USER builduser
WORKDIR /home/builduser/rpmbuild/SOURCES
RUN for sourcefiles in misp-bash.pp misp-bash.te misp-httpd.pp misp-httpd.te misp-policy.pp misp-policy.te misp-ps.pp misp-ps.te misp-workers.service; do wget https://raw.githubusercontent.com/MISP/MISP-RPM/rhel79/SOURCES/$sourcefiles; done
WORKDIR /home/builduser
# Unfortunately the "%{_topdir}/.." bit in the misp.spec file does not resolve correctly at this stage, so here's a dirty hack to s/%{_topdir}\/..\///
RUN cat /home/builduser/rpmbuild/SPECS/misp.spec | sed -e 's/%{_topdir}\/..\///' > /tmp/misp_tmp.spec && mv -f /tmp/misp_tmp.spec /home/builduser/rpmbuild/SPECS/misp.spec
RUN rpmbuild -ba /home/builduser/rpmbuild/SPECS/misp.spec

# Tar all RPMs and place them in /tmp for easy cp out of container and test install on Centos7 vm
WORKDIR /home/builduser/rpmbuild/RPMS/x86_64
RUN tar cvpfz misp_centos7_x86_64_rpms.tar.gz *.rpm && mv misp_centos7_x86_64_rpms.tar.gz /tmp/

ENTRYPOINT ["/bin/bash"]