blob: d325ac12b70d393fc86c7080d18be184774b77a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
FROM quay.io/centos/centos:7
LABEL maintainer="Timo Trinks"
# Initial setup - install basic software packages, create dedicated build user with sudo permissions (as required in MISP SPEC file)
USER root
RUN yum clean all && yum -y update && yum -y upgrade
RUN yum install -y wget git curl yum-plugins-core findutils rpm-build make krb5-workstation yum-utils epel-release sudo libcaca-devel lua-devel cmake gcc gcc-c++
RUN yum clean all
RUN useradd -m builduser
# Not happy about this but the MISP spec wants sudo
RUN echo "builduser ALL=(ALL) NOPASSWD: ALL" | (su -c 'EDITOR="tee" visudo -f /etc/sudoers.d/builduser')
# Kerberos workaround hack in a systemd-less container
RUN cat /etc/krb5.conf | sed -e 's/ default_ccache_name/#default_ccache_name/g' > /tmp/krb5_tmp.conf && mv -f /tmp/krb5_tmp.conf /etc/krb5.conf
# Set up a rudimentary user RPM Build Environment under CentOS and pull in MISP SPEC file
USER builduser
RUN mkdir -p /home/builduser/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
WORKDIR /home/builduser/rpmbuild/SPECS
RUN for specfile in faup.spec gtcaca.spec misp.spec; do wget https://raw.githubusercontent.com/MISP/MISP-RPM/rhel79/SPECS/$specfile; done
# Install additional build specific packages - fedora-packager will set up Kerberos env for koji land (https://koji.fedoraproject.org)
# (NOTE: faup.spec will throw a Error: No Package found for gtcaca-devel - so, build gtaca packages first and install gtcaca-devel before proceeding with faup build
RUN sudo yum install -y fedora-packager koji fedpkg centos-release-scl
RUN sudo yum-builddep -y gtcaca.spec misp.spec
# 1.) GTCACA BUILD
RUN rpmbuild -ba gtcaca.spec
WORKDIR /home/builduser/rpmbuild/RPMS/x86_64
RUN sudo yum localinstall -y gtcaca-devel-*.el7.x86_64.rpm
# 2.) FAUP BUILD
WORKDIR /home/builduser/rpmbuild/SPECS
RUN sudo yum-builddep -y faup.spec
RUN rpmbuild -ba faup.spec
# 3.) MISP BUILD - pull down MISP specific SOURCE files
USER builduser
WORKDIR /home/builduser/rpmbuild/SOURCES
RUN for sourcefiles in misp-bash.pp misp-bash.te misp-httpd.pp misp-httpd.te misp-policy.pp misp-policy.te misp-ps.pp misp-ps.te misp-workers.service; do wget https://raw.githubusercontent.com/MISP/MISP-RPM/rhel79/SOURCES/$sourcefiles; done
WORKDIR /home/builduser
# Unfortunately the "%{_topdir}/.." bit in the misp.spec file does not resolve correctly at this stage, so here's a dirty hack to s/%{_topdir}\/..\///
RUN cat /home/builduser/rpmbuild/SPECS/misp.spec | sed -e 's/%{_topdir}\/..\///' > /tmp/misp_tmp.spec && mv -f /tmp/misp_tmp.spec /home/builduser/rpmbuild/SPECS/misp.spec
RUN rpmbuild -ba /home/builduser/rpmbuild/SPECS/misp.spec
# Tar all RPMs and place them in /tmp for easy cp out of container and test install on Centos7 vm
WORKDIR /home/builduser/rpmbuild/RPMS/x86_64
RUN tar cvpfz misp_centos7_x86_64_rpms.tar.gz *.rpm && mv misp_centos7_x86_64_rpms.tar.gz /tmp/
ENTRYPOINT ["/bin/bash"]
|
