NUKIB · ondj · May 17, 2025 · Oct 15, 2024 · Oct 15, 2024 · Nov 20, 2024
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -25,15 +25,15 @@ jobs:
       uses: docker/setup-buildx-action@v3
     -
       name: Cache Docker layers
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: /tmp/.buildx-cache
         key: ${{ runner.os }}-buildx-${{ github.sha }}
         restore-keys: |
           ${{ runner.os }}-buildx-
     -
       name: Build and export to Docker
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
       with:
         context: .
         load: true
@@ -49,7 +49,7 @@ jobs:
         docker stop misp-modules
     -
       name: Build Docker for linux/arm64
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
       with:
         context: .
         platforms: linux/arm64
@@ -83,7 +83,7 @@ jobs:
     -
       name: Build and push
       if: github.event_name != 'pull_request'
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
       with:
         context: .
         platforms: linux/amd64,linux/arm64

diff --git a/Dockerfile b/Dockerfile
@@ -1,30 +1,39 @@
-# Base image with python3.11 and enabled powertools and epel repo
-ARG BASE_IMAGE=almalinux:8
-FROM $BASE_IMAGE AS base
+ARG BASE_IMAGE=almalinux:9
+ARG PYTHON_VERSION=3.12
 
+# Base image with python3.12 and enabled powertools and epel repo
+FROM $BASE_IMAGE AS base
+ARG PYTHON_VERSION
+ENV PYTHON_VERSION=$PYTHON_VERSION
 COPY misp-enable-epel.sh /usr/bin/
 RUN set -x && \
     echo "tsflags=nodocs" >> /etc/yum.conf && \
     dnf update -y --setopt=install_weak_deps=False && \
-    dnf install -y python3.11 python3.11-pip dnf-plugins-core && \
-    alternatives --set python3 /usr/bin/python3.11 && \
+    dnf install -y python${PYTHON_VERSION} python${PYTHON_VERSION}-pip dnf-plugins-core && \
+    alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 50 && \
+    alternatives --install /usr/bin/pip3 pip /usr/bin/pip${PYTHON_VERSION} 50 && \
     bash /usr/bin/misp-enable-epel.sh && \
-    dnf config-manager --set-enabled powertools && \
+    dnf config-manager --set-enabled crb && \
     rm -rf /var/cache/dnf
 
 # Build stage that will build required python modules
 FROM base AS python-build
-RUN dnf install -y --setopt=install_weak_deps=False python3.11-devel python3.11-wheel gcc gcc-c++ git-core poppler-cpp-devel && \
-    rm -rf /var/cache/dnf
+RUN dnf install -y --setopt=install_weak_deps=False python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-wheel gcc-toolset-14 git-core poppler-cpp-devel && \
+    rm -rf /var/cache/dnf && \
+    curl -sSL https://install.python-poetry.org | python3 -
 ARG MISP_MODULES_VERSION=main
 RUN --mount=type=tmpfs,target=/tmp set -x && \
+    source scl_source enable gcc-toolset-14 && \
     mkdir /tmp/source && \
     cd /tmp/source && \
     git config --system http.sslVersion tlsv1.3 && \
     COMMIT=$(git ls-remote https://github.com/MISP/misp-modules.git $MISP_MODULES_VERSION | cut -f1) && \
     curl --proto '=https' --tlsv1.3 --fail -sSL https://github.com/MISP/misp-modules/archive/$COMMIT.tar.gz | tar zx --strip-components=1 && \
-    pip3 --version && \
-    pip3 --no-cache-dir wheel --wheel-dir /wheels -r REQUIREMENTS && \
+    sed -i "s/^python = .*/python = \"$(python3 -c 'import platform; print(platform.python_version())')\"/" pyproject.toml && \
+    /root/.local/bin/poetry lock && \
+    /root/.local/bin/poetry export --with unstable --without-hashes -f requirements.txt -o requirements.txt && \
+    pip3 --no-cache-dir wheel --wheel-dir /wheels -r requirements.txt && \
+    pip3 --no-cache-dir wheel --wheel-dir /wheels . && \
     echo $COMMIT > /misp-modules-commit
 
 # Final image
@@ -37,10 +46,10 @@ RUN dnf install -y --setopt=install_weak_deps=False libglvnd-glx poppler-cpp zba
 COPY --from=python-build /wheels /wheels
 COPY --from=python-build /misp-modules-commit /home/misp-modules/
 USER misp-modules
-RUN pip3 --no-cache-dir install --no-warn-script-location --user /wheels/* sentry-sdk==1.5.1 orjson && \
-    echo "__all__ = ['cache', 'sentry']" > /home/misp-modules/.local/lib/python3.11/site-packages/misp_modules/helpers/__init__.py && \
+RUN pip3 --no-cache-dir install --no-warn-script-location --user /wheels/* sentry-sdk==2.16.0 orjson && \
+    echo "__all__ = ['cache', 'sentry']" > /home/misp-modules/.local/lib/python${PYTHON_VERSION}/site-packages/misp_modules/helpers/__init__.py && \
     chmod -R u-w /home/misp-modules/.local/
-COPY sentry.py /home/misp-modules/.local/lib/python3.11/site-packages/misp_modules/helpers/
+COPY sentry.py /home/misp-modules/.local/lib/python${PYTHON_VERSION}/site-packages/misp_modules/helpers/
 
 EXPOSE 6666/tcp
 CMD ["/home/misp-modules/.local/bin/misp-modules", "-l", "0.0.0.0"]

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # MISP Modules
 
-Container image for [MISP modules](https://github.com/MISP/misp-modules) based on AlmaLinux 8.
+Container image for [MISP modules](https://github.com/MISP/misp-modules) based on AlmaLinux 9.
 
 This image is intended to use with [MISP](https://github.com/MISP/misp) image.
 

diff --git a/misp-enable-epel.sh b/misp-enable-epel.sh
@@ -18,36 +18,37 @@ name=Extra Packages for Enterprise Linux $releasever - $basearch
 metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
 enabled=1
 gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
 EOL
 
-cat >/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 <<'EOL'
+cat >/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 <<'EOL'
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQINBFz3zvsBEADJOIIWllGudxnpvJnkxQz2CtoWI7godVnoclrdl83kVjqSQp+2
-dgxuG5mUiADUfYHaRQzxKw8efuQnwxzU9kZ70ngCxtmbQWGmUmfSThiapOz00018
-+eo5MFabd2vdiGo1y+51m2sRDpN8qdCaqXko65cyMuLXrojJHIuvRA/x7iqOrRfy
-a8x3OxC4PEgl5pgDnP8pVK0lLYncDEQCN76D9ubhZQWhISF/zJI+e806V71hzfyL
-/Mt3mQm/li+lRKU25Usk9dWaf4NH/wZHMIPAkVJ4uD4H/uS49wqWnyiTYGT7hUbi
-ecF7crhLCmlRzvJR8mkRP6/4T/F3tNDPWZeDNEDVFUkTFHNU6/h2+O398MNY/fOh
-yKaNK3nnE0g6QJ1dOH31lXHARlpFOtWt3VmZU0JnWLeYdvap4Eff9qTWZJhI7Cq0
-Wm8DgLUpXgNlkmquvE7P2W5EAr2E5AqKQoDbfw/GiWdRvHWKeNGMRLnGI3QuoX3U
-pAlXD7v13VdZxNydvpeypbf/AfRyrHRKhkUj3cU1pYkM3DNZE77C5JUe6/0nxbt4
-ETUZBTgLgYJGP8c7PbkVnO6I/KgL1jw+7MW6Az8Ox+RXZLyGMVmbW/TMc8haJfKL
-MoUo3TVk8nPiUhoOC0/kI7j9ilFrBxBU5dUtF4ITAWc8xnG6jJs/IsvRpQARAQAB
-tChGZWRvcmEgRVBFTCAoOCkgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
-AgAiBQJc9877AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAh6kWrL4bW
-oWagD/4xnLWws34GByVDQkjprk0fX7Iyhpm/U7BsIHKspHLL+Y46vAAGY/9vMvdE
-0fcr9Ek2Zp7zE1RWmSCzzzUgTG6BFoTG1H4Fho/7Z8BXK/jybowXSZfqXnTOfhSF
-alwDdwlSJvfYNV9MbyvbxN8qZRU1z7PEWZrIzFDDToFRk0R71zHpnPTNIJ5/YXTw
-NqU9OxII8hMQj4ufF11040AJQZ7br3rzerlyBOB+Jd1zSPVrAPpeMyJppWFHSDAI
-WK6x+am13VIInXtqB/Cz4GBHLFK5d2/IYspVw47Solj8jiFEtnAq6+1Aq5WH3iB4
-bE2e6z00DSF93frwOyWN7WmPIoc2QsNRJhgfJC+isGQAwwq8xAbHEBeuyMG8GZjz
-xohg0H4bOSEujVLTjH1xbAG4DnhWO/1VXLX+LXELycO8ZQTcjj/4AQKuo4wvMPrv
-9A169oETG+VwQlNd74VBPGCvhnzwGXNbTK/KH1+WRH0YSb+41flB3NKhMSU6dGI0
-SGtIxDSHhVVNmx2/6XiT9U/znrZsG5Kw8nIbbFz+9MGUUWgJMsd1Zl9R8gz7V9fp
-n7L7y5LhJ8HOCMsY/Z7/7HUs+t/A1MI4g7Q5g5UuSZdgi0zxukiWuCkLeAiAP4y7
-zKK4OjJ644NDcWCHa36znwVmkz3ixL8Q0auR15Oqq2BjR/fyog==
-=84m8
+mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp
+CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6
+2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW
+DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu
+n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z
+39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy
+XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK
+44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS
+9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH
+DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq
+uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB
+tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI
+ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF
+3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC
+nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n
+R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG
+4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe
+CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL
+9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7
+w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT
+/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd
+fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE
+r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux
+VL469Kj5m13T6w==
+=Mjs/
 -----END PGP PUBLIC KEY BLOCK-----
 EOL