diff --git a/Dockerfile b/Dockerfile index a244550..593a24e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,22 +9,24 @@ COPY misp-enable-epel.sh /usr/bin/ RUN set -x && \ echo "tsflags=nodocs" >> /etc/yum.conf && \ dnf update -y --setopt=install_weak_deps=False && \ - dnf install -y python${PYTHON_VERSION} python${PYTHON_VERSION}-pip dnf-plugins-core && \ + dnf install -y python${PYTHON_VERSION} && \ alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 50 && \ - alternatives --install /usr/bin/pip3 pip /usr/bin/pip${PYTHON_VERSION} 50 && \ bash /usr/bin/misp-enable-epel.sh && \ - dnf config-manager --set-enabled crb && \ rm -rf /var/cache/dnf # Build stage that will build required python modules FROM base AS python-build -RUN dnf install -y --setopt=install_weak_deps=False python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-wheel gcc-toolset-14 git-core poppler-cpp-devel && \ +RUN dnf install -y dnf-plugins-core && \ + dnf config-manager --set-enabled crb && \ + dnf install -y --setopt=install_weak_deps=False python${PYTHON_VERSION}-devel python${PYTHON_VERSION}-pip python${PYTHON_VERSION}-wheel gcc-toolset-14 git-core poppler-cpp-devel && \ rm -rf /var/cache/dnf && \ + alternatives --install /usr/bin/pip3 pip /usr/bin/pip${PYTHON_VERSION} 50 && \ curl --proto '=https' --tlsv1.3 -sSL https://install.python-poetry.org | python3 - && \ /root/.local/bin/poetry self add poetry-plugin-export ARG MISP_MODULES_VERSION=main -RUN --mount=type=tmpfs,target=/tmp set -x && \ - source scl_source enable gcc-toolset-14 && \ +ENV POETRY_CACHE_DIR=/tmp/pypoetry/ +RUN --mount=type=tmpfs,target=/tmp source scl_source enable gcc-toolset-14 && \ + set -x && \ mkdir /tmp/source && \ cd /tmp/source && \ git config --system http.sslVersion tlsv1.3 && \ @@ -33,8 +35,11 @@ RUN --mount=type=tmpfs,target=/tmp set -x && \ sed -i "s/^python = .*/python = \"$(python3 -c 'import platform; print(platform.python_version())')\"/" pyproject.toml && \ /root/.local/bin/poetry lock && \ /root/.local/bin/poetry export -E all --without-hashes -f requirements.txt -o requirements.txt && \ - pip3 --no-cache-dir wheel --wheel-dir /wheels -r requirements.txt && \ - pip3 --no-cache-dir wheel --no-deps --wheel-dir /wheels . && \ + pip3 --no-cache-dir wheel --wheel-dir /tmp/wheels -r requirements.txt && \ + pip3 --no-cache-dir wheel --no-deps --wheel-dir /tmp/wheels . && \ + python3 -m venv /misp-modules && \ + source /misp-modules/bin/activate && \ + pip3 --no-cache-dir install /tmp/wheels/* sentry-sdk==2.16.0 && \ echo $COMMIT > /misp-modules-commit # Final image @@ -44,12 +49,11 @@ ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt RUN dnf install -y --setopt=install_weak_deps=False libglvnd-glx poppler-cpp zbar && \ rm -rf /var/cache/dnf && \ useradd --create-home --system --user-group misp-modules -COPY --from=python-build /wheels /wheels +COPY --from=python-build /misp-modules /misp-modules COPY --from=python-build /misp-modules-commit /home/misp-modules/ -USER misp-modules COPY --chmod=755 misp-modules.py /usr/bin/misp-modules -RUN pip3 --no-cache-dir install --no-warn-script-location --user /wheels/* sentry-sdk==2.16.0 && \ - /usr/bin/misp-modules --test +USER misp-modules +RUN /usr/bin/misp-modules --test EXPOSE 6666/tcp CMD ["/usr/bin/misp-modules", "--listen", "0.0.0.0"] diff --git a/misp-modules.py b/misp-modules.py index 40fd6b3..23302b2 100644 --- a/misp-modules.py +++ b/misp-modules.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/misp-modules/bin/python import os import sys from misp_modules.__main__ import main @@ -11,7 +11,7 @@ sentry_sdk.init( dsn=sentry_dsn, - ca_certs="/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS cert bundle + ca_certs="/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # System cert bundle integrations=[TornadoIntegration()] )