mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-10 20:05:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
crowdsec/Dockerfile.debian

143 lines
5.1 KiB
Text
Raw Permalink Blame History

FROM rust:1.70.0-bullseye AS rust_build
WORKDIR /
RUN apt-get update && \
apt-get install -y -q \
build-essential \
curl \
git \
make
RUN git clone https://github.com/daulet/tokenizers.git /tokenizer && \
cd /tokenizer && \
cargo build --release && \
cp target/release/libtokenizers.a /tokenizer/libtokenizers.a
FROM docker.io/golang:1.24-bookworm AS build
ARG BUILD_VERSION
ARG ONNXRUNTIME_VERSION=1.18.1
WORKDIR /go/src/crowdsec
ENV DEBIAN_FRONTEND=noninteractive
ENV DEBCONF_NOWARNINGS="yes"
# We like to choose the release of re2 to use, the debian version is usually older.
ENV RE2_VERSION=2023-03-01
ENV BUILD_VERSION=${BUILD_VERSION}
# wizard.sh requires GNU coreutils
RUN apt-get update && \
apt-get install -y -q git gcc libc-dev make bash gettext binutils-gold coreutils tzdata && \
wget https://github.com/google/re2/archive/refs/tags/${RE2_VERSION}.tar.gz && \
tar -xzf ${RE2_VERSION}.tar.gz && \
cd re2-${RE2_VERSION} && \
make && \
make install && \
echo "githubciXXXXXXXXXXXXXXXXXXXXXXXX" > /etc/machine-id && \
go install github.com/mikefarah/yq/v4@v4.44.3
COPY . .
COPY --from=rust_build /tokenizer/libtokenizers.a /usr/local/lib/
# INSTALL ONNXRUNTIME
RUN cd /tmp && \
wget -O onnxruntime.tgz https://github.com/microsoft/onnxruntime/releases/download/v${ONNXRUNTIME_VERSION}/onnxruntime-linux-aarch64-${ONNXRUNTIME_VERSION}.tgz && \
tar -C /tmp -xvf onnxruntime.tgz && \
mv onnxruntime-linux-aarch64-${ONNXRUNTIME_VERSION} onnxruntime && \
rm -rf onnxruntime.tgz && \
cp -R onnxruntime/lib/libonnxruntime.so.${ONNXRUNTIME_VERSION} /usr/local/lib && \
cp onnxruntime/include/*.h /usr/local/include && \
rm -rf onnxruntime
RUN ln -s /usr/local/lib/libonnxruntime.so.${ONNXRUNTIME_VERSION} /usr/local/lib/libonnxruntime.so
RUN ls -la /usr/local/include
RUN ls -la /usr/local/lib
RUN ldconfig
# Test if linking works with a simple program
RUN echo "#include <onnxruntime_c_api.h>" > test.c && \
echo "int main() { return 0; }" >> test.c && \
gcc test.c -L/usr/local/lib -lonnxruntime -o test_executable && ./test_executable
RUN make clean release DOCKER_BUILD=1 BUILD_STATIC=0 \
CGO_CFLAGS="-D_LARGEFILE64_SOURCE -I/usr/local/include" \
CGO_CPPFLAGS="-I/usr/local/include" \
CGO_LDFLAGS="-L/usr/local/lib -lstdc++ -lonnxruntime /usr/local/lib/libtokenizers.a -ldl -lm" \
LIBRARY_PATH="/usr/local/lib" \
LD_LIBRARY_PATH="/usr/local/lib" && \
cd crowdsec-v* && \
./wizard.sh --docker-mode && \
cd - >/dev/null && \
cscli hub update --with-content && \
cscli collections install crowdsecurity/linux && \
cscli parsers install crowdsecurity/whitelists
# In case we need to remove agents here..
# cscli machines list -o json | yq '.[].machineId' | xargs -r cscli machines delete
FROM docker.io/debian:bookworm-slim AS slim
ARG ONNXRUNTIME_VERSION=1.18.1
ENV DEBIAN_FRONTEND=noninteractive
ENV DEBCONF_NOWARNINGS="yes"
RUN apt-get update && \
apt-get install -y -q --install-recommends --no-install-suggests \
procps \
systemd \
iproute2 \
ca-certificates \
bash \
tzdata \
rsync && \
mkdir -p /staging/etc/crowdsec && \
mkdir -p /staging/etc/crowdsec/acquis.d && \
mkdir -p /staging/var/lib/crowdsec && \
mkdir -p /var/lib/crowdsec/data
COPY --from=build /go/bin/yq /usr/local/bin/crowdsec /usr/local/bin/cscli /usr/local/bin/
COPY --from=build /etc/crowdsec /staging/etc/crowdsec
COPY --from=build /go/src/crowdsec/docker/docker_start.sh /
COPY --from=build /go/src/crowdsec/docker/config.yaml /staging/etc/crowdsec/config.yaml
# Note Copying this since can't build statically yet
COPY --from=build /usr/local/lib/libonnxruntime.so.${ONNXRUNTIME_VERSION} /usr/lib/libonnxruntime.so.${ONNXRUNTIME_VERSION}
COPY --from=build /usr/local/lib/libtokenizers.a /usr/lib/libtokenizers.a
RUN ln -s /usr/local/lib/libonnxruntime.so.${ONNXRUNTIME_VERSION} /usr/lib/libonnxruntime.so
COPY --from=build /usr/local/lib/libre2.* /usr/lib/
RUN ls -la /usr/lib
RUN yq -n '.url="http://0.0.0.0:8080"' | install -m 0600 /dev/stdin /staging/etc/crowdsec/local_api_credentials.yaml && \
yq eval -i ".plugin_config.group = \"nogroup\"" /staging/etc/crowdsec/config.yaml
ENTRYPOINT ["/bin/bash", "docker_start.sh"]
FROM slim AS plugins
# Due to the wizard using cp -n, we have to copy the config files directly from the source as -n does not exist in busybox cp
# The files are here for reference, as users will need to mount a new version to be actually able to use notifications
COPY --from=build \
/go/src/crowdsec/cmd/notification-email/email.yaml \
/go/src/crowdsec/cmd/notification-http/http.yaml \
/go/src/crowdsec/cmd/notification-slack/slack.yaml \
/go/src/crowdsec/cmd/notification-splunk/splunk.yaml \
/go/src/crowdsec/cmd/notification-sentinel/sentinel.yaml \
/staging/etc/crowdsec/notifications/
COPY --from=build /usr/local/lib/crowdsec/plugins /usr/local/lib/crowdsec/plugins
FROM slim AS geoip
COPY --from=build /var/lib/crowdsec /staging/var/lib/crowdsec
FROM plugins AS full
COPY --from=build /var/lib/crowdsec /staging/var/lib/crowdsec
Reference in a new issue View git blame Copy permalink