EF: build with debian supported

OWASP · Dec 14, 2019 · 9144ee8 · 9144ee8
1 parent f602c0c
commit 9144ee8
Showing 1 changed file with 50 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -9,7 +9,7 @@
 #?
 #?          OSAFT_VM_FROM
 #?              Base image to be used for this build. Tested images are:
-#?                  (2017) alpine:3.6  alpine:edge  debian:stretch-slim  debian
+#?                  (2017) alpine:3.6  alpine:edge  debian:stretch-slim debian
 #?                  (2018) alpine:3.8  debian
 #?                  (2019) alpine:3.10 debian:10.2-slim
 #?
@@ -90,7 +90,7 @@
 #?              PATH for shell, set to:
 #?                  ${OSAFT_DIR}:${OSAFT_DIR}/contrib:${OPENSSL_DIR}/bin:$PATH
 #?          WORK_DIR
-#?              Directory where to build the packages (used for Dockerfile's
+#?              Directory where to build the packages  (used for  Dockerfile's
 #?              WORKDIR  dierective.
 #?
 #? EXAMPLES
@@ -103,6 +103,11 @@
 #?                  --build-arg "OSAFT_VM_FROM=alpine:3.8" \ 
 #?                  -f Dockerfile -t owasp/o-saft .
 #?
+#?      Simple build with base image debian:10.2-slim
+#?          docker build --force-rm --rm \ 
+#?                  --build-arg "OSAFT_VM_FROM=debian:10.2-slim" \ 
+#?                  -f Dockerfile -t owasp/o-saft .
+#?
 #?      Build with base image alpine:3.6 and Tcl/Tk
 #?          docker build --force-rm --rm \ 
 #?                  --build-arg "OSAFT_VM_FROM=alpine:3.6" \ 
@@ -123,6 +128,9 @@
 #?      Note that  o-saft-docker  searches for a Docker image  owasp/o-saft
 #?      so don't forget to tag at least one image with this name.
 #?
+# HACKER's Info
+#       Note that the base package alpine uses busybox as shell. This shell is
+#       very picky, in particular for the expr command.
 
 ARG     OSAFT_VM_FROM=alpine:3.10
 
@@ -159,7 +167,7 @@ LABEL \
 	SOURCE0="https://github.com/OWASP/O-Saft/raw/master/Dockerfile" \
 	SOURCE1="$OSAFT_VM_SRC_OSAFT" \
 	SOURCE2="$OSAFT_VM_SRC_OPENSSL" \
-	SID="@(#) Dockerfile 1.34 19/12/14 22:34:10" \
+	SID="@(#) Dockerfile 1.35 19/12/15 00:08:51" \
 	AUTHOR="Achim Hoffmann"	
 
 ENV     osaft_vm_build  "Dockerfile $OSAFT_VERSION; FROM $OSAFT_VM_FROM"
@@ -176,34 +184,63 @@ WORKDIR	$WORK_DIR
 
 RUN \
 	#== Configure user
-	if expr "$OSAFT_VM_FROM" : debian >/dev/null ; then \
+	if expr "X$OSAFT_VM_FROM" : Xdebian >/dev/null ; then \
 	    adduser --quiet --home ${OSAFT_DIR} ${OSAFT_VM_USER} ; \
 	    passwd  --delete ${OSAFT_VM_USER} ; \
 	else \
 	    adduser -D -h ${OSAFT_DIR} ${OSAFT_VM_USER} ; \
 	fi && \
 	mkdir -p ${OSAFT_DIR}			&& \
 	\
+	#== Configure apk (alpine) or apt (debian); default: apk
+	apt_exe=apk && \
+	apt_add=add && \
+	apt_del=del && \
+	opt_add=--no-cache && \
+	opt_del=--purge	\
+	packages_make="gcc make musl-dev linux-headers perl-dev" && \
+	packages="wget ncurses $OSAFT_VM_APT_INSTALL \
+		$packages_make \
+		krb5-dev zlib-dev perl perl-readonly \
+		ca-certificates" && \
+	packages_dev="gmp-dev lksctp-tools-dev" && \
+	packages_perl="perl-net-dns perl-net-libidn perl-mozilla-ca" && \
+	if expr "X$OSAFT_VM_FROM" : Xdebian >/dev/null ; then \
+	   apt_exe=apt-get	; \
+	   apt_add=install	; \
+	   apt_del=purge	; \
+	   opt_add=--yes	; \
+	   opt_del=--yes	; \
+# fehltnoch: perl-dev
+	   packages_make="gcc make linux-headers-amd64" ; \
+		# ncurses-base ncurses-bin  already part of debian
+	   packages="wget $packages_make libkrb5-3 libkrb5-dev zlib1g-dev perl ca-certificates" ; \
+	   packages_dev="libgmp-dev lksctp-tools libsctp-dev" ; \
+	   packages_perl="libnet-dns-perl libnet-libidn-perl" ; \
+	fi && \
+	# perl-io-socket-ssl perl-net-ssleay build herein
+	\
 	#== Install required packages, development tools and libs
 	#apk update && \   # no update needed and not wanted
-	apk add --no-cache wget ncurses $OSAFT_VM_APT_INSTALL \
-		gcc make musl-dev linux-headers \
-		krb5-dev zlib-dev perl perl-readonly perl-dev \
-		ca-certificates			&& \
-		# perl-io-socket-ssl perl-net-ssleay
+	if expr "X$OSAFT_VM_FROM" : Xdebian >/dev/null ; then \
+	    $apt_exe update ; \
+	fi && \
+	$apt_exe $apt_add $opt_add $packages	&& \
 	\
 	#== Workaround for docker/alpine (bug or race condition)
 	#   in some alpine versions, resolving a hostname fails, see
 	#   https://forums.docker.com/t/resolved-service-name-resolution-broken-on-alpine-and-docker-1-11-1-cs1/19307/23
 	#   as workaround we try to prefetch the name resolution;
 	#   however, it is not bullet proof either ...
 	workaround_alpine_bug() { \
+	    expr "X$OSAFT_VM_FROM" : Xdebian >/dev/null && return ; \
 	    for host in github.com codeload.github.com cpan.metacpan.org search.cpan.org cpan.metacpan.org ; do \
 	        echo -n "resolving $host ... " && ping -c 1 $host > /dev/null && echo SUCCESS || echo FAILDED ; \
 	    done; } && \
+	\
 	#== Pull, build and install enhanced openssl
 	workaround_alpine_bug			&& \
-	apk add --no-cache gmp-dev lksctp-tools-dev	&& \
+	$apt_exe $apt_add $opt_add $packages_dev && \
 	cd    $WORK_DIR				&& \
 	mkdir -p $BUILD_DIR ${OPENSSL_DIR}	&& \
 	wget --no-check-certificate $OSAFT_VM_SRC_OPENSSL -O $OSAFT_VM_TAR_OPENSSL && \
@@ -262,7 +299,7 @@ RUN \
 	echo -n "# number of ciphers ${OPENSSL_DIR}/bin/openssl: " && \
 	${OPENSSL_DIR}/bin/openssl ciphers -V ALL:COMPLEMENTOFALL:aNULL|wc -l && \
 	# cleanup
-	apk  del --purge gmp-dev lksctp-tools-dev && \
+	$apt_exe $apt_del $opt_del $packages_dev && \
 	cd    $WORK_DIR				&& \
 	rm   -rf $BUILD_DIR $OSAFT_VM_TAR_OPENSSL && \
 	\
@@ -277,7 +314,7 @@ RUN \
 	\
 	tar   -xzf $OSAFT_VM_TAR_SSLEAY -C $BUILD_DIR --strip-components=1	&& \
 	# install additional packages for Net-SSLeay ...
-	apk add --no-cache perl-net-dns perl-net-libidn perl-mozilla-ca		&& \
+	$apt_exe $apt_add $opt_add $packages_perl && \
 	cd    $BUILD_DIR			&& \
 	perl -i.orig -pe 'if (m/^#define\s*REM_AUTOMATICALLY_GENERATED_1_09/){print "const SSL_METHOD * SSLv2_method()\n\nconst SSL_METHOD * SSLv3_method()\n\n";}' SSLeay.xs	&& \
 		# quick&dirty patch, results in warning, which can be ignored
@@ -310,8 +347,6 @@ RUN \
 	#== Pull and install O-Saft
 	workaround_alpine_bug			&& \
 	cd    $WORK_DIR				&& \
-	mkdir -p ${OSAFT_DIR}			&& \
-	\
 	wget --no-check-certificate $OSAFT_VM_SRC_OSAFT -O $OSAFT_VM_TAR_OSAFT	&& \
 	# check sha256 if there is one
 	[ -n "$OSAFT_VM_SHA_OSAFT" ]		&& \
@@ -335,7 +370,7 @@ RUN \
 	rm    -f  ${OSAFT_VM_TAR_OSAFT}			&& \
 	\
 	#== Cleanup
-	apk del --purge gcc make musl-dev linux-headers perl-dev
+	$apt_exe $apt_del $opt_del $packages_make
 	    # do not delete  krb5-dev zlib-dev  because we need
 	    #  libkrb5.so.3, libk5crypto.so.3 and libz.so to run openssl