Merge pull request #1540 from p-l-/enh-docker

Docker: reduce image sizes using "builder" images
ivre · Jun 21, 2023 · dec677d · dec677d
2 parents 1c90dc9 + 7b5fce3
commit dec677d
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 22 deletions.
diff --git a/docker/base-local/Dockerfile b/docker/base-local/Dockerfile
@@ -14,20 +14,33 @@
 # You should have received a copy of the GNU General Public License
 # along with IVRE. If not, see <http://www.gnu.org/licenses/>.
 
+FROM debian:12 AS builder
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install pip then install IVRE
+ADD ivre.tar ./
+RUN apt-get -q update && \
+    apt-get -qy --no-install-recommends install python3-pip && \
+    pip3 install --break-system-packages /ivre
+
+
 FROM debian:12
 LABEL maintainer="Pierre LALET <pierre@droids-corp.org>"
 
 ENV DEBIAN_FRONTEND noninteractive
 
-# Install pip, install IVRE, uninstall pip
-ADD ivre.tar ./
+# Install Python
 RUN apt-get -q update && \
-    apt-get -qy --no-install-recommends install python3 python3-dev python3-pip python3-setuptools && \
-    pip3 install --break-system-packages /ivre && \
-    rm -rf /ivre && \
-    apt-get -qy autoremove python3-dev python3-pip python3-setuptools && \
+    apt-get -qy --no-install-recommends install python3 && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
+COPY --from=builder /usr/local/etc/bash_completion.d/ivre /usr/local/etc/bash_completion.d/ivre
+COPY --from=builder /usr/local/lib/python3.11 /usr/local/lib/python3.11
+COPY --from=builder /usr/local/bin/ivre /usr/local/bin/ivre
+COPY --from=builder /usr/local/share/doc/ivre /usr/local/share/doc/ivre
+COPY --from=builder /usr/local/share/ivre /usr/local/share/ivre
+
 # Fix version
 RUN sed -ri 's#$#-docker#' /usr/local/lib/python*/dist-packages/ivre/VERSION && \
     sed -ri 's#(VERSION = .*)(['\''"])$#\1-docker\2#' /usr/local/lib/python*/dist-packages/ivre/__init__.py

diff --git a/docker/base/Dockerfile b/docker/base/Dockerfile
@@ -21,9 +21,9 @@ ENV DEBIAN_FRONTEND noninteractive
 
 # Install pip, get IVRE, uninstall pip
 RUN apt-get -q update && \
-    apt-get -qy --no-install-recommends install python3 python3-dev python3-pip python3-setuptools git && \
+    apt-get -qy --no-install-recommends install python3 python3-pip git && \
     pip3 install --break-system-packages git+https://github.com/ivre/ivre && \
-    apt-get -qy autoremove python3-dev python3-pip python3-setuptools git && \
+    apt-get -qy --purge autoremove python3-pip git openssl && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Fix version

diff --git a/docker/client/Dockerfile b/docker/client/Dockerfile
@@ -14,6 +14,25 @@
 # You should have received a copy of the GNU General Public License
 # along with IVRE. If not, see <http://www.gnu.org/licenses/>.
 
+ARG TAG=latest
+FROM debian:12 AS builder
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# Extract phantomjs binary
+ADD https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 ./phantomjs-2.1.1-linux-x86_64.tar.bz2
+RUN apt-get -q update && \
+    apt-get -qy --no-install-recommends install bzip2 && \
+    tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 phantomjs-2.1.1-linux-x86_64/bin/phantomjs
+
+# Install Nmap using the official RPM package.
+ADD https://nmap.org/dist/nmap-7.94-1.x86_64.rpm ./nmap.rpm
+RUN apt-get -q update && \
+    apt-get -qy --no-install-recommends install alien && \
+    alien ./nmap.rpm && \
+    dpkg -i ./nmap*.deb
+
+
 ARG TAG=latest
 FROM ivre/base:${TAG}
 LABEL maintainer="Pierre LALET <pierre@droids-corp.org>"
@@ -30,22 +49,16 @@ RUN apt-get -q update && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Install Nmap using the official RPM package.
-ADD https://nmap.org/dist/nmap-7.94-1.x86_64.rpm ./nmap.rpm
-RUN apt-get -q update && \
-    apt-get -qy --no-install-recommends install alien && \
-    alien ./nmap.rpm && \
-    dpkg -i ./nmap*.deb && \
-    rm -f ./nmap.rpm ./nmap*.deb && \
-    apt-get -qy --purge autoremove alien && \
-    apt-get clean && rm -rf /var/lib/apt/lists/*
+COPY --from=builder /usr/bin/nmap /usr/bin/nmap
+COPY --from=builder /usr/share/nmap /usr/share/nmap
 
 # Install Zeek - Debian Testing because Debian_12 does not exist for now
 RUN apt-get -q update && \
-    apt-get -qy --no-install-recommends install gnupg wget && \
+    apt-get -qy --no-install-recommends install gnupg wget ca-certificates && \
     echo 'deb http://download.opensuse.org/repositories/security:/zeek/Debian_Testing/ /' > /etc/apt/sources.list.d/zeek.list && \
     wget -qO - https://download.opensuse.org/repositories/security:zeek/Debian_Testing/Release.key | gpg --dearmor > /etc/apt/trusted.gpg.d/security_zeek.gpg && \
     apt-get -q update && apt-get -qy --no-install-recommends install zeek && \
-    apt-get -qy --purge autoremove gnupg wget && \
+    apt-get -qy --purge autoremove gnupg wget ca-certificates && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Install p0f
@@ -54,10 +67,7 @@ RUN apt-get -q update && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # "Install" phantomjs for our http-screenshot NSE script replacement
-ADD https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 ./phantomjs-2.1.1-linux-x86_64.tar.bz2
-RUN tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2 phantomjs-2.1.1-linux-x86_64/bin/phantomjs && \
-    mv phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin/ && \
-    rm -rf phantomjs-2.1.1-linux-x86_64*
+COPY --from=builder /phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs
 
 # Add our *-screenshot NSE scripts  # /usr/local/share/ivre/patches
 RUN cp /usr/local/share/ivre/patches/nmap/scripts/*.nse /usr/share/nmap/scripts && \