Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ARM container image possible? #65

Closed
WhiteBahamut opened this issue Sep 1, 2020 · 11 comments
Closed

ARM container image possible? #65

WhiteBahamut opened this issue Sep 1, 2020 · 11 comments

Comments

@WhiteBahamut
Copy link
Contributor

Wanted to use it in my RasPi cluster and figured there is only arm linux/amd64. Any chance to get a arm (32 & 64) version?

@mko-x
Copy link
Owner

mko-x commented Sep 3, 2020

ARM is possible of course.

As far as I know, ClamAV supports armhf from arm/v7 and probably arm64/v8.

I'm pretty busy and I have no testing devices at the moment.

There is a guide at ARM on how to create multiarch images:
https://community.arm.com/developer/tools-software/tools/b/tools-software-ides-blog/posts/getting-started-with-docker-on-arm

It seems that it is not yet possible to have it built automatically in docker hub. It has to be built locally and pushed to registry from my machine.

I will give buildx a try if I have time.

@WhiteBahamut
Copy link
Contributor Author

If I understood https://www.trion.de/news/2019/10/14/docker-multi-arch-dockerhub.html correctly, dockerhub should be able to run mutliarch builds. never tried it myself. Just built your compose on my pi and uploaded to dockerhub. So building on ClamAV on arm works :)

@mko-x
Copy link
Owner

mko-x commented Sep 5, 2020

This seems possible to me - but it seems to be some work as well.

I do not have the time now. But you could provide manifests and I will try it (:

@WhiteBahamut
Copy link
Contributor Author

Just seen there might be an easy way -> https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
I will try it out and let you know. Still you would need to setup the github action

@WhiteBahamut
Copy link
Contributor Author

So was unable to setuo buildx on my machine... so I sticked with qemu. I sticked to https://www.trion.de/news/2019/10/14/docker-multi-arch-dockerhub.html.
What you need to do build:

  1. add GitHub hooks/pre_build to execute
#!/bin/bash
docker run --rm --privileged multiarch/qemu-user-static:register --reset

this will make sure the binfmt can be mounted.
2. add DockerHub builds for mkodockx/docker-clamav:buster-slim-amd64, mkodockx/docker-clamav:buster-slim-arm32v7, mkodockx/docker-clamav:buster-slim-arm64v8
3. add GitHub hook hooks/post_push to execute

#!/bin/bash
curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.9.0/manifest-tool-linux-amd64
chmod +x manifest-tool

./manifest-tool push from-spec multi-arch-manifest.yaml

here the docker files and manifest

  • Dockerfile.arm32v7
FROM alpine AS qemu

#QEMU Download
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1

FROM arm32v7/debian:buster-slim as release

# copy qmeu
COPY --from=qemu qemu-arm-static /usr/bin

LABEL maintainer="Markus Kosmal <code@m-ko.de>"

# Debian Base to use
ENV DEBIAN_VERSION buster

# initial install of av daemon
RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-free" > /etc/apt/sources.list && \
    echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION-updates main contrib non-free" >> /etc/apt/sources.list && \
    echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib non-free" >> /etc/apt/sources.list && \
    apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y -qq \
        clamav-daemon \
        clamav-freshclam \
        libclamunrar9 \
        ca-certificates \
        netcat-openbsd \
        wget && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# initial update of av databases
RUN wget -O /var/lib/clamav/main.cvd http://database.clamav.net/main.cvd && \
    wget -O /var/lib/clamav/daily.cvd http://database.clamav.net/daily.cvd && \
    wget -O /var/lib/clamav/bytecode.cvd http://database.clamav.net/bytecode.cvd && \
    chown clamav:clamav /var/lib/clamav/*.cvd

# permission juggling
RUN mkdir /var/run/clamav && \
    chown clamav:clamav /var/run/clamav && \
    chmod 750 /var/run/clamav

# av configuration update
RUN sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf && \
    echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    if [ -n "$HTTPProxyServer" ]; then echo "HTTPProxyServer $HTTPProxyServer" >> /etc/clamav/freshclam.conf; fi && \
    if [ -n "$HTTPProxyPort"   ]; then echo "HTTPProxyPort $HTTPProxyPort" >> /etc/clamav/freshclam.conf; fi && \
    sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf

# env based configs - will be called by bootstrap.sh
COPY envconfig.sh /

COPY check.sh /

# volume provision
VOLUME ["/var/lib/clamav"]

# port provision
EXPOSE 3310

# av daemon bootstrapping
COPY bootstrap.sh /
CMD ["/bootstrap.sh"]

HEALTHCHECK --start-period=500s CMD /check.sh`
  • Dockerfile.arm64v8
FROM alpine AS qemu

#QEMU Download
ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-aarch64.tar.gz
RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1

FROM arm64v8/debian:buster-slim as release

# copy qmeu
COPY --from=qemu qemu-aarch64-static /usr/bin

LABEL maintainer="Markus Kosmal <code@m-ko.de>"

# Debian Base to use
ENV DEBIAN_VERSION buster

# initial install of av daemon
RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-free" > /etc/apt/sources.list && \
    echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION-updates main contrib non-free" >> /etc/apt/sources.list && \
    echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib non-free" >> /etc/apt/sources.list && \
    apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y -qq \
        clamav-daemon \
        clamav-freshclam \
        libclamunrar9 \
        ca-certificates \
        netcat-openbsd \
        wget && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# initial update of av databases
RUN wget -O /var/lib/clamav/main.cvd http://database.clamav.net/main.cvd && \
    wget -O /var/lib/clamav/daily.cvd http://database.clamav.net/daily.cvd && \
    wget -O /var/lib/clamav/bytecode.cvd http://database.clamav.net/bytecode.cvd && \
    chown clamav:clamav /var/lib/clamav/*.cvd

# permission juggling
RUN mkdir /var/run/clamav && \
    chown clamav:clamav /var/run/clamav && \
    chmod 750 /var/run/clamav

# av configuration update
RUN sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf && \
    echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
    if [ -n "$HTTPProxyServer" ]; then echo "HTTPProxyServer $HTTPProxyServer" >> /etc/clamav/freshclam.conf; fi && \
    if [ -n "$HTTPProxyPort"   ]; then echo "HTTPProxyPort $HTTPProxyPort" >> /etc/clamav/freshclam.conf; fi && \
    sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf

# env based configs - will be called by bootstrap.sh
COPY envconfig.sh /

COPY check.sh /

# volume provision
VOLUME ["/var/lib/clamav"]

# port provision
EXPOSE 3310

# av daemon bootstrapping
COPY bootstrap.sh /
CMD ["/bootstrap.sh"]

HEALTHCHECK --start-period=500s CMD /check.sh
  • manifest:
image: mkodockx/docker-clamav::buster-slim
manifests:
  - image: mkodockx/docker-clamav:buster-slim-amd64
    platform:
      architecture: amd64
      os: linux
  - image: mkodockx/docker-clamav:buster-slim-arm64v8
    platform:
      architecture: arm64
      os: linux
      variant: v8
  - image: mkodockx/docker-clamav:buster-slim-arm32v7
    platform:
      architecture: arm
      os: linux
      variant: v7

you migh need to extend this for the alpine images (which you could put the the master, just as Dockerfile.alpineXYZ)

@mko-x
Copy link
Owner

mko-x commented Sep 10, 2020

Thank you very much for your work. I will integrate that in my next spare time.

It's not that simple with putting all Dockerfiles to master because there are different types of configuration necessary.

@WhiteBahamut
Copy link
Contributor Author

If you want I can give it a shot and reorganize it a bit. From what I see it can be put all to master. Would open a new issue for that and could also start a PR or fork so you can have a look

@mko-x
Copy link
Owner

mko-x commented Sep 12, 2020

I really appreciate your help and if you would be able to reorganize it, so this image would support multiple architectures out of the box, I would be very happy (: 👍

I will help you where necessary and merge it then.

PR would be great as it makes the integration easier.

@mko-x
Copy link
Owner

mko-x commented Sep 12, 2020

If you open a new issue, you could probably close this one by reference.

@WhiteBahamut
Copy link
Contributor Author

kk will do so. might take a couple of days till I start and then I will create a new issue and close this one

@WhiteBahamut
Copy link
Contributor Author

close in favour of #67

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants