Replace Debian with Ubuntu 2404 LTS

MISP · Jul 16, 2024 · d376f43 · d376f43
1 parent b06bac9
commit d376f43
Show file tree

Hide file tree

Showing 6 changed files with 765 additions and 23 deletions.
diff --git a/core/Dockerfile b/core/Dockerfile
@@ -1,30 +1,38 @@
 ARG DOCKER_HUB_PROXY=""
 
 
-FROM "${DOCKER_HUB_PROXY}python:3.12-slim-bookworm" as php-base
+FROM "${DOCKER_HUB_PROXY}ubuntu:24.04" as php-base
     ENV DEBIAN_FRONTEND noninteractive
+    ENV LC_ALL C.UTF-8
 
     # Uncomment when building in corporate environments
     # COPY ./rootca.crt /usr/local/share/ca-certificates/rootca.pem
     # COPY ./rootca.crt /usr/lib/ssl/cert.pem
 
-    RUN apt-get update; apt-get install -y --no-install-recommends \
-        lsb-release \
+    RUN apt-get update; apt-get upgrade; apt-get install -y --no-install-recommends \
         ca-certificates \
-        curl
-    RUN curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
-    RUN dpkg -i /tmp/debsuryorg-archive-keyring.deb
-    RUN echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
+        && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+
+    COPY files/etc/apt/sources.list.d/ondrej-ubuntu-php-noble.sources /etc/apt/sources.list.d/ondrej-ubuntu-php-noble.sources
+    COPY files/etc/apt/sources.list.d/ondrej-ubuntu-nginx-mainline-noble.sources /etc/apt/sources.list.d/ondrej-ubuntu-nginx-mainline-noble.sources
+
+    # RUN apt-get update; apt-get install -y --no-install-recommends \
+    #    software-properties-common
+    #    # && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+    # RUN add-apt-repository ppa:ondrej/php
+    # RUN add-apt-repository ppa:ondrej/nginx-mainline
     RUN apt-get update
 
 
 FROM php-base as composer-build
     ENV DEBIAN_FRONTEND noninteractive
     ENV COMPOSER_ALLOW_SUPERUSER 1
+    ENV COMPOSER_IPRESOLVE 4
     ARG CORE_TAG
     ARG CORE_COMMIT
 
-    RUN apt-get install -y --no-install-recommends \
+    RUN apt-get update; apt-get install -y --no-install-recommends \
+        ca-certificates \
         php7.4 \
         php7.4-apcu \
         php7.4-curl \
@@ -43,9 +51,16 @@ FROM php-base as composer-build
     WORKDIR /tmp
     ADD https://raw.githubusercontent.com/MISP/MISP/${CORE_COMMIT:-${CORE_TAG}}/app/composer.json /tmp
     COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
-    RUN composer config --no-interaction allow-plugins.composer/installers true
-    RUN composer install
-    RUN composer require --with-all-dependencies --no-interaction \
+
+    RUN cp /usr/bin/composer /composer.phar
+    RUN mkdir /out/
+    RUN php -r '$phar = new Phar("/composer.phar"); $phar->extractTo("/out/");'
+
+    COPY files/CurlDownloader.php /out/src/Composer/Util/Http/CurlDownloader.php
+    RUN php /out/bin/composer config --no-interaction allow-plugins.composer/installers true
+    RUN php /out/bin/composer config --no-interaction secure-http false
+    RUN php /out/bin/composer install
+    RUN php /out/bin/composer require --with-all-dependencies --no-interaction \
         supervisorphp/supervisor:^4.0 \
         guzzlehttp/guzzle \
         lstrojny/fxmlrpc \
@@ -76,8 +91,6 @@ FROM php-base as php-build
         php-pear \
         && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
-    RUN apt-cache search pecl
-
     RUN update-alternatives --set php /usr/bin/php7.4
     RUN update-alternatives --set php-config /usr/bin/php-config7.4
     RUN update-alternatives --set phpize /usr/bin/phpize7.4
@@ -108,6 +121,7 @@ FROM php-base as python-build
 
     RUN apt-get install -y --no-install-recommends \
         git \
+        python3-pip \
         && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
     # Download MISP using git in the /var/www/ directory. Remove unnecessary items.
@@ -180,6 +194,7 @@ FROM php-base
         gpg-agent \
         mariadb-client \
         rsync \
+        python3-pip \
         # PHP Requirements
         php7.4 \
         php7.4-apcu \
@@ -198,7 +213,7 @@ FROM php-base
         libldap-common \
         librdkafka1 \
         libbrotli1 \
-        libsimdjson14 \
+        libsimdjson19 \
         libzstd1 \
         ssdeep \
         libfuzzy2 \
@@ -212,7 +227,7 @@ FROM php-base
 
     # Install python modules
     COPY --from=python-build /wheels /wheels
-    RUN pip install --no-cache-dir /wheels/*.whl && rm -rf /wheels
+    RUN pip install --break-system-packages --no-cache-dir /wheels/*.whl && rm -rf /wheels
 
     # PHP: install prebuilt libraries, then install the app's PHP deps
     COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/zstd.so", "/usr/lib/php/${PHP_VER}/"]