update agent Dockerfile (#2144)

deepfence · May 13, 2024 · b13b864 · b13b864
1 parent fa43d74
commit b13b864
Showing 1 changed file with 50 additions and 13 deletions.
diff --git a/deepfence_agent/Dockerfile b/deepfence_agent/Dockerfile
@@ -1,15 +1,12 @@
 ARG DF_IMG_TAG=latest
 ARG IMAGE_REPOSITORY=deepfenceio
-ARG VECTORSCAN_IMG_TAG=latest
-ARG VECTORSCAN_IMAGE_REPOSITORY=deepfenceio
 
 FROM $IMAGE_REPOSITORY/deepfence_secret_scanner_ce:$DF_IMG_TAG AS secret_build
 FROM $IMAGE_REPOSITORY/deepfence_package_scanner_ce:$DF_IMG_TAG AS package_build
 FROM $IMAGE_REPOSITORY/deepfence_malware_scanner_ce:$DF_IMG_TAG AS malware_build
 FROM $IMAGE_REPOSITORY/deepfence_compliance_scanner_ce:$DF_IMG_TAG AS compliance_build
-FROM $VECTORSCAN_IMAGE_REPOSITORY/deepfence_vectorscan_build:$VECTORSCAN_IMG_TAG AS vectorscan
 
-FROM debian:bullseye-slim
+FROM debian:12-slim
 
 MAINTAINER Deepfence Inc
 LABEL deepfence.role=system
@@ -27,14 +24,60 @@ ENV CHECKPOINT_DISABLE=true \
 RUN export LD_LIBRARY_PATH="/usr/local/lib:$LD_LIBRARY_PATH" \
     && mkdir -p /usr/share/man/man1 /usr/share/man/man2 /usr/share/man/man3 /usr/share/man/man4 /usr/share/man/man5 /usr/share/man/man6 /usr/share/man/man7 /usr/share/man/man8 \
     && echo "Installing some basic stuff"
-RUN apt-get update && apt-get install -y --no-install-recommends libpcap0.8 gettext ca-certificates supervisor logrotate util-linux dnsutils net-tools cgroup-tools libcgroup1 libcap2 libaudit1 conntrack runit auditd apparmor gzip lsof file curl zip at gnupg  unzip procps cron sudo bzip2 libssl1.1 libevent-2.1-7 libevent-openssl-2.1-7 libevent-pthreads-2.1-7 libnet1 gnupg2 libfile-mimeinfo-perl libjansson4 libmagic1 wget bash python3-pip
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    libpcap0.8 \
+    gettext \
+    ca-certificates \
+    supervisor \
+    logrotate \
+    util-linux \
+    dnsutils \
+    net-tools \
+    cgroup-tools \
+    libcap2 \
+    libaudit1 \
+    conntrack \
+    runit \
+    auditd \
+    apparmor \
+    gzip \
+    lsof \
+    file \
+    curl \
+    zip \
+    at \
+    gnupg \
+    unzip \
+    procps \
+    cron \
+    sudo \
+    bzip2 \
+    libssl3 \
+    libevent-2.1-7 \
+    libevent-openssl-2.1-7 \
+    libevent-pthreads-2.1-7 \
+    libnet1 \
+    gnupg2 \
+    libfile-mimeinfo-perl \
+    libjansson4 \
+    libmagic1 \
+    wget \
+    bash \
+    python3-pip \
+    libvectorscan5 \
+    skopeo \
+    podman && \
+    apt-get clean && \
+    apt-get -y autoremove && \
+    rm -rf /var/lib/apt/lists/*
 
 ARG TARGETARCH
 
 RUN <<EOF
 set -eux
 
-apt-get -y --allow-unauthenticated install skopeo podman
 if [ "$TARGETARCH" = "arm64" ]; then
     ARCHITECTURE="aarch64"
 elif [ "$TARGETARCH" = "amd64" ]; then
@@ -54,9 +97,6 @@ mkdir /usr/local/bin/compliance_check && mkdir /usr/local/discovery
 
 EOF
 
-COPY --from=vectorscan /vectorscan.tar.bz2 /
-RUN tar -xjf /vectorscan.tar.bz2 -C / && rm /vectorscan.tar.bz2
-
 COPY tools/apache/deepfence/df-utils/get_cloud_instance_id/getCloudInstanceId /usr/local/bin/getCloudInstanceId
 COPY etc/fenced_logrotate.conf /etc/logrotate.d/fenced_logrotate.conf
 COPY etc/certs/* /etc/filebeat/
@@ -84,14 +124,11 @@ COPY --from=malware_build /home/deepfence/usr/config.yaml /home/deepfence/bin/ya
 COPY --from=compliance_build /usr/bin/compliance /usr/local/bin/compliance_check/compliance
 COPY --from=compliance_build /usr/bin/compliance /home/deepfence/bin/compliance
 
-RUN apt-get update --allow-insecure-repositories
-RUN apt-get -qq -y --no-install-recommends install libjansson4 libssl1.1 libmagic1 bash curl python3-pip \
-    && chmod 700 /usr/local/bin/getCloudInstanceId \
+RUN chmod 700 /usr/local/bin/getCloudInstanceId \
     && chmod 700 /usr/local/discovery/deepfence-discovery /home/deepfence/run_discovery.sh \
     && chmod +x /home/deepfence/*.sh \
     && cd /tmp \
     && chmod +x /usr/local/bin/start_agent
-RUN apt-get clean && apt-get -y autoremove && rm -rf /var/lib/apt/lists/*
 
 RUN <<EOF
 set -eux