Security patch

[osm/devops.git] / docker / POL / Dockerfile

diff --git a/docker/POL/Dockerfile b/docker/POL/Dockerfile
index 6de7c71..92b1ffd 100644 (file)
--- a/docker/POL/Dockerfile
+++ b/docker/POL/Dockerfile
@@ -20,27 +20,46 @@
 # contact: bdiaz@whitestack.com or glavado@whitestack.com
 ##
 
-FROM ubuntu:16.04
+FROM ubuntu:20.04 as INSTALL
 
-LABEL authors="Benjamín Díaz"
+RUN DEBIAN_FRONTEND=noninteractive apt-get --yes update && \
+    DEBIAN_FRONTEND=noninteractive apt-get --yes install \
+    curl=7.68.0-1ubuntu2.5 \
+    gcc=4:9.3.0-1ubuntu2 \
+    python3=3.8.2-0ubuntu2 \
+    python3-setuptools=45.2.0-1 \
+    python3-dev=3.8.2-0ubuntu2 && \
+    python3 -m easy_install pip==21.0.1
 
-RUN apt-get --yes update \
- && apt-get --yes install git python python-pip python3 python3-pip libmysqlclient-dev libssl-dev libffi-dev \
- && apt-get --yes install mysql-client curl software-properties-common \
- && pip3 install pip==9.0.3
+RUN DEBIAN_FRONTEND=noninteractive apt-get --yes install \
+    mysql-client-core-8.0=8.0.25-0ubuntu0.20.04.1
 
-ARG REPOSITORY_BASE=http://osm-download.etsi.org/repository/osm/debian
-ARG RELEASE=ReleaseFOUR-daily
-ARG REPOSITORY_KEY=OSM%20ETSI%20Release%20Key.gpg
-ARG REPOSITORY=testing
+ARG PYTHON3_OSM_COMMON_URL
+ARG PYTHON3_OSM_POLICY_MODULE_URL
 
-RUN curl ${REPOSITORY_BASE}/${RELEASE}/${REPOSITORY_KEY} | apt-key add -
-RUN add-apt-repository -y "deb ${REPOSITORY_BASE}/${RELEASE} ${REPOSITORY} POL common" && apt update
+RUN curl $PYTHON3_OSM_COMMON_URL -o osm_common.deb
+RUN dpkg -i ./osm_common.deb
 
-ARG POL_VERSION
-ARG COMMON_VERSION
+RUN curl $PYTHON3_OSM_POLICY_MODULE_URL -o osm_policy_module.deb
+RUN dpkg -i ./osm_policy_module.deb
 
-RUN apt-get --yes update  && apt-get -y install python3-osm-policy-module${POL_VERSION}
+RUN pip3 install \
+    -r /usr/lib/python3/dist-packages/osm_common/requirements.txt \
+    -r /usr/lib/python3/dist-packages/osm_policy_module/requirements.txt
+
+FROM ubuntu:20.04 as FINAL
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get --yes update && \
+    DEBIAN_FRONTEND=noninteractive apt-get --yes install python3-minimal=3.8.2-0ubuntu2
+
+COPY --from=INSTALL /usr/lib/python3/dist-packages /usr/lib/python3/dist-packages
+COPY --from=INSTALL /usr/local/lib/python3.8/dist-packages  /usr/local/lib/python3.8/dist-packages
+COPY --from=INSTALL /usr/bin/osm* /usr/bin/
+COPY --from=INSTALL /usr/bin/mysql /usr/bin/
+COPY --from=INSTALL /usr/bin/mysqladmin /usr/bin/
+COPY --from=INSTALL /usr/bin/mysqlshow /usr/bin/
+COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/libedit.so.2 /usr/lib/x86_64-linux-gnu/
+COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/libbsd.so.0 /usr/lib/x86_64-linux-gnu/
 
 COPY scripts/ scripts/
 
@@ -55,7 +74,7 @@ ENV OSMPOL_SQL_DATABASE_URI sqlite:///mon_sqlite.db
 
 ENV OSMPOL_GLOBAL_LOG_LEVEL INFO
 
-HEALTHCHECK --interval=5s --timeout=2s --retries=12 \
+HEALTHCHECK --start-period=120s --interval=10s --timeout=5s --retries=5 \
   CMD osm-pol-healthcheck || exit 1
 
 CMD /bin/bash scripts/start.sh