I would like to know what are the alternatives to using curl ... | bash ... to upgrade a package to a given version in a Dockerfile. It has been found that someone placed a backdoor in Codecov Bash Uploader, which would allow an attacker to export info from a target's CI environment. I am on RHEL 8 and for the moment, my Dockerfile uses something like:
RUN curl -sL <script-url> | bash - && \
yum remove -y <package> && \
yum install -y <package> && \
...
Related
How would I check to see if a package has not been installed, in the .ebextensions folder of an Elastic Beanstalk setup? What I want to do is similar to this command, but I only want to run the command if the package does not exist, rather than if it exists.
commands:
install_package:
test: rpm -qa | grep -c example_package
command: yum install -y example_package.rpm
So in pseudocode, this is what I am after:
commands:
install_package:
test: not(rpm -qa | grep -c example_package)
command: yum install -y example_package.rpm
Update: I have gotten this to work without the test parameter, using a double pipe in the command itself instead, but it isn't as neat as I'd like; I'd rather use the test parameter instead to make it more explicit:
commands:
install_package:
command: rpm -qa | grep -c example_package || { yum install -y example_package.rpm; }
Basically I am going to have a whole bunch of ubuntu containers that are going to have ossec agent installed that will communicate with a main server. I want to automate the installation so using the docker RUN variable in the dockerfile I wrote a script that downloads the ossec tar file, unpacks it, cds into directory and runs the install script while passing arguments to each question of the installation phase:
Dockerfile:
From ubuntu
RUN apt-get update && apt-get install -y \
build-essential \
libmysqlclient-dev \
postgresql-common \
wget \
tar \
RUN wget -U ossec https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz
RUN tar -xvf ossec-hids-2.8.3.gz && \
rm -f ossec-hids-2.8.3.tar.gz && \
cd ossec-hids-2.8.3 && \
echo "en agent \n 192.168.1.50 y y y" | ./install.sh
When it echos in the arguments into the script, the install.sh script falls and loops over the second question infinitely. Note I have tried printf, expect script, yes command and tried the script inside the container. All with the same outcome.
I am using this http://fhirtest.uhn.ca/baseDstu2 test FHIR server and it worked okay so far.
Now I am getting an HTTP-500 - Failed to Call Access Method exception.
Anyone has any idea on what has gone wrong?
This happens frequently. Probably because someone tested weird queries or similar that put the server in an unstable status.
I suggest posting a comment in https://chat.fhir.org/#narrow/stream/hapi to get the server restarted,
or install http://hapifhir.io/doc_cli.html which does basically the same but you have full control.
I built a Dockerfile:
FROM debian:sid
MAINTAINER Günter Zöchbauer <guenter#yyy.com>
ENV DEBIAN_FRONTEND noninteractive
RUN \
apt-get -q update && \
DEBIAN_FRONTEND=noninteractive && \
apt-get install --no-install-recommends -y -q \
apt-transport-https \
apt-utils \
wget \
bzip2 \
default-jdk
# net-tools sudo procps telnet
RUN \
apt-get update && \
rm -rf /var/lib/apt/lists/*
https://github.com/jamesagnew/hapi-fhir/releases/download/v2.0/hapi-fhir-2.0-cli.tar.bz2 && \
ADD hapi-* /hapi_fhir_cli/
RUN ls -la
RUN ls -la /hapi_fhir_cli
ADD prepare_server.sh /hapi_fhir_cli/
RUN \
cd /hapi_fhir_cli && \
bash -c /hapi_fhir_cli/prepare_server.sh
ADD start.sh /hapi_fhir_cli/
WORKDIR /hapi_fhir_cli
EXPOSE 5555
ENTRYPOINT ["/hapi_fhir_cli/start.sh"]
Which requires in the same directory as the Dockerfile
prepare_server.sh
#!/usr/bin/env bash
ls -la
./hapi-fhir-cli run-server --allow-external-refs &
while ! timeout 1 bash -c "echo > /dev/tcp/localhost/8080"; do sleep 10; done
./hapi-fhir-cli upload-definitions -t http://localhost:8080/baseDstu2
./hapi-fhir-cli upload-examples -c -t http://localhost:8080/baseDstu2
start.sh
#!/usr/bin/env bash
cd /hapi_fhir_cli
./hapi-fhir-cli run-server --allow-external-refs -p 5555
Build
docker build myname/hapi_fhir_cli_dstu2 -t . #--no-cache
Run
docker run -d -p 5555:5555 [image id from docker build]
Hope this helps.
I was trying to use user data section to initialize EC2 and run some bash scripts on instance startup. Somehow all the scripts are running except the (*) statement. Does anyone know what is happening?
#!/bin/bash
cd /home/ubuntu
apt-get update -y
apt-get -y install nodejs npm build-essential libssl-dev awscli ruby2.0
curl https://raw.githubusercontent.com/creationix/nvm/v0.25.0/install.sh > 123
curl https://raw.githubusercontent.com/creationix/nvm/v0.25.0/install.sh | bash (*)
The Heroku Docker image heroku/ruby installs ruby 2.2.3.
How do I use that image, but use ruby 2.0.0 instead (trying to Dockerize a Rails 3.2 app).
I know that the location of the Heroku buildpack for 2.0.0 is
https://heroku-buildpack-ruby.s3.amazonaws.com/cedar-14/ruby-2.0.0.tgz
but cannot see how to modify my Dockerfile so that it will use that version of Ruby instead.
I tried:
# Dockerfile
FROM heroku/ruby
# Install Ruby
ONBUILD RUN curl -s --retry 3 -L https://heroku-buildpack-ruby.s3.amazonaws.com/cedar-14/ruby-2.0.0.tgz | tar xz -C /app/heroku/ruby/ruby-2.2.0
which I'd hoped might overwrite the 2.2.0 with 2.0.0 (keeping the path etc the same) but that command gets ignored when I run docker-compose build
This is what I ended up doing (ruby and node) on the same docker file reproducing heroku environment:
FROM heroku/heroku:16
# Ruby dependencies
RUN apt-get update -qq && \
apt-get install -y -q --no-install-recommends \
build-essential\
libpq-dev\
libxml2-dev\
libxslt1-dev\
nodejs\
npm \
qt5-default\
libqt5webkit5-dev\
gstreamer1.0-plugins-base\
gstreamer1.0-tools\
gstreamer1.0-x\
xvfb \
&& rm -rf /var/lib/apt/lists/* \
&& truncate -s 0 /var/log/*log
# Ruby heroku
RUN apt remove -y --purge ruby && curl -s --retry 3 -L https://heroku-buildpack-ruby.s3.amazonaws.com/heroku-16/ruby-2.3.4.tgz | tar -xz
# Node heroku
RUN export NODE_VERSION=6.11.0 && \
curl -s --retry 3 -L https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz -o /tmp/node-v$NODE_VERSION-linux-x64.tar.gz && \
tar -xzf /tmp/node-v$NODE_VERSION-linux-x64.tar.gz -C /tmp && \
rsync -a /tmp/node-v$NODE_VERSION-linux-x64/ / && \
rm -rf /tmp/node-v$NODE_VERSION-linux-x64*
WORKDIR /var/app
You need to build an image yourself with the right versions. Change this Dockerfile as necessary - https://github.com/heroku/docker-ruby/blob/master/Dockerfile