Fixes:

 * Create linux_users group with gid=1000
 * Create linux_user with uid=1000
 * Simplify toolchain and include cmake release
 * Reinstate checksums and delete unnecessary files

appsec/tests/integration/src/docker/apache2-fpm/Dockerfile

@@ -3,8 +3,10 @@ ARG VARIANT
 FROM datadog/dd-appsec-php-ci:php-$PHP_VERSION-$VARIANT
 
 RUN apt-get update && apt-get install -y \
-	apache2 \
-	&& rm -rf /var/lib/apt/lists/*
+    apache2 \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN usermod -a -G linux_users www-data
 
 RUN rm -rf /var/www/html
 RUN sed -i '/<Directory \/var\/www\/>/,/<\/Directory>/s/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf

appsec/tests/integration/src/docker/apache2-mod/Dockerfile

@@ -3,8 +3,10 @@ ARG VARIANT
 FROM datadog/dd-appsec-php-ci:php-$PHP_VERSION-$VARIANT
 
 RUN apt-get update && apt-get install -y \
-	apache2 \
-	&& rm -rf /var/lib/apt/lists/*
+    apache2 \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN usermod -a -G linux_users www-data
 
 RUN rm -rf /var/www/html
 RUN sed -i 's@/var/www/html@/var/www/public@' /etc/apache2/sites-available/000-default.conf

appsec/tests/integration/src/docker/nginx-fpm/Dockerfile

@@ -4,8 +4,10 @@ ARG VARIANT
 FROM datadog/dd-appsec-php-ci:php-$PHP_VERSION-$VARIANT
 
 RUN apt-get update && apt-get install -y \
-	nginx \
-	&& rm -rf /var/lib/apt/lists/*
+    nginx \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN usermod -a -G linux_users www-data
 
 RUN rm -rf /var/www/html
 

appsec/tests/integration/src/docker/php/Dockerfile

@@ -35,4 +35,7 @@ ENV CARGO_HOME=/root/.cargo
 ENV RUSTUP_HOME=/root/.rustup
 ENV LD_LIBRARY_PATH=/root/php/icu-60/lib
 
+RUN groupadd -g 1000 linux_users && \
+    useradd -G linux_users -u 1000 linux_user
+
 ENTRYPOINT ["php"]

appsec/tests/integration/src/docker/toolchain/CHECKSUMS

@@ -1 +1,2 @@
-89a67ebfbbc764cc456e8825ecfa90707741f8835b1b2adffae0b227ab1fe5ca9cce75b0efaffc9ca8431cae528dc54fd838867a56a2b645344d9e82d19ab1b7  llvm-project-16.0.6.src.tar.xz
+9591360672ba6192c606404caf70101538728a1cd5d548efcbb952f663f182bd1954d63743ffc9dd18f5c649a62a042c5e36d1ff423634dfd074f672dd1f4af9  cmake-3.28.0-linux-x86_64.tar.gz
+48a20095711870b23bd5db342de0e058a7c6876bafad4c6ce9ff9bce672ca1e95ed9ac890d519b0884cd277d091575eda7e60a97cad377ee57c1e20dee25feb1  cmake-3.28.0-linux-aarch64.tar.gz

appsec/tests/integration/src/docker/toolchain/Dockerfile

@@ -1,18 +1,13 @@
-FROM debian:latest AS toolchain
-
-ARG LLVM_VERSION=16.0.6
-ARG ARCH
-
-COPY Toolchain.cmake /build/Toolchain.cmake
-COPY CHECKSUMS /CHECKSUMS
-
-RUN echo "Building LLVM ${LLVM_VERSION} on ${ARCH}"
+FROM debian@sha256:08db48d59c0a91afb802ebafc921be3154e200c452e4d0b19634b426b03e0e25 AS toolchain
 
 RUN apt-get update && apt-get install -y \
-  build-essential wget cmake binutils lld libncurses5-dev git patchelf xz-utils curl lsb-release wget software-properties-common gnupg
+  build-essential wget binutils lld libncurses5-dev git patchelf xz-utils curl lsb-release wget software-properties-common gnupg
 
-RUN wget https://apt.llvm.org/llvm.sh && \
-  chmod +x llvm.sh && \
-  ./llvm.sh 16 all
+RUN ln -s /bin/sed /usr/bin/sed
+RUN mkdir /build
+ADD . /build/
 
-RUN ln -s /usr/bin/cmake /usr/local/bin/cmake
+RUN wget https://github.com/Kitware/CMake/releases/download/v3.28.0/cmake-3.28.0-linux-$(arch | sed s/arm/aarch/).tar.gz && \
+    grep -F "cmake-3.28.0-linux-$(arch | sed s/arm/aarch/).tar.gz" ./build/CHECKSUMS | sha512sum --check && \
+    tar --strip-components=1 -C /usr/local -xvzf cmake-3.28.0-linux-$(arch | sed s/arm/aarch/).tar.gz && \
+    rm cmake-3.28.0-linux-$(arch | sed s/arm/aarch/).tar.gz