Moved to bookworm as base

Dockerfile

@@ -46,7 +46,9 @@ RUN bash /build.d/gsad.sh
 
 COPY build.d/links.sh /build.d/
 RUN bash /build.d/links.sh
-RUN mkdir /branding
+RUN mkdir /branding 
+COPY build.d/coallate.sh /
+RUN bash /coallate.sh 
 
 # Stage 1: Start again with the ovasbase. Dependancies already installed
 # This target is for the image with no database
@@ -59,19 +61,22 @@ LABEL maintainer="[email protected]" \
 #EXPOSE 9392
 ENV LANG=C.UTF-8
 # Copy the install from stage 0
-COPY --from=0 etc/gvm/pwpolicy.conf /usr/local/etc/gvm/pwpolicy.conf
-COPY --from=0 etc/logrotate.d/gvmd /etc/logrotate.d/gvmd
-COPY --from=0 lib/systemd/system /lib/systemd/system
-COPY --from=0 usr/local/bin /usr/local/bin
-COPY --from=0 usr/local/include /usr/local/include
-COPY --from=0 usr/local/lib /usr/local/lib
-COPY --from=0 usr/local/sbin /usr/local/sbin
-COPY --from=0 usr/local/share /usr/local/share
-COPY --from=0 usr/share/postgresql /usr/share/postgresql
-COPY --from=0 usr/lib/postgresql /usr/lib/postgresql
-
-COPY confs/gvmd_log.conf /usr/local/etc/gvm/
-COPY confs/openvas_log.conf /usr/local/etc/openvas/
+# Move all of this to a sinlge "build" folder and reduce the number of layers by copying the 
+# entire folder in one line to root/ 
+#COPY --from=0 etc/gvm/pwpolicy.conf /usr/local/etc/gvm/pwpolicy.conf
+#COPY --from=0 etc/logrotate.d/gvmd /etc/logrotate.d/gvmd
+#COPY --from=0 lib/systemd/system /lib/systemd/system
+#COPY --from=0 usr/local/bin /usr/local/bin
+#COPY --from=0 usr/local/include /usr/local/include
+#COPY --from=0 usr/local/lib /usr/local/lib
+#COPY --from=0 usr/local/sbin /usr/local/sbin
+#COPY --from=0 usr/local/share /usr/local/share
+#COPY --from=0 usr/share/postgresql /usr/share/postgresql
+#COPY --from=0 usr/lib/postgresql /usr/lib/postgresql
+COPY --from=0 /final .
+
+COPY confs/* /data/local-etc/gvm/
+
 COPY build.d/links.sh /
 RUN bash /links.sh 
 COPY build.d/gpg-keys.sh /

bin/base-rebuild.sh

@@ -99,13 +99,13 @@ if [ "$tag" == "beta" ]; then
 	RUNOPTIONS="--volume beta:/data"
 	NOBASE=true
 elif [ -z $arch ]; then
-	arch="linux/amd64,linux/arm64,linux/arm/v7"
-	#arch="linux/amd64,linux/arm64"
+	#arch="linux/amd64,linux/arm64,linux/arm/v7"
+	arch="linux/amd64,linux/arm64"
 	ARM="true"
 fi
 # Make the version # in the image meta data consistent
 # This will leave the 
-if [ "$tag" != "latest" ]; then
+if [ "$tag" != "latest" ] && [ "$tag" != "beta" ]; then
 	echo $tag > ver.current
 fi
 VER=$(cat ver.current)
@@ -132,7 +132,8 @@ if  [ "$NOBASE" == "false" ]; then
 	cd $BUILDHOME/ovasbase
 	BASESTART=$(date +%s)
 	# Always build all archs for ovasbase.
-	docker buildx build --push  --platform  linux/amd64,linux/arm64,linux/arm/v7 -f Dockerfile -t immauss/ovasbase  .
+	#docker buildx build --push  --platform  linux/amd64,linux/arm64,linux/arm/v7 -f Dockerfile -t immauss/ovasbase  .
+	docker buildx build --push  --platform  linux/amd64,linux/arm64 -f Dockerfile -t immauss/ovasbase:latest  .
 	BASEFIN=$(date +%s)
 	cd ..
 fi

build.d/coallate.sh

@@ -0,0 +1,30 @@
+#!/bin/bash 
+# Put all the bits I need into the right place so I can move them all into
+# the finall image in a single image layer
+
+# Create the dir structure in "/final" 
+mkdir -p /final/usr/local/etc/gvm /final/etc/gvm /final/etc/logrotate.d /final/usr/local/bin \
+         /final/usr/local/include /final/usr/local/lib /final/usr/local/share /final/usr/share/postgresql \
+         /final/usr/lib/postgresql /final/usr/local/sbin 
+
+cp -rp /etc/gvm/* /final/etc/gvm/ 
+cp -rp /etc/logrotate.d/gvmd /final/etc/logrotate.d/
+#cp -rp /lib/systemd/system/* /final/lib/systemd/system/
+cp -rp /usr/local/bin/* /final/usr/local/bin/
+cp -rp /usr/local/include/* /final/usr/local/include/
+cp -rp /usr/local/lib/* /final/usr/local/lib/
+cp -rp /usr/local/sbin/* /final/usr/local/sbin/
+cp -rp /usr/local/share/* /final/usr/local/share/ 
+cp -rp /usr/share/postgresql/* /final/usr/share/postgresql/
+cp -rp /usr/lib/postgresql/* /final/usr/lib/postgresql/ 
+
+#COPY --from=0 etc/gvm/pwpolicy.conf /usr/local/etc/gvm/pwpolicy.conf
+#COPY --from=0 etc/logrotate.d/gvmd /etc/logrotate.d/gvmd
+#COPY --from=0 lib/systemd/system /lib/systemd/system
+#COPY --from=0 usr/local/bin /usr/local/bin
+#COPY --from=0 usr/local/include /usr/local/include
+#COPY --from=0 usr/local/lib /usr/local/lib
+#COPY --from=0 usr/local/sbin /usr/local/sbin
+#COPY --from=0 usr/local/share /usr/local/share
+#COPY --from=0 usr/share/postgresql /usr/share/postgresql
+#COPY --from=0 usr/lib/postgresql /usr/lib/postgresql

build.d/gb-feed-sync.sh

@@ -4,4 +4,4 @@ set -Eeuo pipefail
 . build.rc
 
 echo "pip install of new greenbone-feed-sync"
-python3 -m pip install greenbone-feed-sync 
+python3 -m pip install --break-system-packages greenbone-feed-sync 

build.d/gsad.sh

@@ -13,9 +13,11 @@ cd /build/*/
 # Implement ICS GSA Mods
 BUILDDIR=$(pwd)
 echo "BUILDDIR $BUILDDIR"
+
+
 /ics-gsa/scripts/gsad-mods.sh $BUILDDIR
 
-cmake -j$(nproc) /build/gsad-$GSAD_VERSION \
+cmake /build/gsad-$GSAD_VERSION \
 	-DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
 	-DCMAKE_BUILD_TYPE=Release \
 	-DSYSCONFDIR=/usr/local/etc \

build.d/gvm-tool.sh

@@ -4,4 +4,4 @@ set -Eeuo pipefail
 . build.rc
 
 echo "pip install GVM-tools"
-python3 -m pip install gvm-tools==$gvm_tools
+python3 -m pip install --break-system-packages gvm-tools==$gvm_tools

build.d/notus-scanner.sh

@@ -13,8 +13,8 @@ wget --no-verbose https://github.com/greenbone/notus-scanner/archive/$notus_scan
 tar -zxf $notus_scanner.tar.gz
 ls -l
 cd /build/*/
- python3 -m pip install . 
- ls -l /usr/local/bin/ |  tee /local-bin.txt
+python3 -m pip install --break-system-packages  . 
+ls -l /usr/local/bin/ |  tee /local-bin.txt
 
 
 cd /build

build.d/ospd-openvas.sh

@@ -7,8 +7,14 @@ cd /build
 wget --no-verbose https://github.com/greenbone/ospd-openvas/archive/$ospd_openvas.tar.gz
 tar -zxf $ospd_openvas.tar.gz
 cd /build/*/
+echo " Find"
+find . -name setup.py
+echo " Found ?"
 pwd 
-ls -l
-python3 -m pip install .
+
+
+
+python3 -m pip install --break-system-packages .
+
 cd /build
 rm -rf *

confs/pwpolicy.conf

@@ -0,0 +1,117 @@
+ pwpolicy.conf                                      -*- coding: utf-8 -*-
+#
+# This is an example for a pattern file used to validate passwords.
+# Passwords matching an entry in this file are considered weak and
+# will be rejected.
+#
+# The file is line based with comment lines beginning on the *first*
+# position with a '#' and followed by at least one white space.  Empty
+# lines and lines with only white space are ignored.  The other lines
+# may either be verbatim patterns and match as they are (trailing
+# spaces are ignored) or Perl compatible regular expressions (pcre)
+# indicated by a '/' in the first column and terminated by another '/'
+# or end of line.  To reverse the meaning of a regular expression
+# prefix it with an exclamation mark like this:
+#
+#   !/^.{6,}$/
+#
+# This will reject a passphrase with less than 6 characters.  All
+# comparisons are case insensitive; utf-8 encoding must be used.  A
+# few processing instructions are supported:
+#
+#   #+desc[:] A string describing the next pattern
+#
+# This is used to return meaningful error messages.  To end a group of
+# pattern with the same description either a new "#+desc:" line may be
+# used or the instruction:
+#
+#   #+nodesc
+#
+# To include a list of simple pattern use:
+#
+#   #+search[:] FILENAME
+#
+# Note that this is a simple linear search and stops at the first
+# match.  Comments are not allowed in that file.  A line in the
+# dictionary may not be longer than 255 characters.
+#
+# To perform checks on the username/password combination, you should
+# use:
+#
+#   #+username
+#
+# Currently this checks whether the password matches or is included in
+# the password. It may eventually be extended to further tests.
+
+############################
+# This is an example file where all lines are explicitly prefixed with
+# an additional "#" to comment out anything.
+# On your own decision you may activiate policies and modify them.
+# Be aware: By default any password is allowed.
+############################
+
+
+## Let's start with a simple test
+##+desc: Too short (at least 8 characters are required)
+#!/^.{8,}$/
+#
+## Check that the user name does not match the password.
+## (The desc string is not used here.)
+##+username
+#
+##+desc: Only digits
+#/^[[:digit:]]+$/
+#
+##+desc: Not a mix of letters digits and control characters
+#!/[[:alpha:]]+/
+#!/[[:digit:]]+/
+#!/[[:punct:]]+/
+#
+##+desc: No mixed case
+#!/(?-i)([[:lower:]]+.*[[:upper:]]+)|([[:upper:]]+.*[[:lower:]]+)/
+#
+##+desc: Date string
+## A limited check for ISO date strings
+#/^[012][0-9]{3}-?[012][0-9]-?[0123][0-9]$/
+#
+## Reject the usual metavariables.
+##+desc: Meta variable
+#foo
+#bar
+#baz
+#
+##+desc: Common test password
+#password
+#passwort
+#passphrase
+#mantra
+#test
+#abc
+#egal
+#
+## Arbitrary strings
+##+nodesc
+#12345678
+#87654321
+#qwerty
+#qwertyuiop
+#asdfghjkl
+#zxcvbnm
+#qwertzuiop
+#yxcvbnm
+#no-password
+#no password
+#
+##+desc: Test string used by RTTY hams
+#the quick brown fox jumps over the lazy dogs back
+#
+##+desc: German number plate
+#/^[A-Z]{1,3}\s*-\s*[A-Z]{1,2}\s*[0-9]+$/
+#
+##+desc: Dictionary word
+##+search: /usr/share/dict/words
+## Note that searching a large dictionary may take some time, it might
+## be better to use an offline password auditing tool instead.
+
+
+# end of policy file

ovasbase/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bullseye
+FROM debian:stable
 ENV DEBIAN_FRONTEND=noninteractive
 ENV LANG=C.UTF-8
 COPY scripts /scripts

ovasbase/bin/rebuild-all.sh

@@ -5,5 +5,5 @@ if [ -z $tag ] ; then
 else
         tag="$tag"
 fi
-docker buildx build -t immauss/ovasbase:$tag --platform linux/arm64,linux/amd64,linux/arm/v7 --push  .
-#docker buildx build -t immauss/ovasbase:$tag --platform linux/arm64,linux/amd64 --push  .
+#docker buildx build -t immauss/ovasbase:$tag --platform linux/arm64,linux/amd64,linux/arm/v7 --push  .
+docker buildx build -t immauss/ovasbase:$tag --platform linux/arm64,linux/amd64 --push  .

ovasbase/scripts/install-deps.sh

@@ -9,33 +9,17 @@ apt-get update
 apt-get install -y gnupg curl wget apt-utils
 
 echo "Install the postgres repo"
-echo "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list
+echo "deb http://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list
 wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
 
 apt-get update 
 apt-get upgrade -y
 echo "install required packages"
-PACKAGES=$(cat /scripts/package-list)
+PACKAGES=$(cat scripts/package-list)
 apt-get install -yq --no-install-recommends $PACKAGES
 /usr/sbin/update-ca-certificates --fresh
-
-# Now install latest nodejs & yarn ..
-export NODE_VERSION=node_18.x
-export KEYRING=/usr/share/keyrings/nodesource.gpg
-export DISTRIBUTION="bullseye"
-
-# the NodeJS apt source
-curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor |  tee "$KEYRING" >/dev/null
-gpg --no-default-keyring --keyring "$KEYRING" --list-keys
-echo "deb [signed-by=$KEYRING] https://deb.nodesource.com/$NODE_VERSION $DISTRIBUTION main" |  tee /etc/apt/sources.list.d/nodesource.list
-echo "deb-src [signed-by=$KEYRING] https://deb.nodesource.com/$NODE_VERSION $DISTRIBUTION main" |  tee -a /etc/apt/sources.list.d/nodesource.list
-# add the yarn apt source
-curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg |  apt-key add -
-echo "deb https://dl.yarnpkg.com/debian/ stable main" |  tee /etc/apt/sources.list.d/yarn.list
-
- apt update
- apt install -y nodejs
-
+# Newer version of impacket than available via apt
+python3 -m pip install --break-system-packages impacket
 #Clean up after apt
 rm -rf /var/lib/apt/lists/*