docker: use docker buildx to build multi architecture

arielmorelli · ariel.morelli · commit 8d3a5fb4af7b · 2022-08-19T18:53:18.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -3,40 +3,44 @@
 # Copyright (C) 2020 Olliver Schinagl <oliver@schinagl.nl>
 # Copyright (C) 2021-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
 
-# hadolint ignore=DL3007  latest is the latest stable for alpine
-FROM index.docker.io/library/alpine:latest AS builder
+FROM index.docker.io/library/rust:1.62.1-bullseye AS builder
 
 WORKDIR /src
 
 COPY . /src/
 
-# hadolint ignore=DL3008  We want the latest stable versions
-RUN apk add --no-cache \
-        bsd-compat-headers \
-        bzip2-dev \
-        check-dev \
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt update && apt install -y \
         cmake \
-        curl-dev \
-        file \
-        fts-dev \
-        g++ \
+        bison \
+        flex \
+        gcc \
         git \
-        json-c-dev \
+        make \
+        man-db \
+        net-tools \
+        pkg-config \
+        python3 \
+        python3-pip \
+        python3-pytest \
+        check \
+        libbz2-dev \
+        libcurl4-openssl-dev \
+        libjson-c-dev \
         libmilter-dev \
-        libtool \
+        libncurses5-dev \
+        libpcre2-dev \
+        libssl-dev \
         libxml2-dev \
-        linux-headers \
-        make \
-        ncurses-dev \
-        openssl-dev \
-        pcre2-dev \
-        py3-pytest \
-        zlib-dev \
-        rust \
-        cargo \
+        zlib1g-dev \
+    && \
+    rm -rf /var/cache/apt/archives \
+    && \
+    mkdir -p "./build" && cd "./build" \
     && \
-    mkdir -p "./build" && cd "./build" && \
     cmake .. \
+          -DCARGO_HOME="/src/build" \
           -DCMAKE_BUILD_TYPE="Release" \
           -DCMAKE_INSTALL_PREFIX="/usr" \
           -DCMAKE_INSTALL_LIBDIR="/usr/lib" \
@@ -47,8 +51,10 @@ RUN apk add --no-cache \
           -DENABLE_JSON_SHARED=ON \
           -DENABLE_MAN_PAGES=OFF \
           -DENABLE_MILTER=ON \
-          -DENABLE_STATIC_LIB=OFF && \
-    make DESTDIR="/clamav" -j$(($(nproc) - 1)) install && \
+          -DENABLE_STATIC_LIB=OFF \
+    && \
+    make DESTDIR="/clamav" -j$(($(nproc) - 1)) install \
+    && \
     rm -r \
        "/clamav/usr/include" \
        "/clamav/usr/lib/pkgconfig/" \
@@ -77,38 +83,39 @@ RUN apk add --no-cache \
         -e "s|^\#\(LogTime\).*|\1 yes|" \
         -e "s|.*\(\ClamdSocket\) .*|\1 unix:/run/clamav/clamd.sock|" \
         "/clamav/etc/clamav/clamav-milter.conf.sample" > "/clamav/etc/clamav/clamav-milter.conf" || \
-    exit 1 && \
+    exit 1 \
+    && \
     ctest -V
 
-FROM index.docker.io/library/alpine:latest
+FROM index.docker.io/library/debian:11-slim
 
 LABEL maintainer="ClamAV bugs <clamav-bugs@external.cisco.com>"
 
 EXPOSE 3310
 EXPOSE 7357
 
+ENV DEBIAN_FRONTEND=noninteractive
 ENV TZ Etc/UTC
 
-RUN apk add --no-cache \
-        fts \
-        json-c \
-        libbz2 \
-        libcurl \
-        libltdl \
-        libmilter \
-        libstdc++ \
+RUN apt-get update && apt-get install -y \
+        libbz2-1.0 \
+        libcurl4 \
+        libssl1.1 \
+        libjson-c5 \
+        libmilter1.0.1 \
+        libncurses5 \
+        libpcre2-8-0 \
         libxml2 \
-        ncurses-libs \
-        pcre2 \
-        tini \
+        zlib1g \
         tzdata \
-        zlib \
     && \
-    addgroup -S "clamav" && \
-    adduser -D -G "clamav" -h "/var/lib/clamav" -s "/bin/false" -S "clamav" && \
+    rm -rf /var/cache/apt/archives && \
+    groupadd "clamav" && \
+    useradd -g clamav -s /bin/false --home-dir /var/lib/clamav -c "Clam Antivirus" clamav && \
     install -d -m 755 -g "clamav" -o "clamav" "/var/log/clamav"
 
 COPY --from=builder "/clamav" "/"
+
 COPY "./dockerfiles/clamdcheck.sh" "/usr/local/bin/"
 COPY "./dockerfiles/docker-entrypoint.sh" "/init"
 
diff --git a/dockerfiles/docker-entrypoint.sh b/dockerfiles/docker-entrypoint.sh
@@ -1,4 +1,4 @@
-#!/sbin/tini /bin/sh
+#!/usr/bin/env sh
 # SPDX-License-Identifier: GPL-2.0-or-later
 #
 # Copyright (C) 2021 Olliver Schinagl <oliver@schinagl.nl>
@@ -15,6 +15,7 @@ if [ ! -d "/run/clamav" ]; then
 fi
 
 # Assign ownership to the database directory, just in case it is a mounted volume
+mkdir -p /var/lib/clamav
 chown -R clamav:clamav /var/lib/clamav
 
 # run command if it is not starting with a "-" and is an executable in PATH
diff --git a/dockerfiles/update_db_image.sh b/dockerfiles/update_db_image.sh
@@ -8,6 +8,7 @@ set -eu
 
 DEF_CLAMAV_DOCKER_IMAGE="clamav/clamav"
 DEF_DOCKER_REGISTRY="registry.hub.docker.com"
+DOCKER_BUILDKIT_IMAGE="multiarch/qemu-user-static"
 
 
 usage()
@@ -72,6 +73,12 @@ docker_tags_get()
 	done
 }
 
+config_docker_buildx()
+{
+	docker buildx install
+	docker buildx create --use --name=builder --driver docker-container --driver-opt image=${DOCKER_BUILDKIT_IMAGE} || true
+}
+
 clamav_db_update()
 {
 	if [ -z "${clamav_docker_tags:-}" ]; then
@@ -83,8 +90,7 @@ clamav_db_update()
 		{
 			echo "FROM ${docker_registry}/${clamav_docker_image}:${_tag}"
 			echo "RUN freshclam --foreground --stdout && rm /var/lib/clamav/freshclam.dat || rm /var/lib/clamav/mirrors.dat || true"
-		} | docker image build --pull --rm --tag "${docker_registry}/${clamav_docker_image}:${_tag%%_base}" -
-		docker image push "${docker_registry}/${clamav_docker_image}:${_tag%%_base}"
+		} | docker buildx build --platform linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64 --pull --push --rm --tag "${docker_registry}/${clamav_docker_image}:${_tag%%_base}" -
 	done
 }
 
@@ -132,6 +138,7 @@ main()
 	docker_registry="${docker_registry:-${DOCKER_REGISTRY:-${DEF_DOCKER_REGISTRY}}}"
 
 	init
+	config_docker_buildx
 
 	docker_tags_get
 	clamav_db_update
