Merge pull request #56 from jfrog/bugfix/INST-1982

Bugfix/inst 1982 -  Fix bash backspace,arrow issue, top, ps and updated curl with https

Author: kammathavaran

Diff for: WORKSPACE

@@ -33,22 +33,21 @@ package_manager_repositories()
 
 ## This is from release debian repo, the problem is that the Package.gz change so need to update chacksume all the time
 
-
 ## Snapshot repo has folder that Package.gz don't change
 dpkg_src(
     name = "debian_buster",
     arch = "amd64",
     distro = "buster",
-    sha256 = "996001ca07a8ea54c4d54539de7ed96d1d2cb1a2c0a3040c1be8fa89820f6bff",
-    snapshot = "20190224T095432Z",
-    url = "https://deepscan.jfrog.io/deepscan/debian/archive",
+    sha256 = "e096054471ae9a772fa67006cd0d9a0b125bb30443625fb6b66935e2a9331e98",
+    snapshot = "20210216T210840Z",
+    url = "https://snapshot.debian.org/archive",
 )
 
 dpkg_src(
     name = "debian_buster_security",
-    package_prefix = "https://deepscan.jfrog.io/deepscan/debian/archive/debian-security/20190131T235445Z/",
-    packages_gz_url = "https://deepscan.jfrog.io/deepscan/debian/archive/debian-security/20190131T235445Z/dists/buster/updates/main/binary-amd64/Packages.gz",
-    sha256 = "f61f27bd17de546264aa58f40f3aafaac7021e0ef69c17f6b1b4cd7664a037ec",
+    package_prefix = "https://snapshot.debian.org/archive/debian-security/20210216T201258Z/",
+    packages_gz_url = "https://snapshot.debian.org/archive/debian-security/20210216T201258Z/dists/buster/updates/main/binary-amd64/Packages.gz",
+    sha256 = "979b105c890ce629a002d66c79b67381c5b78b4769abbeddad3a57225c1c1159",
 )
 
 dpkg_list(
@@ -57,6 +56,7 @@ dpkg_list(
         # Version required to skip a security fix to the pre-release library
         # TODO: Remove when there is a security fix or dpkg_list finds the recent version
         "libc6",
+        "libc-bin",
         "base-files",
         "ca-certificates",
         "openssl",
@@ -89,6 +89,8 @@ dpkg_list(
         "db-util",
         "db5.3-util",
         "libdb5.3",
+        "libncurses6",
+        "ncurses-base",
     ],
     # Takes the first package found: security updates should go first
     # If there was a security fix to a package before the stable release, this will find
@@ -121,25 +123,19 @@ http_file(
     urls = ["https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64"],
 )
 
-#http_file(
-#    name = "busybox",
-#    executable = True,
-#    sha256 = "5776b1f4fbff641eb09024483fde28467e81bc74118c0c65ce5a8ad7a1029063",
-#    urls = ["https://busybox.net/downloads/binaries/1.30.0-i686/busybox"],
-#)
-#use this fixed version for this issue https://github.com/GoogleContainerTools/distroless/issues/225
 http_file(
     name = "busybox",
     executable = True,
-    sha256 = "af052caf38fe81eae321005c5c151650d64714bbe0a3f5e1f7cb39ba179cf7d6",
-    urls = ["https://deepscan.jfrog.io/deepscan/distroless-generic/busybox/1.30.0-glibc-busybox.tar.xz"],
+    sha256 = "9c1cc2735e2ea21c4579be452b313ce4120866a8c2b9dfc45bb7f9bf02d34949",
+    urls = ["https://deepscan.jfrog.io/deepscan/distroless-generic/busybox/1.32.1-glibc-busybox.tar.xz"],
 )
+
 #Added complied and slimed curl binary from source https://github.com/curl/curl/releases
 http_file(
     name = "curl",
     executable = True,
-    sha256 = "cfd3c343c8730e2d03565800a8736a75ac7f6abea323081465b520a61db5c9b1",
-    urls = ["https://deepscan.jfrog.io/deepscan/distroless-generic/curl/curl-7.71.0-linux.tar.gz"],
+    sha256 = "2d7237ec551fbe1a7ddaa8ede3aea5390fa354f6e2b45ccd65209e2d6c67290b",
+    urls = ["https://deepscan.jfrog.io/deepscan/distroless-generic/curl/curl-7.74.0-linux.tar.gz"],
 )
 # Docker rules.
 git_repository(

Diff for: base/BUILD

@@ -46,12 +46,18 @@ pkg_tar(
 
 load("@package_bundle//file:packages.bzl", "packages")
 load("//cacerts:cacerts.bzl", "cacerts")
+load("//locale:locale.bzl", "locale")
 
 cacerts(
     name = "cacerts",
     deb = packages["ca-certificates"],
 )
 
+locale(
+    name = "locale",
+    deb = packages["libc-bin"],
+)
+
 # Create /tmp, too many things assume it exists.
 # tmp.tar has a /tmp with the correct permissions 01777
 # A tar is needed because at the moment there is no way to create a
@@ -63,6 +69,7 @@ docker_build(
         packages["base-files"],
         packages["netbase"],
         packages["tzdata"],
+        packages["libc-bin"],
         ":cacerts.deb",
     ],
     env = {
@@ -71,6 +78,7 @@ docker_build(
         # TODO: We should run update-ca-certifaces, but that requires "openssl rehash"
         # which would probably need to be run inside the container
         "SSL_CERT_FILE": "/etc/ssl/certs/ca-certificates.crt",
+        "LANG": "C.UTF-8",
     },
     tars = [
         ":passwd",

Diff for: base/artifactory-sh/BUILD

@@ -63,12 +63,18 @@ pkg_tar(
 
 load("@package_bundle//file:packages.bzl", "packages")
 load("//cacerts:cacerts.bzl", "cacerts")
+load("//locale:locale.bzl", "locale")
 
 cacerts(
     name = "cacerts",
     deb = packages["ca-certificates"],
 )
 
+locale(
+    name = "locale",
+    deb = packages["libc-bin"],
+)
+
 # Create /tmp, too many things assume it exists.
 # tmp.tar has a /tmp with the correct permissions 01777
 # A tar is needed because at the moment there is no way to create a
@@ -100,6 +106,8 @@ docker_build(
             packages["zlib1g"],
             packages["libstdc++6"],
             packages["libgcc1"],
+            packages["libncurses6"],
+            packages["ncurses-base"],
         ],
     stamp = True,
     tars = [

Diff for: base/distribution-sh/BUILD

@@ -84,6 +84,8 @@ docker_build(
             packages["zlib1g"],
             packages["libstdc++6"],
             packages["libgcc1"],
+            packages["libncurses6"],
+            packages["ncurses-base"],
         ],
     stamp = True,
     tars = [

Diff for: base/insight-sh/BUILD

@@ -102,6 +102,8 @@ docker_build(
             packages["zlib1g"],
             packages["libstdc++6"],
             packages["libgcc1"],
+            packages["libncurses6"],
+            packages["ncurses-base"],
         ],
     stamp = True,
     tars = [

Diff for: base/jfmc-sh/BUILD

@@ -85,6 +85,8 @@ docker_build(
             packages["zlib1g"],
             packages["libstdc++6"],
             packages["libgcc1"],
+            packages["libncurses6"],
+            packages["ncurses-base"],
         ],
     stamp = True,
     tars = [

Diff for: base/router-go/BUILD

@@ -82,6 +82,8 @@ docker_build(
             packages["zlib1g"],
             packages["libstdc++6"],
             packages["libgcc1"],
+            packages["libncurses6"],
+            packages["ncurses-base"],
         ],
     stamp = True,
     tars = [

Diff for: base/testdata/debug.yaml

@@ -7,15 +7,23 @@ fileExistenceTests:
 commandTests:
   - name: busybox
     command: ["/busybox/busybox"]
-    expectedOutput: ['BusyBox v1\.30\.1']
+    expectedOutput: ['BusyBox v1\.32\.1']
   - name: busybox-owner
     command: ["ls","-ld","/busybox"]
     expectedOutput: ['drwxr-xr-x    2 root     root']
-  # Check curl version 7.71.0 installed
+  # Check curl version 7.74.0 installed
   - name: curl version
     command: ["curl", "--version"]
     exitCode: 0
-    expectedOutput: ['curl 7\.71\.0']
+    expectedOutput: ['curl 7\.74\.0']
   - name: curl
     command: ["curl","-h"]
     expectedOutput: ['Usage: curl \[options\.\.\.\] <url>']
+  # Check top cmd
+  - name: top
+    command: ["top", "-n", "1", "-b"]
+    exitCode: 0
+  # Check ps cmd
+  - name: ps
+    command: ["ps"]
+    exitCode: 0

Diff for: base/xray-go/BUILD

@@ -85,6 +85,8 @@ docker_build(
                 packages["db-util"],
                 packages["db5.3-util"],
                 packages["libdb5.3"],
+                packages["libncurses6"],
+                packages["ncurses-base"],
             ],
     tars = [
             ":passwd",

Diff for: java/BUILD

@@ -3,17 +3,24 @@ package(default_visibility = ["//visibility:public"])
 load("@io_bazel_rules_docker//docker:docker.bzl", "docker_build")
 load("@package_bundle//file:packages.bzl", "packages")
 load("//cacerts:java.bzl", "cacerts_java")
+load("//locale:locale.bzl", "locale")
 load("@io_bazel_rules_docker//java:image.bzl", "java_image")
 
 cacerts_java(
     name = "cacerts_java",
 )
 
+locale(
+    name = "locale",
+    deb = packages["libc-bin"],
+)
+
 docker_build(
     name = "java-base",
     base = "//cc:debug",
     debs = [
         packages["zlib1g"],
+        packages["libc-bin"],
         packages["net-tools"],
         packages["libprocps7"],
         packages["procps"],
@@ -34,12 +41,16 @@ docker_build(
         packages["dash"],
         packages["libtinfo6"],
         packages["libstdc++6"],
-        packages["libgcc1"]
+        packages["libgcc1"],
+        packages["libncurses6"],
+        packages["ncurses-base"],
     ],
     stamp = True,
     entrypoint = ["/busybox/sh"],
-
-    tars = [":cacerts_java"],
+    env = {
+        "LANG": "C.UTF-8",
+    },
+    tars = [":cacerts_java",":locale",],
 )
 
 docker_build(

Diff for: locale/BUILD

@@ -0,0 +1,6 @@
+package(default_visibility = ["//visibility:public"])
+
+sh_binary(
+    name = "extract_locale",
+    srcs = ["extract.sh"],
+)

Diff for: locale/extract.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -o errexit
+
+DEB=$1
+OUT_TAR=$2
+
+ar -x "$DEB" data.tar.xz
+
+tar -xf data.tar.xz ./usr/lib/locale/C.UTF-8 ./usr/share/doc/libc-bin/copyright
+
+rm data.tar.xz
+
+# On Mac OS, you need to make sure that GNU Tar is used instead of the BSD tar that is shipped with MacOS.
+# To resolve this you can install gnu-tar via Homebrew and symlink it as /usr/local/bin/tar.
+tar -c --owner=0 --group=0 -f locale.tar ./usr
+
+mv locale.tar "$OUT_TAR"
+
+rm -rf usr

Diff for: locale/locale.bzl

@@ -0,0 +1,33 @@
+"""A rule to unpack c locale from the debian package."""
+
+def _impl(ctx):
+    ctx.actions.run(
+        executable = ctx.executable._extract,
+        arguments = [
+            ctx.file.deb.path,
+            ctx.outputs.tar.path,
+        ],
+        inputs = [ctx.file.deb],
+        outputs = [ctx.outputs.tar],
+    )
+
+locale = rule(
+    attrs = {
+        "deb": attr.label(
+            allow_single_file = [".deb"],
+            mandatory = True,
+        ),
+        # Implicit dependencies.
+        "_extract": attr.label(
+            default = Label("//locale:extract_locale"),
+            cfg = "host",
+            executable = True,
+            allow_files = True,
+        ),
+    },
+    executable = False,
+    outputs = {
+        "tar": "%{name}.tar",
+    },
+    implementation = _impl,
+)