Initial Bullseye work

.env

@@ -1,3 +1,3 @@
 MISP_TAG=v2.4.152
 MODULES_TAG=v2.4.152
-PHP_VER=20180731
+PHP_VER=20190902

modules/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.7-slim-buster  as builder
+FROM python:3.9-slim-bullseye  as builder
 ENV DEBIAN_FRONTEND noninteractive
 ARG MODULES_TAG
 
@@ -18,11 +18,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     RUN mkdir /wheel
     WORKDIR /srv
 
-    # TODO: remove downgrade of sigmatools when we have Python 3.8 ref #128 and #143
     RUN git clone --branch ${MODULES_TAG} --depth 1  https://github.com/MISP/misp-modules.git /srv/misp-modules; \
-        cd /srv/misp-modules || exit; \
-        sed -i -e 's/-e //g' -e 's/sigmatools==0.20/sigmatools==0.19.1/' REQUIREMENTS; \
-        pip3 wheel -r REQUIREMENTS --no-cache-dir -w /wheel/
+        cd /srv/misp-modules || exit; sed -i 's/-e //g' REQUIREMENTS; pip3 wheel -r REQUIREMENTS --no-cache-dir -w /wheel/
 
     RUN git clone --depth 1 https://github.com/stricaud/faup.git /srv/faup; \
         cd /srv/faup/build || exit; cmake .. && make install; \
@@ -33,7 +30,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     RUN find . -name "chardet*" | grep -v "chardet-4.0.0" | xargs rm -f
 
 
-FROM python:3.7-slim-buster
+FROM python:3.9-slim-bullseye
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
             libglib2.0-0 \

server/Dockerfile

@@ -1,11 +1,11 @@
-FROM composer:2.1 as composer-build
+FROM composer:2.2 as composer-build
     ARG MISP_TAG
     WORKDIR /tmp
     ADD https://raw.githubusercontent.com/MISP/MISP/${MISP_TAG}/app/composer.json /tmp
     RUN composer install --ignore-platform-reqs && \
      composer require jumbojett/openid-connect-php --ignore-platform-reqs
 
-FROM debian:buster-slim as php-build
+FROM debian:bullseye-slim as php-build
     RUN apt-get update; apt-get install -y --no-install-recommends \
         gcc \
         make \
@@ -23,7 +23,7 @@ FROM debian:buster-slim as php-build
         RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && cd php-ext-brotli && phpize && ./configure && make && make install
         
 
-FROM debian:buster-slim as python-build
+FROM debian:bullseye-slim as python-build
     RUN apt-get update; apt-get install -y --no-install-recommends \
         gcc \
         git \
@@ -60,9 +60,10 @@ FROM debian:buster-slim as python-build
         sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
 
     # install STIX2.0 library to support STIX 2.0 export:
+    # Original Requirements has a bunch of non-required pacakges, force it to only grab wheels for deps from setup.py
     RUN git clone --depth 1 https://github.com/MISP/cti-python-stix2.git; \
         cd cti-python-stix2 || exit; python3 setup.py bdist_wheel -d /wheels; \
-        sed -i 's/-e //g' requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
+        echo "-e ." > requirements.txt; pip3 wheel -r requirements.txt --no-cache-dir -w /wheels/
 
     # install PyMISP
     RUN git clone --depth 1 https://github.com/MISP/PyMISP.git; \
@@ -75,17 +76,15 @@ FROM debian:buster-slim as python-build
     # Grab other modules we need
     RUN pip3 wheel --no-cache-dir -w /wheels/ plyara pyzmq redis python-magic lief
 
-    # Temp workaround for cryptography library
-    RUN pip3 wheel 'cryptography>=3.3.0,<3.4.0' --no-cache-dir -w /wheels/
-
     # Remove extra packages due to incompatible requirements.txt files
     WORKDIR /wheels
-    RUN find . -name "pluggy*" | grep -v "pluggy-0.13.1" | xargs rm -f
-    RUN find . -name "tox*" | grep -v "tox-2.7.0" | xargs rm -f
-    RUN find . -name "Sphinx*" | grep -v "Sphinx-1.8.5" | xargs rm -f
+    RUN find . -name "pluggy*" | tee /dev/stderr | grep -v "pluggy-1.0.0" | xargs rm -f
+    RUN find . -name "tox*" | tee /dev/stderr | grep -v "tox-3.24.5" | xargs rm -f
+    RUN find . -name "Sphinx*" | tee /dev/stderr | grep -v "Sphinx-1.8.6" | xargs rm -f
+    RUN find . -name "docutils*" | tee /dev/stderr | grep -v "docutils-0.17.1" | xargs rm -f
 
 
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 ENV DEBIAN_FRONTEND noninteractive
 ARG MISP_TAG
 ARG PHP_VER
@@ -111,6 +110,7 @@ ARG PHP_VER
         python3-pip \
         # PHP Requirements
         php \
+        php-apcu \
         php-curl \
         php-xml \
         php-intl \

server/files/entrypoint_fpm.sh

@@ -14,4 +14,4 @@ change_php_vars(){
 echo "Configure PHP  | Change PHP values ..." && change_php_vars
 echo "Starting PHP FPM"
 
-/usr/sbin/php-fpm7.3 -R -F
+/usr/sbin/php-fpm7.4 -R -F

server/files/etc/nginx/misp

@@ -45,7 +45,7 @@ server {
 
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
         fastcgi_read_timeout 300;
     }
 }

server/files/etc/nginx/misp-secure

@@ -43,7 +43,7 @@ server {
 
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
         fastcgi_read_timeout 300;
     }
 }

server/files/etc/nginx/misp80-noredir

@@ -29,7 +29,7 @@ server {
 
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
         fastcgi_read_timeout 300;
     }
 }