From 921ba5415247e2f6ca247e3c63967d204d9799e7 Mon Sep 17 00:00:00 2001 From: Andrey Arapov Date: Sat, 14 Jul 2018 15:28:38 +0200 Subject: [PATCH 1/2] use multi-stage build --- Dockerfile | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index cebc06c6..07677802 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,18 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.10-alpine - -VOLUME /config -EXPOSE 6060 6061 - +FROM golang:1.10-alpine AS build ADD . /go/src/github.com/coreos/clair/ WORKDIR /go/src/github.com/coreos/clair/ +RUN go build github.com/coreos/clair/cmd/clair -RUN apk add --no-cache git rpm xz dumb-init && \ - go install -v github.com/coreos/clair/cmd/clair && \ - mv /go/bin/clair /clair && \ - rm -rf /go /usr/local/go - +FROM alpine:3.8 +COPY --from=build /go/src/github.com/coreos/clair/clair /clair +RUN apk add --no-cache git rpm xz ca-certificates dumb-init ENTRYPOINT ["/usr/bin/dumb-init", "--", "/clair"] - +VOLUME /config +EXPOSE 6060 6061 From 0d5f300c5b02aec7af272980d0d3524bf5521647 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?honglichang=28=E5=B8=B8=E7=BA=A2=E7=AB=8B=29?= Date: Tue, 17 Jul 2018 20:11:24 +0800 Subject: [PATCH 2/2] fix nvd path 1. stop clair, not del nvd xml --- ext/vulnmdsrc/nvd/nvd.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/vulnmdsrc/nvd/nvd.go b/ext/vulnmdsrc/nvd/nvd.go index 5be08b97..84d0491a 100644 --- a/ext/vulnmdsrc/nvd/nvd.go +++ b/ext/vulnmdsrc/nvd/nvd.go @@ -26,6 +26,7 @@ import ( "io/ioutil" "net/http" "os" + "path/filepath" "strconv" "strings" "time" @@ -146,7 +147,7 @@ func getDataFeeds(dataFeedHashes map[string]string, localPath string) (map[strin // Create io.Reader for every data feed. dataFeedReaders := make(map[string]NestedReadCloser) for _, dataFeedName := range dataFeedNames { - fileName := localPath + dataFeedName + ".xml" + fileName := filepath.Join(localPath, fmt.Sprintf("%s.xml", dataFeedName)) if h, ok := dataFeedHashes[dataFeedName]; ok && h == dataFeedHashes[dataFeedName] { // The hash is known, the disk should contains the feed. Try to read from it.