From 9f1188194b9f576756b99b08b6f6db9681f03a0c Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 1 Feb 2023 14:09:24 -0500 Subject: [PATCH 1/4] Switch to the official Lambda Docker images from AWS Co-authored-by: Nick <50747025+mcdonnnj@users.noreply.github.com> --- pshtt/Dockerfile | 2 +- sslyze/Dockerfile | 2 +- trustymail/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pshtt/Dockerfile b/pshtt/Dockerfile index 26a44b7..8a5d12e 100755 --- a/pshtt/Dockerfile +++ b/pshtt/Dockerfile @@ -1,4 +1,4 @@ -FROM lambci/lambda:build-python3.7 +FROM public.ecr.aws/lambda/python:3.7 MAINTAINER Shane Frasier # We need wget to download the public suffix list diff --git a/sslyze/Dockerfile b/sslyze/Dockerfile index 3a1cf1f..fa2cbed 100755 --- a/sslyze/Dockerfile +++ b/sslyze/Dockerfile @@ -1,4 +1,4 @@ -FROM lambci/lambda:build-python3.7 +FROM public.ecr.aws/lambda/python:3.7 MAINTAINER Shane Frasier # We need wget to download the public suffix list diff --git a/trustymail/Dockerfile b/trustymail/Dockerfile index 529ffcd..c9011a9 100755 --- a/trustymail/Dockerfile +++ b/trustymail/Dockerfile @@ -1,4 +1,4 @@ -FROM lambci/lambda:build-python3.7 +FROM public.ecr.aws/lambda/python:3.7 MAINTAINER Shane Frasier # We need wget to download the public suffix list From d8fba4e7bfe69f53eb9bfd60680312354d5a4eb3 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 1 Feb 2023 14:11:42 -0500 Subject: [PATCH 2/4] Install some basic packages These packages are necessary for running the shell scripts that actually construct the Lambda zip archives. --- pshtt/Dockerfile | 7 +++++-- sslyze/Dockerfile | 7 +++++-- trustymail/Dockerfile | 7 +++++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/pshtt/Dockerfile b/pshtt/Dockerfile index 8a5d12e..3ae0592 100755 --- a/pshtt/Dockerfile +++ b/pshtt/Dockerfile @@ -1,8 +1,11 @@ FROM public.ecr.aws/lambda/python:3.7 MAINTAINER Shane Frasier -# We need wget to download the public suffix list -RUN yum -q -y install wget +# We need to install some basic packages so that the Docker container +# can run the build_pshtt.sh script. +RUN yum -q -y install \ + wget \ + zip COPY build_pshtt.sh . diff --git a/sslyze/Dockerfile b/sslyze/Dockerfile index fa2cbed..2809ed9 100755 --- a/sslyze/Dockerfile +++ b/sslyze/Dockerfile @@ -1,8 +1,11 @@ FROM public.ecr.aws/lambda/python:3.7 MAINTAINER Shane Frasier -# We need wget to download the public suffix list -RUN yum -q -y install wget +# We need to install some basic packages so that the Docker container +# can run the build_sslyze.sh script. +RUN yum -q -y install \ + wget \ + zip COPY build_sslyze.sh . diff --git a/trustymail/Dockerfile b/trustymail/Dockerfile index c9011a9..8141b23 100755 --- a/trustymail/Dockerfile +++ b/trustymail/Dockerfile @@ -1,8 +1,11 @@ FROM public.ecr.aws/lambda/python:3.7 MAINTAINER Shane Frasier -# We need wget to download the public suffix list -RUN yum -q -y install wget +# We need to install some basic packages so that the Docker container +# can run the build_trustymail.sh script. +RUN yum -q -y install \ + wget \ + zip COPY build_trustymail.sh . From 18fb8ec0a50ceb435976976cccceed0f7de39b04 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Wed, 1 Feb 2023 14:12:57 -0500 Subject: [PATCH 3/4] Enforce the use of python3 and pip3 --- pshtt/build_pshtt.sh | 8 ++++---- sslyze/build_sslyze.sh | 8 ++++---- trustymail/build_trustymail.sh | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/pshtt/build_pshtt.sh b/pshtt/build_pshtt.sh index 7818815..9d0f50a 100755 --- a/pshtt/build_pshtt.sh +++ b/pshtt/build_pshtt.sh @@ -8,7 +8,7 @@ set -o pipefail # Set up the Python virtual environment ### VENV_DIR=/venv -python -m venv $VENV_DIR +python3 -m venv $VENV_DIR # Note that we have to turn off nounset before running activate, since # otherwise we can get an error that states "/venv/bin/activate: line # 6: _OLD_VIRTUAL_PATH: unbound variable". See @@ -25,19 +25,19 @@ set -o nounset ### # Update pip, setuptools, and wheel ### -pip install --upgrade pip setuptools wheel +pip3 install --upgrade pip setuptools wheel ## # Install pshtt ## -pip install --upgrade pshtt==0.6.10 +pip3 install --upgrade pshtt==0.6.10 ### # Install domain-scan ### [ -d domain-scan ] || mkdir domain-scan wget -q -O - https://api.github.com/repos/cisagov/domain-scan/tarball | tar xz --strip-components=1 -C domain-scan -pip install --upgrade -r domain-scan/lambda/requirements-lambda.txt +pip3 install --upgrade -r domain-scan/lambda/requirements-lambda.txt ### # Leave the Python virtual environment diff --git a/sslyze/build_sslyze.sh b/sslyze/build_sslyze.sh index c12fd0b..0f06ae3 100755 --- a/sslyze/build_sslyze.sh +++ b/sslyze/build_sslyze.sh @@ -8,7 +8,7 @@ set -o pipefail # Set up the Python virtual environment ### VENV_DIR=/venv -python -m venv $VENV_DIR +python3 -m venv $VENV_DIR # Note that we have to turn off nounset before running activate, since # otherwise we can get an error that states "/venv/bin/activate: line # 6: _OLD_VIRTUAL_PATH: unbound variable". See @@ -25,19 +25,19 @@ set -o nounset ### # Update pip, setuptools, and wheel ### -pip install --upgrade pip setuptools wheel +pip3 install --upgrade pip setuptools wheel ### # Install sslyze ### -pip install --upgrade sslyze==2.1.4 +pip3 install --upgrade sslyze==2.1.4 ### # Install domain-scan ### [ -d domain-scan ] || mkdir domain-scan wget -q -O - https://api.github.com/repos/cisagov/domain-scan/tarball | tar xz --strip-components=1 -C domain-scan -pip install --upgrade -r domain-scan/lambda/requirements-lambda.txt +pip3 install --upgrade -r domain-scan/lambda/requirements-lambda.txt ### # Leave the Python virtual environment diff --git a/trustymail/build_trustymail.sh b/trustymail/build_trustymail.sh index 8142a27..743df80 100755 --- a/trustymail/build_trustymail.sh +++ b/trustymail/build_trustymail.sh @@ -8,7 +8,7 @@ set -o pipefail # Set up the Python virtual environment ### VENV_DIR=/venv -python -m venv $VENV_DIR +python3 -m venv $VENV_DIR # Note that we have to turn off nounset before running activate, since # otherwise we can get an error that states "/venv/bin/activate: line # 6: _OLD_VIRTUAL_PATH: unbound variable". See @@ -25,19 +25,19 @@ set -o nounset ### # Update pip, setuptools, and wheel ### -pip install --upgrade pip setuptools wheel +pip3 install --upgrade pip setuptools wheel ## # Install trustymail ## -pip install --upgrade trustymail==0.8.1 +pip3 install --upgrade trustymail==0.8.1 ### # Install domain-scan ### [ -d domain-scan ] || mkdir domain-scan wget -q -O - https://api.github.com/repos/cisagov/domain-scan/tarball | tar xz --strip-components=1 -C domain-scan -pip install --upgrade -r domain-scan/lambda/requirements-lambda.txt +pip3 install --upgrade -r domain-scan/lambda/requirements-lambda.txt ### # Leave the Python virtual environment From 1349ec58b546c2968b8cb886fbf208f758c2524d Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 31 Aug 2023 16:29:53 -0400 Subject: [PATCH 4/4] Update email address from trio to gwe --- pshtt/Dockerfile | 2 +- sslyze/Dockerfile | 2 +- trustymail/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pshtt/Dockerfile b/pshtt/Dockerfile index 3ae0592..4e0eba0 100755 --- a/pshtt/Dockerfile +++ b/pshtt/Dockerfile @@ -1,5 +1,5 @@ FROM public.ecr.aws/lambda/python:3.7 -MAINTAINER Shane Frasier +MAINTAINER Shane Frasier # We need to install some basic packages so that the Docker container # can run the build_pshtt.sh script. diff --git a/sslyze/Dockerfile b/sslyze/Dockerfile index 2809ed9..20063a3 100755 --- a/sslyze/Dockerfile +++ b/sslyze/Dockerfile @@ -1,5 +1,5 @@ FROM public.ecr.aws/lambda/python:3.7 -MAINTAINER Shane Frasier +MAINTAINER Shane Frasier # We need to install some basic packages so that the Docker container # can run the build_sslyze.sh script. diff --git a/trustymail/Dockerfile b/trustymail/Dockerfile index 8141b23..a79234f 100755 --- a/trustymail/Dockerfile +++ b/trustymail/Dockerfile @@ -1,5 +1,5 @@ FROM public.ecr.aws/lambda/python:3.7 -MAINTAINER Shane Frasier +MAINTAINER Shane Frasier # We need to install some basic packages so that the Docker container # can run the build_trustymail.sh script.