debian-install-script #233
Conversation
Add wget to prerequisites for script.
Updated Docker installation script to use a single command for installing and configuring Docker.
| echo "Installing prerequisites..." | ||
| sudo apt update -y | ||
| sudo apt install wget -y | ||
| curl -o packages-microsoft-prod.deb https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb # Someone needs to make this dynamic and check the OS version. |
There was a problem hiding this comment.
@codecadwallader this may need an update to dynamically check for the correct version of Debian. Currently its set to use 12. Since Debian does not come with the Microsoft repos they need to be added manually.
|
Hey @oliv10 , thanks for putting these updates together. I'm sorry that I didn't see your message sooner. I had a backlog of GitHub notifications from my open-source project and had fallen behind. I've cleared those out and will be more on top of GitHub notifications going forwards. I actually was in the process the last couple weeks of making a self-updating Linux service that is published through an APT package that we self-host out of Azure storage. It uses the unattended upgrades component of APT to enable automatic updates so that we can push new versions out to our customers and iterate on our scanners without requiring them to re-deploy. This included some code side changes to the scanner as well so that we can do some additional things like version tracking and improve security by no longer sending the scanner password over the wire. I took parts of these scripts and folded them into the ShieldCyber repo where I'm hosting the scripts, DEBIAN metadata, GitHub action to build and publish the APT package and repository, etc. Currently I'm doing a live pull as part of the build process to grab the compose.yml from this repo but @mtweimer and I were discussing if it made sense to move that file over as well I do not have any of these multi-Linux enhancements you've been working on in place. Since the deployment mechanism is through the standard APT packaging route it is indeed pretty limited to Debian based distros like Ubuntu. I'm glad you've explored that pathway for the Docker side of things and we can leverage this logic when we start expanding the scanner to other Linux distros (e.g., RedHat). It may be good for the three of us to talk sometime about our strategy going forwards. 👍 |
Debian install script and updates needed to other scripts to make sure that all the dependencies are preset for installation.
Docker installation updated to use the script from Docker. Currently this will be the OS limitations for the future.
I was unable to test the Debian install script to 100% completion as my VM would not start the containers. (I think this is mostly due to running amd64 through a compatibility layer on arm.) Running the containers on an arm Debian VM are ok and run as expected.