search

CybercentreCanada / assemblyline

AssemblyLine 4: File triage and malware analysis
https://cybercentrecanada.github.io/assemblyline4_docs/
MIT License
249 stars 15 forks source link

"assemblyline-service-yara" docker uses "latest" brach of "cccs/assemblyline-v4-service-base" #267

Closed vladik-activefence closed 2 months ago

vladik-activefence commented 2 months ago

We found a problem, when trying to build a "assemblyline-service-yara" service using a release version "4.5.0.stable17" The DockerFile uses the "latest" branch of the "cccs/assemblyline-v4-service-base" ARG branch=latest FROM cccs/assemblyline-v4-service-base:$branch AS base ENV SERVICE_PATH yara_.yara_.Yara ENV YARA_VERSION='4.3.0' The problem that currently, the "latest" version is "4.5.1.dev281" while the latest "release" version of AssemblyLine is "4.5.0.48". This difference causes the service to be incompatible with the AssemblyLine, which forces it to be rerun until the configured rerun limit. I suggest to use a specific tag for services that point to the version it was tested with or "stable", but not the latest, which can change almost every day. Thank you

gdesmar commented 2 months ago

Are you trying to build your next version of assemblyline-service-yara independently from our own releases? That service's version 4.5.0.stable17 was already built and published on dockerhub a bit more than a month ago.

Regarding using a pinned version in our Dockerfile, we are always pointing to the latest base of the image so that we have any possible update. I believe, if you want to rebuild a new version of the service, assuming you want to build a stable release, and not a dev release, you will have to do what we do in our pipelines and pass in the --build-arg branch=stable argument to docker build. The latest value in the Dockerfile that is used to determine which base container to use is changed based on the tag that will be used, either 4.5.0.stable17 -> stable or 4.5.1.dev11 -> latest.

For complete information, the version argument is also fed at in our pipeline using --build-arg version= with the git tag (truncating the v in front).

If you were talking about our official assemblyline-service-yara, I just verified and I am certain it did not use the latest base container to build itself. We are also running that image in our deployment, so if that is what is causing you problem, there may be another configuration issue.

I hope that will help clarify our building process. 🙂

vladik-activefence commented 2 months ago

Yes, we wanted to modify the latest release version of assemblyline-service-yara (4.5.0.stable17) and build our docker with the modifications. The "assemblyline-service-yara" version from dockerhub, which I assume you call "official", works great, so we wanted to use the source code of this version as our baseline, but the docker we built didn't work correctly with the AsselmblyLine version that we use (4.5.0.48) I'll use the "--build-arg" argument next time, thank you for letting me know!