From 6267ae15c5d2a0f9f387dbb1021b4f255e2c9008 Mon Sep 17 00:00:00 2001 From: tabledevil Date: Thu, 7 May 2026 11:34:12 +0200 Subject: [PATCH] Pin runtime base to ubuntu:24.04, gitignore test-data, add fetch helper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bare 'FROM ubuntu' was floating; recent rollover (ubuntu:latest = 25.04 'resolute') dropped libpcre3 in favour of libpcre2 and broke the build with E: Unable to locate package libpcre3. Pin to 24.04 (same as docker_kaspersky and docker_sep) so the build is reproducible across rollovers. test-data/ is 255 MB of public corpora (Yamato hayabusa-sample-evtx + local run outputs) — too large to track. fetch-test-data.sh clones the upstream on demand. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitignore | 1 + Dockerfile | 4 +++- fetch-test-data.sh | 9 +++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 .gitignore create mode 100755 fetch-test-data.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6350f0f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +test-data/ diff --git a/Dockerfile b/Dockerfile index c6014e1..7c09acb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,7 +44,9 @@ RUN rm -rf /opt/hayabusa/rules RUN git clone --depth=1 https://github.com/Yamato-Security/hayabusa-rules.git /opt/hayabusa/rules # Stage 2: Final Image -FROM ubuntu +# Pin major.minor; bare 'ubuntu' floats and recent rollovers dropped libpcre3 +# in favour of libpcre2 which broke this build. +FROM ubuntu:24.04 # Copy only the necessary files from the builder stage COPY --from=builder /opt/hayabusa /opt/hayabusa diff --git a/fetch-test-data.sh b/fetch-test-data.sh new file mode 100755 index 0000000..70876c1 --- /dev/null +++ b/fetch-test-data.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# Pull the upstream EVTX sample bundle (all from Yamato-Security's curated +# repo, which itself wraps several public sample sets — see test-data/sample-evtx/README.md). +set -e +cd "$(dirname "$0")" +mkdir -p test-data +[ -d test-data/sample-evtx ] || \ + git clone --depth=1 https://github.com/Yamato-Security/hayabusa-sample-evtx.git test-data/sample-evtx +echo "ready: test-data/sample-evtx"