Building Software with Docker
September 25th, 2017
I like the idea of continuous software development. It makes everything much faster, easier and more secure than old-style development procedures. If you automate the following steps, it will keep your software up to date, including libraries and dependencies.
Step 1: Apache Build Image
I am the author of an Apache module and as such, I want to have a docker container to build the module. The image shall have all the headers, libraries and developer tools installed. For security reasons, I don’t want to have the developer tools on a production environment and that’s why building and using is separated from each others. Thus, the resulting Apache module shall be stored outside of the docker container on the Host OS from where it is being copied or used.
The following screenshot is disclosing the details of the Dockerfile I use to build the Apache module.
This is a very simple Dockerfile. It is based on a standard httpd image and adds several developer tools. Furthermore, the image is downloading and compiling the Kafka library, as the Apache I use is logging information to Kafka. But this is not the topic I want to talk about. I could of course compile my own Apache module the same way as the librdkafka, but I want to have this separated from the building docker container.
The following command will create the resulting building image I later use to build my Apache source.
docker build -t=”ibuetler/hl-cas” .
And voilà, “docker images” returns the newly created “ibuetler/hl-cas” image.
Step 2: Building Apache Module
The Makefile is taking advantage of the “ibuetler/hl-cas” docker building image. The following directory listing is giving you an idea of the Apache module source code.
https://github.com/ibuetler/docker-hacks/tree/master/apache-module-build
The following lines in the Makefile do the magic (compile:)
The command “make compile” will create the build container from the previously created building image, mounts the current directory of the Host OS to the /opt directory within the docker container and runs the “make docker-compile” command. In case of success, the resulting shared library mod_mshield.so is being copied from the docker image to the Host OS through the use of the /opt/ directory. At the end, the docker container is being deleted and destroyed.
Having a closer look at the Makefile (use the GitHub repo for your reference) you will find out the meaning of the “make publish” command. This will not only build the Apache module, it will copy the libkafka library to its final destination and clean up the development workplace
Conclusion
This approach makes it extremely easy to build and test your software. Through the use of the dockers abstraction layer, you can run the commands above on OSX, Linux or Windows. If you need to compile the module with a more recent Apache installation, upgrade your build image, or have several build images with different Apache versions available. Everything can be automated. And if you do so, you are keeping your software up to date with the latest security patches and libraries applied.
Thank you for reading.
Have a safe day
Ivan Bütler, Compass Security
