From bcd08657f1156b7790b352f7edccde0bc862a476 Mon Sep 17 00:00:00 2001
From: Fabian <33890082+nzqo@users.noreply.github.com>
Date: Mon, 20 Mar 2023 14:42:04 +0100
Subject: [PATCH] Removed redundant runtime dependencies (#2750)

Applied consistent formatting
Minimized layer overhead
Improved port handling (making it modifiable from docker build)

Co-authored-by: Fabian Portner <fportner@seemoo.tu-darmstadt.de>
---
 Dockerfile | 93 ++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 59 insertions(+), 34 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6a9d574296..d88858a2be 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,60 +4,85 @@
 ##   Please read the Wiki Installation section on set-up using Docker prior to building this container.  ##
 ##   BeEF does NOT allow authentication with default credentials. So please, at the very least           ##
 ##   change the username:password in the config.yaml file to something secure that is not beef:beef      ##
-##   before building or you will to denied access and have to rebuild anyway.                            ##
+##   before building or you will be denied access and have to rebuild anyway.                            ##
 ##                                                                                                       ##
 ###########################################################################################################
 ###########################################################################################################
 
 # ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------
-FROM ruby:2.7.5-alpine AS builder
-LABEL maintainer="Beef Project: github.com/beefproject/beef"
-
-# Install gems in parallel with 4 workers to expedite build process.=
-ARG BUNDLER_ARGS="--jobs=4"
-
-# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files
-RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+FROM ruby:3.2.1-slim-bullseye AS builder
 
 COPY . /beef
 
-# Add bundler/gem dependencies and then install
-RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \
-  bundle install --gemfile=/beef/Gemfile $BUNDLER_ARGS && \
-  # Temp fix for https://github.com/bundler/bundler/issues/6680
-  rm -rf /usr/local/bundle/cache
-
-WORKDIR /beef
-
-# So we don't need to run as root
-RUN chmod -R a+r /usr/local/bundle
+# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files.
+# Then add bundler/gem dependencies and install.
+# Finally change permissions of bundle installs so we don't need to run as root.
+RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    xz-utils \
+    make \
+    g++ \
+    libcurl4-openssl-dev \
+    ruby-dev \
+    libffi-dev \
+    zlib1g-dev \
+    libsqlite3-dev \
+    sqlite3 \
+ && bundle install --gemfile=/beef/Gemfile --jobs=`nproc` \
+ && rm -rf /usr/local/bundle/cache \
+ && chmod -R a+r /usr/local/bundle \
+ && rm -rf /var/lib/apt/lists/*
 # ------------------------------------- End of Builder 0 -------------------------------------------------
 
 
 # ---------------------------- Start of Builder 1 - Final Build ------------------------------------------
-FROM ruby:2.7.5-alpine
-LABEL maintainer="Beef Project: github.com/beefproject/beef"
-
-# Create service account to run BeEF
-RUN adduser -h /beef -g beef -D beef
-
-COPY --chown=1000:1000 . /beef
+FROM ruby:3.2.1-slim-bullseye
+LABEL maintainer="Beef Project" \
+      source_url="github.com/beefproject/beef" \
+      homepage="https://beefproject.com/"
+
+# BeEF UI/Hook port
+ARG UI_PORT=3000
+ARG PROXY_PORT=6789
+ARG WEBSOCKET_PORT=61985
+ARG WEBSOCKET_SECURE_PORT=61986
+
+
+# Create service account to run BeEF and install BeEF's runtime dependencies
+RUN adduser --home /beef --gecos beef --disabled-password beef \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends \
+    curl \
+    openssl \
+    libssl-dev \
+    libreadline-dev \
+    libyaml-dev \
+    libxml2-dev \
+    libxslt-dev \
+    libncurses5-dev \
+    libsqlite3-dev \
+    sqlite3 \
+    zlib1g \
+    bison \
+    nodejs \
+ && apt-get -y clean \
+ && rm -rf /var/lib/apt/lists/*
 
 # Use gemset created by the builder above
+COPY --chown=beef:beef . /beef
 COPY --from=builder /usr/local/bundle /usr/local/bundle
 
-# Install BeEF's runtime dependencies
-RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses automake libtool bison nodejs
-
-WORKDIR /beef
-
 # Ensure we are using our service account by default
 USER beef
 
-# Expose UI, Proxy, WebSocket server, and WebSocketSecure server
-EXPOSE 3000 6789 61985 61986
+# Expose UI, Proxy, WebSocket server, and WebSocketSecure server ports
+EXPOSE $UI_PORT $PROXY_PORT $WEBSOCKET_PORT $WEBSOCKET_SECURE_PORT
 
-HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:3000" ]
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "curl", "-fS", "localhost:$UI_PORT" ]
 
+WORKDIR /beef
 ENTRYPOINT ["/beef/beef"]
 # ------------------------------------- End of Builder 1 -------------------------------------------------