Use the default driver in Dockerfile

This is work towards tern-tools#1082

We use the default driver so we can run Tern in an unprivileged
container. Hence we don't need the --driver option in the
Dockerfiles, and the --privileged option in the docker_run.sh
script.

Signed-off-by: Nisha K <[email protected]>

Author: Nisha K

ci/Dockerfile

@@ -1,39 +1,32 @@
-# Copyright (c) 2019-2020 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2019-2021 VMware, Inc. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 
-FROM debian:buster
+FROM python:3.9-slim-buster as base
 
-# Install fuse-overlayfs and Tern dependencies
-RUN apt-get update && \
-    apt-get -y install \
+FROM base as builder
+
+RUN mkdir /install
+WORKDIR /install
+
+COPY dist/tern-*.tar.gz .
+RUN pip install --no-warn-script-location --prefix=/install \
+    tern-*.tar.gz
+
+FROM base
+
+RUN echo "deb http://deb.debian.org/debian bullseye main" > /etc/apt/sources.list.d/bullseye.list \
+    && echo "Package: *\nPin: release n=bullseye\nPin-Priority: 50" > /etc/apt/preferences.d/bullseye \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends \
     attr \
     findutils \
+    fuse-overlayfs/bullseye \
+    fuse3/bullseye \
     git \
-    gnupg2 \
     jq \
-    python3 \
-    python3-pip \
-    python3-setuptools \
-    tar \
-    util-linux \
-    wget && \
-    echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list && \
-    wget --no-verbose https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key -O - | apt-key add - && \
-    apt-get update && \
-    apt-get -y install \
-    buildah \
-    fuse-overlayfs && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-
-# Adjust storage.conf to enable Fuse storage.
-RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf
-
-# Install tern with latest changes
-COPY dist/tern-*.tar.gz .
-RUN pip3 install --upgrade pip && \
-    pip3 install --no-cache-dir \
-    tern-*.tar.gz
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /install /usr/local
 
-ENTRYPOINT ["tern", "--driver", "fuse"]
-CMD ["-h"]
+ENTRYPOINT ["tern"]
+CMD ["--help"]

docker/Dockerfile

@@ -1,4 +1,4 @@
-# Copyright (c) 2019-2020 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2019-2021 VMware, Inc. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 
 FROM python:3.9-slim-buster as base
@@ -27,5 +27,5 @@ RUN echo "deb http://deb.debian.org/debian bullseye main" > /etc/apt/sources.lis
 
 COPY --from=builder /install /usr/local
 
-ENTRYPOINT ["tern", "--driver", "fuse"]
-CMD ["--help"]
+ENTRYPOINT ["tern"]
+CMD ["--help"]

docker/Dockerfile.scancode

@@ -1,4 +1,4 @@
-# Copyright (c) 2019-2020 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2019-2021 VMware, Inc. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 
 FROM python:3.9-slim-buster as base
@@ -34,5 +34,5 @@ RUN echo "deb http://deb.debian.org/debian bullseye main" > /etc/apt/sources.lis
 
 COPY --from=builder /install /usr/local
 
-ENTRYPOINT ["tern", "--driver", "fuse"]
+ENTRYPOINT ["tern"]
 CMD ["--help"]

docker_run.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2019-2020 VMware, Inc. All Rights Reserved.
+# Copyright (c) 2019-2021 VMware, Inc. All Rights Reserved.
 # SPDX-License-Identifier: BSD-2-Clause
 #
 # Script to run Tern within a prebuilt Docker container
@@ -11,4 +11,4 @@
 # Usage: ./docker_run.sh <tern image> <tern command arguments in quotes> > output.txt
 # Example: ./docker_run.sh ternd "report -i golang:alpine" > output.txt
 
-docker run --privileged --device /dev/fuse -v /var/run/docker.sock:/var/run/docker.sock --rm $1 $2
+docker run -v /var/run/docker.sock:/var/run/docker.sock --rm $1 $2