From 028eabb2829115a7dd72f9353682832192b758dc Mon Sep 17 00:00:00 2001
From: Julien Del-Piccolo <julien@del-piccolo.com>
Date: Fri, 24 Feb 2017 17:24:34 +0100
Subject: [PATCH] Add wrapper to download specific version of
 docker-bench-security on the fly.

Signed-off-by: Julien Del-Piccolo <julien@del-piccolo.com>
---
 Dockerfile              | 11 +++++++----
 get-specific-version.sh | 19 +++++++++++++++++++
 2 files changed, 26 insertions(+), 4 deletions(-)
 create mode 100755 get-specific-version.sh

diff --git a/Dockerfile b/Dockerfile
index 7399fd3..70e2f3f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,7 @@
 FROM alpine:3.5
 
+ENV DBS_VERSION=
+
 LABEL org.label-schema.name="docker-bench-security" \
       org.label-schema.url="https://dockerbench.com" \
       org.label-schema.vcs-url="https://github.com/docker/docker-bench-security.git"
@@ -8,9 +10,11 @@ RUN \
   apk upgrade --no-cache && \
   apk add --no-cache \
     docker \
-    dumb-init && \
+    dumb-init \
+    openssl && \
   rm -rf /usr/bin/docker-* /usr/bin/dockerd && \
-  mkdir /usr/local/bin/tests
+  mkdir /usr/local/bin/tests && \
+  mkdir /usr/share/docker-bench-security
 
 COPY ./*.sh /usr/local/bin/
 
@@ -20,5 +24,4 @@ WORKDIR /usr/local/bin
 
 HEALTHCHECK CMD exit 0
 
-ENTRYPOINT [ "/usr/bin/dumb-init", "docker-bench-security.sh" ]
-
+ENTRYPOINT [ "/usr/bin/dumb-init", "get-specific-version.sh", "docker-bench-security.sh" ]
\ No newline at end of file
diff --git a/get-specific-version.sh b/get-specific-version.sh
new file mode 100755
index 0000000..dbc15d8
--- /dev/null
+++ b/get-specific-version.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+if [ -n "${DBS_VERSION}" ]; then
+  if [ ! -f /usr/share/docker-bench-security/v${DBS_VERSION}.tar.gz ]; then
+    echo "Getting docker-bench-security v${DBS_VERSION}..."
+    wget -q -P /usr/share/docker-bench-security/ https://github.com/docker/docker-bench-security/archive/v${DBS_VERSION}.tar.gz
+    rm -rf /usr/share/docker-bench-security/docker-bench-security-${DBS_VERSION}/
+    tar xfz /usr/share/docker-bench-security/v${DBS_VERSION}.tar.gz -C /usr/share/docker-bench-security/
+  fi
+  
+  if [ -d /usr/share/docker-bench-security/docker-bench-security-${DBS_VERSION}/ ]; then
+    rm -rf /usr/local/bin/docker-bench-security.sh /usr/local/bin/helper_lib.sh /usr/local/bin/output_lib.sh
+    rm -rf /usr/local/bin/tests/*
+  
+    cp -r /usr/share/docker-bench-security/docker-bench-security-${DBS_VERSION}/*.sh /usr/local/bin/
+    cp -r /usr/share/docker-bench-security/docker-bench-security-${DBS_VERSION}/tests/*.sh /usr/local/bin/tests/
+  fi
+fi
+
+exec "$@"
\ No newline at end of file