From eaa39a489fbfd7993c313ed2b279ad2b0892a62d Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Tue, 28 Sep 2021 00:45:42 -0700
Subject: [PATCH 1/4] Docker image fix: libpython needs to be 3.9 on Debian
 Bullseye

---
 docker/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 4ee11c65d4..4729abf54f 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -18,7 +18,7 @@ RUN apt-get -q update \
      libz-dev \
      make \
      python3-minimal \
-     python3-dev \
+     python3.9-dev \
      swig \
      ninja-build \
      python3-pip \
@@ -45,7 +45,7 @@ RUN apt-get -q update \
      ca-certificates \
      git \
      libmaxminddb0 \
-     libpython3.7 \
+     libpython3.9 \
      libpcap0.8 \
      libssl1.1 \
      libz1 \

From 25f86d1d7f7587dda271a4323352e62df04d0f1f Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Wed, 29 Sep 2021 13:56:06 -0700
Subject: [PATCH 2/4] Set PYTHONPATH in Docker to automatically find Zeek's
 modules

---
 docker/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 4729abf54f..95fa86a138 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -58,3 +58,4 @@ RUN apt-get -q update \
 # Copy over Zeek installation.
 COPY --from=build /usr/local/zeek /usr/local/zeek
 ENV PATH "/usr/local/zeek/bin:${PATH}"
+ENV PYTHONPATH "/usr/local/zeek/lib/zeek/python:${PYTHONPATH}"

From ee58cb57850e58a3b9e49a85c2f497fae97a1723 Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Wed, 29 Sep 2021 13:57:42 -0700
Subject: [PATCH 3/4] Add Python Broker module load test to Docker image btests

We missed the fact that the broker module didn't load due to a wrong libpython
version because we didn't test that load.

Also remove an unused environment variable from btest.cfg.
---
 docker/btest/btest.cfg                 | 1 -
 docker/btest/docker/structure_tests.sh | 3 +++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/docker/btest/btest.cfg b/docker/btest/btest.cfg
index 69b30b9184..bf1b17fec7 100644
--- a/docker/btest/btest.cfg
+++ b/docker/btest/btest.cfg
@@ -9,5 +9,4 @@ MinVersion  = 0.63
 [environment]
 LC_ALL=C
 PATH=%(testbase)s/../../auxil/btest:%(default_path)s
-TEST_IMAGE=${TEST_TAG:-zeek:latest}
 TZ=UTC
diff --git a/docker/btest/docker/structure_tests.sh b/docker/btest/docker/structure_tests.sh
index cb6cd2e6f0..ba20fec05a 100644
--- a/docker/btest/docker/structure_tests.sh
+++ b/docker/btest/docker/structure_tests.sh
@@ -18,3 +18,6 @@ docker run --rm "${TEST_TAG}" zkg config
 
 # Check that a plugin can be installed. We pick any plugin with minimal deps here.
 docker run --rm "${TEST_TAG}" zkg install --force sethhall/domain-tld | sed 's/(.*)/(XXX)/'
+
+# Check that the Broker Python module loads
+docker run --rm "${TEST_TAG}" python3 -c "import broker"

From 946e4f8a42124080d752cddd70a22af789255797 Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Mon, 27 Sep 2021 17:30:19 -0700
Subject: [PATCH 4/4] Enable customization of the Docker image's configure
 invocation

---
 .github/workflows/docker.yml | 6 +++++-
 docker/Dockerfile            | 7 +++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 6fe3ca5f08..8253d3d4e8 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -18,6 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       TEST_TAG: zeek:latest
+      CONFFLAGS: --generator=Ninja --build-type=Release
     steps:
       - uses: actions/checkout@v2
         with:
@@ -31,7 +32,8 @@ jobs:
         with:
           context: ./
           file: docker/Dockerfile
-          # Load and tag the image so it can be used by the test job below.
+          build-args: |
+            CONFFLAGS=${{ env.CONFFLAGS }}
           load: true
           tags: ${{ env.TEST_TAG }}
 
@@ -76,6 +78,8 @@ jobs:
         with:
           context: ./
           file: docker/Dockerfile
+          build-args: |
+            CONFFLAGS=${{ env.CONFFLAGS }}
           push: true
           tags: |
             zeekurity/${{ steps.target.outputs.tag }}
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 95fa86a138..5957575213 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -31,11 +31,10 @@ RUN apt-get -q update \
 COPY . /src/zeek
 RUN make -C /src/zeek distclean
 
+ARG CONFFLAGS="--generator=Ninja --build-type=Release"
+
 WORKDIR /src/zeek
-RUN ./configure \
-     --generator=Ninja \
-     --build-type=Release \
- && ninja -C build install
+RUN ./configure $CONFFLAGS && ninja -C build install
 
 # Final layer containing all artifacts.
 FROM debian:bullseye-slim AS final