oxidized 0.28.0 → 0.29.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95fc2012e91f74ce819ae87f1c400231e86efa9a7fac37882569bc5426fd3fe5
-  data.tar.gz: 7ef28ef45e639d0813da0b38cc1f5c5f39bb64e0cb012536b7a774952f723adb
+  metadata.gz: 7dfae187ce90fc83fde6d62b7044eac15ca5a803aa05f2064d99ffe04aea938d
+  data.tar.gz: d5de2f1a1770c966168ed3385623376f5d335461a6c9403a1ef44bfcbc504a57
 SHA512:
-  metadata.gz: a9b04bd2bbcc50f6e71c9ec340712ad10fe33362d4703e317d17e439ed714433400e7d76512ae10fbf928386b9e3bd81e1db1d70f259639015ba506cdf89092b
-  data.tar.gz: 334d3c403a31d79b3489b430f20142a272022b4cade9321e91173a8c8bd90a9b7244763f853779fdd65a3d6c0cd201c4ccc2cfff7964bc3385f90fc0cb032467
+  metadata.gz: '0515586ff98c993834c1aaf40638e8078fb55fa44b120ceffd0c7164216b4307eb6b39145fbff0aeb0d11519f3ee10d2fb82fea73498e243808f2e0eda130e39'
+  data.tar.gz: 6afbfb306289a65a8c89799a87b920880547c06e0372f56bbbbafd5b4e85d13d452de5e1593eb2c13320d830a04159dd1046ec4c93e0a20ee7bca2669ac79b53

data/.github/workflows/publishdocker.yml

@@ -2,12 +2,19 @@ name: Publish Docker
 on: [push]
 jobs:
   build:
+    if: github.repository_owner == 'ytti'
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
+      with:
+        fetch-depth: 0
+    - name: Get Release Version
+      id: get_version
+      run: echo "release-version=$(git describe --tags)" >> $GITHUB_OUTPUT
     - name: Publish to Registry
-      uses: elgohr/Publish-Docker-Github-Action@master
+      uses: elgohr/Publish-Docker-Github-Action@v5
       with:
         name: oxidized/oxidized
         username: ${{ secrets.DOCKER_USERNAME }}
         password: ${{ secrets.DOCKER_PASSWORD }}
+        tags: "latest,${{ steps.get_version.outputs.release-version }}"

data/.github/workflows/ruby.yml

@@ -0,0 +1,42 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: CI
+
+on: [ push, pull_request ]
+#  push:
+#    branches: [ master ]
+#  pull_request:
+#    branches: [ master ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['3.0', '3.1', '3.2']
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: rubocop
+      uses: reviewdog/action-rubocop@v2
+      with:
+        rubocop_version: gemfile
+        rubocop_extensions: rubocop-minitest:gemfile rubocop-rake:gemfile
+        reporter: github-pr-review
+    - name: Run tests
+      run: bundle exec rake
+    - uses: codecov/codecov-action@v3
+      if: ${{ always() }}

data/.rubocop.yml

@@ -2,22 +2,29 @@ inherit_from: .rubocop_todo.yml
 
 # Do not attempt to police vendored code
 AllCops:
-  TargetRubyVersion: 2.3
+  NewCops: enable
+  TargetRubyVersion: 3.0
   Exclude:
     - 'vendor/**/*'
 
-StringLiterals:
+Style/StringLiterals:
   Enabled: false
 
 Style/FrozenStringLiteralComment:
   Enabled: false
 
-LineLength:
+Layout/LineLength:
   Enabled: false
 
 Lint/AmbiguousRegexpLiteral:
   Enabled: false
 
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
 # Stick to verbose until https://bugs.ruby-lang.org/issues/10177 is closed.
 Style/PreferredHashMethods:
   EnforcedStyle: verbose
@@ -60,14 +67,27 @@ Style/Documentation:
 Style/ParallelAssignment:
   Enabled: false
 
+Metrics/MethodLength:
+  Max: 45
+
 ## Metrics/AbcSize:
 ##   Max: 28
-## 
-## Metrics/MethodLength:
-##   Max: 20
-## 
-## Metrics/ClassLength:
-##   Max: 140
-## 
+
+Metrics/ClassLength:
+  Max: 200
+
 ## Metrics/CyclomaticComplexity:
 ##   Max: 7
+
+Metrics/BlockLength:
+  Max: 150
+
+Metrics/ParameterLists:
+  Max: 6
+
+Lint/EmptyBlock:
+  Enabled: false
+
+require:
+  - rubocop-rake
+  - rubocop-minitest

data/.rubocop_todo.yml

@@ -1,51 +1,33 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2020-02-29 09:58:06 +0100 using RuboCop version 0.80.0.
+# on 2023-04-03 06:53:54 UTC using RuboCop version 1.48.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
 # Offense count: 3
-# Configuration parameters: AllowComments.
+# Configuration parameters: AllowComments, AllowNil.
 Lint/SuppressedException:
   Exclude:
     - 'lib/oxidized/input/ssh.rb'
     - 'lib/oxidized/input/telnet.rb'
     - 'lib/oxidized/nodes.rb'
 
-# Offense count: 67
+# Offense count: 62
+# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 82
+  Max: 92
 
-# Offense count: 18
-# Configuration parameters: CountComments, ExcludedMethods.
-# ExcludedMethods: refine
-Metrics/BlockLength:
-  Max: 142
-
-# Offense count: 6
-# Configuration parameters: CountComments.
-Metrics/ClassLength:
-  Max: 196
-
-# Offense count: 11
+# Offense count: 16
+# Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/CyclomaticComplexity:
-  Max: 14
-
-# Offense count: 61
-# Configuration parameters: CountComments, ExcludedMethods.
-Metrics/MethodLength:
-  Max: 41
-
-# Offense count: 1
-# Configuration parameters: CountKeywordArgs.
-Metrics/ParameterLists:
-  Max: 6
+  Max: 12
 
-# Offense count: 11
+# Offense count: 13
+# Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/PerceivedComplexity:
-  Max: 14
+  Max: 12
 
 # Offense count: 1
 Naming/AccessorMethodName:
@@ -70,8 +52,8 @@ Naming/MemoizedInstanceVariableName:
   Exclude:
     - 'lib/oxidized/string.rb'
 
-# Offense count: 14
-# Cop supports --auto-correct.
+# Offense count: 9
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: PreferredName.
 Naming/RescuedExceptionsVariableName:
   Exclude:
@@ -82,23 +64,25 @@ Naming/RescuedExceptionsVariableName:
     - 'lib/oxidized/config.rb'
     - 'lib/oxidized/node.rb'
     - 'lib/oxidized/nodes.rb'
-    - 'lib/oxidized/output/git.rb'
-    - 'lib/oxidized/output/gitcrypt.rb'
     - 'lib/oxidized/source/sql.rb'
 
+# Offense count: 2
+Rake/DuplicateTask:
+  Exclude:
+    - 'Rakefile'
+
 # Offense count: 1
 Security/Eval:
   Exclude:
     - 'Rakefile'
 
-# Offense count: 4
-# Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect, EnforcedStyle.
+# Offense count: 3
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
 # SupportedStyles: nested, compact
 Style/ClassAndModuleChildren:
   Exclude:
     - 'lib/oxidized/config/vars.rb'
-    - 'lib/oxidized/input/telnet.rb'
     - 'lib/oxidized/nodes.rb'
 
 # Offense count: 2
@@ -106,15 +90,85 @@ Style/ClassVars:
   Exclude:
     - 'lib/oxidized.rb'
 
-# Offense count: 2
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: allowed_in_returns, forbidden
 Style/DoubleNegation:
   Exclude:
-    - 'lib/oxidized/cli.rb'
     - 'lib/oxidized/hook/exec.rb'
 
-# Offense count: 36
-# Cop supports --auto-correct.
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/GlobalStdStream:
+  Exclude:
+    - 'lib/oxidized.rb'
+
+# Offense count: 3
+Style/OpenStructUse:
+  Exclude:
+    - 'lib/oxidized/hook.rb'
+    - 'lib/oxidized/node.rb'
+    - 'spec/hook/githubrepo_spec.rb'
+
+# Offense count: 27
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantRegexpCharacterClass:
+  Exclude:
+    - 'lib/oxidized/model/axos.rb'
+    - 'lib/oxidized/model/comtrol.rb'
+    - 'lib/oxidized/model/fabricos.rb'
+    - 'lib/oxidized/model/ironware.rb'
+    - 'lib/oxidized/model/mlnxos.rb'
+    - 'lib/oxidized/model/nxos.rb'
+    - 'lib/oxidized/model/slxos.rb'
+    - 'lib/oxidized/model/sonicos.rb'
+    - 'lib/oxidized/model/speedtouch.rb'
+    - 'lib/oxidized/model/telco.rb'
+    - 'lib/oxidized/model/ucs.rb'
+    - 'lib/oxidized/model/voltaire.rb'
+    - 'lib/oxidized/model/zhoneolt.rb'
+    - 'lib/oxidized/model/zynoscli.rb'
+
+# Offense count: 37
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantRegexpEscape:
+  Exclude:
+    - 'lib/oxidized/model/adva.rb'
+    - 'lib/oxidized/model/airfiber.rb'
+    - 'lib/oxidized/model/aosw.rb'
+    - 'lib/oxidized/model/c4cmts.rb'
+    - 'lib/oxidized/model/dellx.rb'
+    - 'lib/oxidized/model/eltex.rb'
+    - 'lib/oxidized/model/enterasys800.rb'
+    - 'lib/oxidized/model/netonix.rb'
+    - 'lib/oxidized/model/netscaler.rb'
+    - 'lib/oxidized/model/openbsd.rb'
+    - 'lib/oxidized/model/siklu.rb'
+    - 'lib/oxidized/model/slxos.rb'
+    - 'lib/oxidized/model/sonicos.rb'
+    - 'lib/oxidized/model/trango.rb'
+
+# Offense count: 45
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, AllowInnerSlashes.
 # SupportedStyles: slashes, percent_r, mixed
 Style/RegexpLiteral:
   Enabled: false
+
+# Offense count: 31
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/SlicingWithRange:
+  Enabled: false
+
+# Offense count: 81
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Mode.
+Style/StringConcatenation:
+  Enabled: false
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/ZeroLengthPredicate:
+  Exclude:
+    - 'lib/oxidized/core.rb'

data/CHANGELOG.md

@@ -6,6 +6,140 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ## [Unreleased]
 
+## [0.29.0 - 2023-04-13]
+
+- Ensure Docker Builds are tagged with latest and version (using `git describe --tags`) (@aschaber1)
+- Upgrade Dockerfile baseimage to Ubuntu 22.04 and Ruby 3.0 (@aschaber1)
+- Upgrade Ruby dependency to Ruby 3.0+ (@aschaber1)
+- model for PanOS & Panorama via HTTP API (@pv2b, @sts)
+- model for MikroTik SwOS devicse (@sm-nessus)
+- model for TrueNAS devices (@neilschelly)
+- model for Acme Packet devices (@ha36d)
+- model for SmartCS devise (@yoshihito-tatano)
+- Cumulus: added option to use NCLU as ia collecting method
+- Update net-ssh to 7.0.1 (using `append_all_supported_algorithms: true`)
+- Allow (config) (vlan-####) confirmation (y/n) and sftp questions in procurve prompt (@sorano)
+- Added new model called `srosmd` to backup configuration fron Nokia SR OS devices running in the model-driven CLI mode, which has different syntax to existing `sros` model.
+- fix: allow Netgear devices to finish SSH session correctly
+- More pager handling for MIS5030Q (@glance-)
+- Update logrotate example to allow logrotate service to start before any logs exist
+- Mask NX-OS tacacs+ host keys (@0x4c6565)
+- airfiber: prompt matching made case-insensitive to support AF5xHD (@noaheroufus)
+- Cumulus: add support for dhcp-relay (@ohai89)
+- Github Action: Support creating custom version tag in a release
+- Add support for no enable password set on ironware
+- change pfSense secret scrubbing to keep config as well-formed XML
+- Add support for comware HPE Office Connect 1950
+- Added model for Hirschmann Hios devices, next to alread present Hirschmann classic (@tijldeneut)
+- (StoneOS) Prompt fix for long device names, '^H' handling and removal of ever-changing data (@dMailonG)
+
+### Added
+
+- install rugged with ssh in Dockerfile (@agrevtcev)
+- allow to run as non-root user in Docker (@agrevtcev)
+- Extend http source configurations to include read_timeout value
+- model for bdcom-based fiberstore switches (@candlerb)
+- enterasys800 model for enterasys 800-series fe/ge switches (@javichumellamo)
+- add ES3526XA-V2 support in EdgeCOS model (@moisseev)
+- model for eltex mes-series switches (@glaubway)
+- model for zte c300 and c320 olt (@glaubway)
+- model for LANCOM (@systeembeheerder)
+- model for Aruba CX switches (@jmurphy5)
+- model for FortiWLC WLAn Controller (@MrMarioMichel)
+- model for NEC IX devices (@mikenowak)
+- Added docs for Dell/EMC Networking OS10 devices (@davromaniak)
+- model for Zyxel 1308 OLTs (@baldoarturo)
+- model for Linksys SRW switches (@glance-)
+- Added exec hook variables to retrieve verbose node's failure reason and type
+- model for Cambium ePMP radios (@martydingo)
+- Added GaiaOS support for virtual systems (@rwxd)
+- Added new `group_map` configuration option (@mjbnz)
+- Dockerfile rebased to phusion/baseimage-docker focal-1.2.0
+- model for Lenovo Network OS (@seros1521)
+- new option: use_max_threads
+- model for ADVA devices (@stephrdev)
+- model for YAMAHA NVR/RTX Series (@bluekirin55)
+- model for ZPE Nodegrid OS (@euph333)
+- model for H3C switches
+- model for Cisco Catalyst Express switches (@unemongod)
+- extended mysql source configuration to include tls options (@glaubway)
+- updated rugged in gemspec for ruby 3.0 support (@firefishy)
+- Added exec hook for MS Teams webhook (@systeembeheerder)
+
+### Changed
+
+- Better manage of the enable mode in edgeswitch.rb (@agabellini)
+- Adds paging support to Enterasys B3/C3 (@piterpunk)
+- Allows "Username" as username prompt in Brocade ICX-series devices (@piterpunk)
+- Add show-sensitive flag on export command on Mikrotik RouterOS when remove_secret is off (@kedare)
+- rubocop dependency now ~> 0.81.0, the last one with ruby 2.3 support
+- change pfSense secret scrubbing to handle new format in 2.4.5+
+- Dockerfile rebased to phusion/baseimage-docker bionic-1.0.0
+- scrub PoE related messages from routeros config output (@pioto)
+- support for d-link dgs-1100 series switches in dlink model (@glaubway)
+- enterasys model now works with both ro and rw access (@sargon)
+- restore including last configuration change IOS if the change is done by real user. Resolves #1921 (@raunz)
+- Additional scrubbing for SonicOS v7 devices (@gerard780)
+- improved Telnet support for enterasys (@jplitza)
+- Include "show version" output for enterasys (@jplitza)
+- xmppdiff now also shows diffs with only removed or only added lines (@jplitza)
+- xmppdiff now persists its connection to the XMPP server and MUC (@jplitza)
+- routeros no longer backups infos on available updates (@jplitza)
+- avoid /humidity hardware field in tmos (F5) to be reported (@albsga)
+- read all configurations in partition folder for tmos (F5) (@dalamanster)
+- version information or OPNsense and PFsense models is now included as XML comments (@pv2b)
+- netscaler, backup all partitions (@smallsam)
+- only runs SSH proxy commands if the ssh_proxy configuration item has been defined (@jameskirsop)
+- updated vrp.rb to correctly parse huawei devices
+- asa: information about the configuration change time is deleted
+- Extended groups configuration to support models vars within a group (@mjbnz)
+- Extended `remote_repo` configuration to allow repo specific ssh keys (@mjbnz)
+- sonicos: added scrubbing for hashed values (@televat0rs)
+- nxos: Additional scrubbing for nxos device passwords (@derekivey)
+- nxos: Fix password match to avoid stripping out the user role. (@derekivey)
+- OpenBSD: Include bgpd, ospfd and ospf6d files (@woopstar)
+- scrub often changing values in junos license output (@matejv)
+- comware: support for enable(super) login password added (@delvta)
+- use slack-ruby-client instead of slack-api for slackdiff hook (@0xmc)
+- ios: Add support for RBAC in IOS model (@jameskirsop)
+- hide unsupported-transceiver license key in Arista EOS (@davidc)
+- edgecos: add support for FS S3900-48T6S-R (@cgsecurity)
+
+### Fixed
+
+- fixed an issue for IOSXR devices which can't allocate pty because of problem with forwarding agent.
+- fixed an issue with the TrueNAS model where the configuration would come up blank when TrueNAS was also using it. (@neilschelly)
+- fixed on issue where Oxidized could not pull config from Opengear devices #1899 (@rikard0)
+- fixed an issue where Oxidized could not pull config from XOS-devices operating in stacked mode (@DarkCatapulter)
+- fixed an issue where Oxidized could not pull config from XOS-devices that have not saved their configuration (@DarkCatapulter)
+- improved scrubbing of show chassis in ironware model (@michaelpsomiadis)
+- fixed snmp secret handling in netgear model (@CirnoT)
+- generalise fortiOS to support new versions and VM based products e.g. FortiManager, FortiAnalyzer and FortiMail, which requires keyboard-interactive auth method. Includes trial-and-error cmd list to retrieve most infromative config. Fixes #2227. Moved 'system ha status' to 'config global' section to support clusters with virtual domains.
+- filter next periodic save schedule time in xos model output (@sargon)
+- Fix when auto-saved is configured on xos switches  (@trappiz)
+- fixed ArubaOS-CX enviroment/system inconsistent values #2297 (@raunz)
+- further improvements to ArubaOS-CX environment values (@olemyhre)
+- Update AirFiber prompt regex (@murrant)
+- System time and running time are now stripped from tplink model output (@spike77453)
+- <?xml... line is no longer improperly stripped from OPNsense and PFsense backups (@pv2b)
+- fixed an issue where Oxidized timeouts in Brocade ICX-series devices (@piterpunk)
+- fixed an issue where EOS config was truncated. Fixes #2038 (@jake2184 @fhibler)
+- fixed missing output from routeros version command (@mjbnz)
+- stopped `clear: true` from removing all commands (@mjbnz)
+- Updated fastiron enable password prompt regex (@pepperoni-pi)
+- fixed an issue where the pfsense model would not report errors in case it was unable to download the configuration e.g. due to insufficient permissions
+- added a missing check for whether to send `enable` commands to Adtran devices (@repnop)
+- fixed an issue where ADVA devices with a configured prompt != `ADVA-->` couldn't be polled (@momorientes)
+- ensure local time and system up time are filtered for ADVA devices (@stephrdev)
+- fixed an issue with FortiOS that didn't accurately match `set ca` lines #2567 (@neilschelly)
+- removed unwanted current date from slxos model
+- fixed secret handling for rip authentication in casa model #2648 (@grahamjohnston)
+- stripped IoT-detect version for Fortigate devices
+- Fix expect usage in models on telnet. Tested with Netgear GS108T. (@arrjay)
+- Fix Sonicwall SonicOS "system-uptime" omission from log (@lazynooblet)
+- purityos: at least v6.3.5 needs other terminal settings (@elliot64)
+- purityos: remove purealerts and VEEAM snapshots from backed up config (@elliot64)
+
 ## [0.28.0 - 2020-05-18]
 
 ### Added
@@ -40,7 +174,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - fortios model strips uptime even without remove_secrets (@jplitza)
 - HP ProCurve now accepts ">" as apart of the prompt (@magnuslarsen)
 - fix IOS SNMP notification community hiding for informs and v3 (@moisseev)
-- fixed issue where the regex-pattern for XOS-prompts used invalid syntax (@darkcatapulter)
+- fixed issue where the regex-pattern for XOS-prompts used invalid syntax (@DarkCatapulter)
+- set terminal width in EdgeCOS model (@moisseev)
+- suppress errors for commands that are not supported on some devices in EdgeCOS model (@moisseev)
+- revert including command names in the output of the EdgeCOS model (@moisseev)
 
 ## [0.27.0] - 2019-10-27
 
@@ -392,7 +529,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ### Fixed
 
-- debugging, tests (by @ElvinEfendi)
+- debugging, tests (by @ElvinEfendi)
 - nos, panos, acos, procurve, eos, edgeswitch, aosw, fortios updates
 
 ## [0.14.3] - 2016-05-25

data/Dockerfile

@@ -1,20 +1,20 @@
-# Single-stage build of an oxidized container from phusion/baseimage-docker v0.11, derived from Ubuntu 18.04 (Bionic Beaver)
-FROM phusion/baseimage:0.11
+# Single-stage build of an oxidized container from phusion/baseimage-docker jammy-1.0.1, derived from Ubuntu 22.04 (Jammy Jellyfish)
+FROM docker.io/phusion/baseimage:jammy-1.0.1
 
 # set up dependencies for the build process
 RUN apt-get -yq update \
-    && apt-get -yq --no-install-recommends install ruby2.5 ruby2.5-dev libssl1.1 libssl-dev pkg-config make cmake libssh2-1 libssh2-1-dev git g++ libffi-dev ruby-bundler libicu60 libicu-dev libsqlite3-0 libsqlite3-dev libmysqlclient20 libmysqlclient-dev libpq5 libpq-dev zlib1g-dev \
+    && apt-get -yq --no-install-recommends install ruby3.0 ruby3.0-dev libssl3 bzip2 libssl-dev pkg-config make cmake libssh2-1 libssh2-1-dev git git-email libmailtools-perl g++ libffi-dev ruby-bundler libicu70 libicu-dev libsqlite3-0 libsqlite3-dev libmysqlclient21 libmysqlclient-dev libpq5 libpq-dev zlib1g-dev \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
 # dependencies for hooks
-RUN gem install aws-sdk slack-api xmpp4r cisco_spark --no-ri --no-rdoc
+RUN gem install --no-document aws-sdk slack-ruby-client xmpp4r cisco_spark
 
 # dependencies for sources
-RUN gem install gpgme sequel sqlite3 mysql2 pg --no-ri --no-rdoc
+RUN gem install --no-document gpgme sequel sqlite3 mysql2 pg
 
 # dependencies for inputs
-RUN gem install net-tftp net-http-persistent mechanize --no-ri --no-rdoc
+RUN gem install --no-document net-tftp net-http-persistent mechanize
 
 # build and install oxidized
 COPY . /tmp/oxidized/
@@ -22,20 +22,24 @@ WORKDIR /tmp/oxidized
 
 # docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed
 RUN git fetch --unshallow || true
-RUN rake install
+RUN CMAKE_FLAGS='-DUSE_SSH=ON' rake install
 
 # web interface
-RUN gem install oxidized-web --no-ri --no-rdoc
+RUN gem install oxidized-web --no-document
 
 # clean up
 WORKDIR /
 RUN rm -rf /tmp/oxidized
 RUN apt-get -yq --purge autoremove ruby-dev pkg-config make cmake ruby-bundler libssl-dev libssh2-1-dev libicu-dev libsqlite3-dev libmysqlclient-dev libpq-dev zlib1g-dev
 
+# add non-privileged user
+ARG UID=30000
+ARG GID=$UID
+RUN groupadd -g "${GID}" -r oxidized && useradd -u "${UID}" -r -m -d /home/oxidized -g oxidized oxidized
+
 # add runit services
 COPY extra/oxidized.runit /etc/service/oxidized/run
 COPY extra/auto-reload-config.runit /etc/service/auto-reload-config/run
 COPY extra/update-ca-certificates.runit /etc/service/update-ca-certificates/run
 
-VOLUME ["/root/.config/oxidized"]
 EXPOSE 8888/tcp