From 115d220cd21c092631cb913f9c4419e15c3fad1c Mon Sep 17 00:00:00 2001 From: jleaniz Date: Thu, 5 Oct 2023 14:43:44 +0000 Subject: [PATCH] Updates to dockerfile --- docker/tests/Dockerfile | 46 ++++++++++++++++++++-------------------- docker/worker/Dockerfile | 6 +++--- setup.py | 1 - 3 files changed, 26 insertions(+), 27 deletions(-) diff --git a/docker/tests/Dockerfile b/docker/tests/Dockerfile index 792708f02..41099566a 100644 --- a/docker/tests/Dockerfile +++ b/docker/tests/Dockerfile @@ -1,28 +1,22 @@ FROM ubuntu:22.04 - -# Use: docker build --no-cache --build-arg PPA_TRACK="[staging|stable]" +ENV DEBIAN_FRONTEND=noninteractive \ + PIP_NO_CACHE_DIR=1 ARG PPA_TRACK=stable -ENV DEBIAN_FRONTEND=noninteractive -ENV PIP_NO_CACHE_DIR=1 -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get -y upgrade -RUN apt-get -y install \ +RUN apt-get update && apt-get -y upgrade && apt-get -y install \ apt-transport-https \ apt-utils \ automake \ ca-certificates \ curl \ dh-autoreconf \ - gcc \ git \ + gcc \ golang \ gpg \ go-bindata \ john \ john-data \ - hashcat \ - hashcat-data \ libjemalloc-dev \ libleveldb1d \ libleveldb-dev \ @@ -32,6 +26,7 @@ RUN apt-get -y install \ libtool \ lvm2 \ make \ + pocl-opencl-icd \ p7zip-full \ pkg-config \ python3-pip \ @@ -39,10 +34,11 @@ RUN apt-get -y install \ software-properties-common \ sudo \ testdisk \ + tox \ wget \ - && rm -rf /var/lib/apt/lists/* + && apt-get clean && rm -rf /var/cache/apt/* /var/lib/apt/lists/* -# Install third-party worker dependencies +# Install Poetry RUN pip3 install pip --upgrade RUN pip3 install poetry @@ -60,8 +56,9 @@ RUN apt-get update && apt-get -y install \ # Add turbinia user to system and sudoers RUN useradd -r -s /sbin/nologin -G disk,sudo -u 999 turbinia RUN echo "turbinia ALL = (root) NOPASSWD: ALL" > /etc/sudoers.d/turbinia -RUN echo "Defaults secure_path=\"/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"" >> /etc/sudoers.d/turbinia +RUN echo "Defaults secure_path=\"/home/turbinia/.venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"" >> /etc/sudoers.d/turbinia +# Install yara rules and fraken binary. RUN cd /opt \ && git clone https://github.com/Neo23x0/signature-base.git \ && sudo chown -R turbinia:turbinia /opt/signature-base @@ -73,7 +70,7 @@ COPY --chown=turbinia:turbinia tools/fraken/* /opt/fraken/ RUN cd /opt/fraken/yara && curl -s -L --retry 5 "$(curl -s -L --retry 5 https://api.github.com/repos/VirusTotal/Yara/releases/latest | sed -n 's/.*"tarball_url": "\(.*\)",.*/\1/p')" | tar -xz --strip-components=1 RUN cd /opt/fraken/yara && ./bootstrap.sh \ && ./configure \ - && make -j8 && sudo make install && sudo ldconfig + && make && sudo make install && sudo ldconfig RUN cd /opt/fraken && go build -ldflags="-linkmode=external -extldflags=-ljemalloc" -o fraken # Install container-explorer @@ -106,16 +103,19 @@ RUN cp /home/turbinia/password.lst /root/ # Copy Kubernetes support tool to home folder COPY --chown=turbinia:turbinia k8s/tools/check-lockfile.py /home/turbinia/check-lockfile.py -# Create venv and activate it -RUN python3 -m venv /venv -ENV PATH="/venv/bin:$PATH" VIRTUAL_ENV=/venv +# Copy only requirements, to cache them in docker layer +COPY ./pyproject.toml ./poetry.toml ./poetry.lock /home/turbinia/ + +# Install dependencies using Poetry +WORKDIR /home/turbinia +RUN poetry install --no-interaction --no-ansi -E worker -E gcp --with test +RUN poetry run python3 -m pip install impacket --no-deps -# Install third-party dependencies -RUN python3 -m pip install impacket --no-deps +ENV PATH="/home/turbinia/.venv/bin:$PATH" \ + VIRTUAL_ENV=/home/turbinia/.venv -# Install Turbinia and dependencies in /venv using Poetry -ADD . /tmp/ -# RUN if $(cd /tmp/ && git rev-parse --is-shallow-repository); then cd /tmp/ && git fetch --prune --unshallow && git fetch --depth=1 origin +refs/tags/*:refs/tags/*; fi -RUN cd /tmp/ && poetry install --no-ansi -E worker -E gcp --with test +# Copy the source directory to /tmp +COPY . /home/turbinia/ +# RUN if $(git rev-parse --is-shallow-repository); then git fetch --prune --unshallow && git fetch --depth=1 origin +refs/tags/*:refs/tags/*; fi CMD ["/bin/bash"] diff --git a/docker/worker/Dockerfile b/docker/worker/Dockerfile index 6a5f0f3a7..0bf68e745 100644 --- a/docker/worker/Dockerfile +++ b/docker/worker/Dockerfile @@ -145,7 +145,7 @@ RUN cd /home/turbinia \ && 7z x hashcat-6.2.6.7z \ && chown -R turbinia:turbinia /home/turbinia/hashcat-6.2.6/ \ && cp /home/turbinia/hashcat-6.2.6/hashcat.bin /home/turbinia/hashcat-6.2.6/hashcat -ENV PATH="$PATH:/home/turbinia/hashcat-6.2.6/" +ENV PATH="/home/turbinia/hashcat-6.2.6/:$PATH" # Get a decent password list for john/hashcat RUN cd /home/turbinia && echo "" > password.lst @@ -157,8 +157,8 @@ RUN cp /home/turbinia/password.lst /root/ COPY --chown=turbinia:turbinia k8s/tools/check-lockfile.py /home/turbinia/check-lockfile.py # Use the REELASE_TAG argument passed via --build-arg cli argument -ARG RELEASE_TAG -RUN pip3 install turbinia[worker]==$RELEASE_TAG +# ARG RELEASE_TAG +# RUN pip3 install turbinia[worker]==$RELEASE_TAG COPY docker/worker/start.sh /home/turbinia/start.sh RUN chmod +rwx /home/turbinia/start.sh diff --git a/setup.py b/setup.py index 29a401fea..a7aea7780 100644 --- a/setup.py +++ b/setup.py @@ -38,7 +38,6 @@ setup( name='turbinia', - version=turbinia.__version__, description='Automation and Scaling of Digital Forensics Tools', long_description=turbinia_description, license='Apache License, Version 2.0',