derive larger challenge configurations from smaller ones: nano->micro…

…->mini->full

challenge/Dockerfile

@@ -1,6 +1,8 @@
 # syntax=docker/dockerfile:1
 
 ARG UBUNTU_VERSION=20.04
+ARG DOJO_CHALLENGE=challenge-mini
+ARG INSTALL_IDA=False
 
 FROM ubuntu:${UBUNTU_VERSION} as essentials
 
@@ -22,7 +24,6 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
     apt-get update && xargs apt-get install -yqq <<EOF
         curl
-        python-is-python3
         socat
         sudo
         vim
@@ -79,6 +80,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
         man-db
         manpages-dev
         nasm
+        python-is-python3
         python3-dev
         python3-pip
         rubygems
@@ -299,7 +301,6 @@ FROM essentials as builder-desktop-reversing-tools
 COPY desktop/angr-management.desktop /usr/share/applications/
 COPY desktop/Ghidra.desktop /usr/share/applications/
 
-ARG UBUNTU_VERSION=20.04
 RUN <<EOF
     wget -q -O - https://github.com/angr/angr-management/releases/download/nightly/angr-management-ubuntu-${UBUNTU_VERSION}.tar.gz | tar xvz -C /opt
 
@@ -310,7 +311,6 @@ RUN <<EOF
 EOF
 
 # IDA Freeware: only permissible for free and open deployments of the dojo!
-ARG INSTALL_IDA=False
 COPY desktop/ida64.desktop /usr/share/applications/
 COPY desktop/ida.opt /opt/ida/ida.opt
 RUN <<EOF
@@ -427,23 +427,16 @@ RUN gcc /opt/pwn.college/setuid_interpreter.c -DSUID_PYTHON -o /opt/pwn.college/
 
 ################################################################################
 
-ARG UBUNTU_VERSION=20.04
-FROM ubuntu:${UBUNTU_VERSION} as challenge-minimal
+FROM ubuntu:${UBUNTU_VERSION} as challenge-nano
 
 SHELL ["/bin/bash", "-ceov", "pipefail"]
 
 ENV LC_CTYPE=C.UTF-8
 
 COPY --link --from=essentials / /
-COPY --link --from=builder-code-server / /
-COPY --link --from=builder-desktop-base / /
 COPY --link --from=builder-pwn.college /opt/pwn.college /opt/pwn.college
 
 RUN <<EOF
-    if id ubuntu; then userdel -f -r ubuntu; fi
-    useradd -s /bin/bash -m hacker
-    passwd -d hacker
-
     ln -sf /opt/pwn.college/vm/vm /usr/local/bin/vm
 
     ln -sf /home/hacker/.tmux.conf /root/.tmux.conf
@@ -464,23 +457,24 @@ EOF
 
 RUN date > /opt/pwn.college/build
 
-USER hacker
-WORKDIR /home/hacker
+################################################################################
+
+FROM challenge-nano as challenge-micro
+COPY --link --from=builder-code-server / /
 
 ################################################################################
 
-ARG UBUNTU_VERSION=20.04
-FROM ubuntu:${UBUNTU_VERSION} as challenge
+FROM challenge-micro as challenge-mini
+COPY --link --from=builder-desktop-base / /
 
-SHELL ["/bin/bash", "-ceov", "pipefail"]
+################################################################################
 
-ENV LC_CTYPE=C.UTF-8
+FROM challenge-mini as challenge-full
 
 # TODO: probably extra slow to `COPY / /`
-COPY --link --from=essentials / /
+COPY --link --from=builder-essentials / /
 COPY --link --from=builder / /
 COPY --link --from=builder-kernel /opt/linux /opt/linux
-COPY --link --from=builder-code-server / /
 COPY --link --from=builder-tcpdump / /
 COPY --link --from=builder-capstone / /
 COPY --link --from=builder-radare2 / /
@@ -494,7 +488,6 @@ COPY --link --from=builder-desktop-reversing-tools / /
 COPY --link --from=builder-tools-apt / /
 COPY --link --from=builder-gdb / /
 COPY --link --from=builder-tools-pip / /
-COPY --link --from=builder-pwn.college /opt/pwn.college /opt/pwn.college
 
 RUN cat >> /etc/ssh/ssh_config <<EOF
     StrictHostKeyChecking no
@@ -503,35 +496,26 @@ RUN cat >> /etc/ssh/ssh_config <<EOF
 EOF
 
 RUN <<EOF
-    if id ubuntu; then userdel -f -r ubuntu; fi
-    useradd -s /bin/bash -m hacker
-    passwd -d hacker
-
-    useradd -g nogroup -d /run/sshd -s /usr/sbin/nologin sshd
-
     sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/g' /etc/ssh/sshd_config
     sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/g' /etc/ssh/sshd_config
     sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
+EOF
 
-    ln -sf /opt/pwn.college/vm/vm /usr/local/bin/vm
+################################################################################
 
-    ln -sf /home/hacker/.tmux.conf /root/.tmux.conf
-    ln -sf /home/hacker/.gdbinit /root/.gdbinit
-    ln -sf /home/hacker/.radare2rc /root/.radare2rc
-    ln -sf /home/hacker/.pwn.conf /root/.pwn.conf
+# legacy
+FROM challenge-mini as challenge-minimal
+FROM challenge-full as challenge
 
-    mkdir /challenge
-    install -m 400 <(echo 'pwn.college{uninitialized}') /flag
+################################################################################
 
-    find / -xdev -type f -perm -4000 -exec chmod u-s {} \;
+FROM ${DOJO_CHALLENGE} as challenge-final
 
-    chmod u+s /opt/pwn.college/python \
-              /opt/pwn.college/bash \
-              /opt/pwn.college/sh \
-              /opt/pwn.college/vm/vm
+RUN <<EOF
+    if id ubuntu; then userdel -f -r ubuntu; fi
+    useradd -s /bin/bash -m hacker
+    passwd -d hacker
 EOF
 
-RUN date > /opt/pwn.college/build
-
 USER hacker
 WORKDIR /home/hacker

docker-compose.yml

@@ -4,10 +4,11 @@ services:
   challenge:
     build:
       context: ./challenge
-      target: ${DOJO_CHALLENGE}
+      target: challenge-final
       args:
         - INSTALL_IDA=${INSTALL_IDA}
         - UBUNTU_VERSION=${UBUNTU_VERSION}
+        - DOJO_CHALLENGE=${DOJO_CHALLENGE}
     platform: linux/amd64
     entrypoint: /bin/true
     networks:

script/container-setup.sh

@@ -16,7 +16,7 @@ define () {
 }
 define DOJO_HOST localhost.pwn.college
 define DOJO_ENV development
-define DOJO_CHALLENGE challenge-minimal
+define DOJO_CHALLENGE challenge-mini
 define SECRET_KEY $(openssl rand -hex 16)
 define DOCKER_PSLR $(openssl rand -hex 16)
 define UBUNTU_VERSION 20.04