Rework Docker files & scripts

2024-08-26 07:28:57 +00:00 · 2023-08-14 15:20:01 +02:00 · 2023-08-14 15:20:01 +02:00 · 7bead9dd19
commit 7bead9dd19
parent e356e1d1b7
25 changed files with 54 additions and 281 deletions
--- a/docker/README.md
+++ b/docker/README.md
@ -0,0 +1,28 @@
+# Docker instructions
+
+*Note:* Dockerfiles are only provided for Debian-like distributions so far.
+
+## Configure image building:
+
+Uncomment the distribution reference you want to use, in top section in
+`debian-distros/Dockerfile`.
+
+## Build the image:
+
+`cd debian-distros`
+`./docker_build.sh`
+
+## Run the container, and start ssldump inside the container:
+
+`./docker_run.sh`
+`(in container) sudo ssldump -n -i eth0 -j -AH`
+
+## Mirror traffic to container
+
+Outside of the container, adjust local interface name and container IP address
+in `mirror_traffic_to_container.sh`.
+
+Then mirror local traffic to ssldump container:
+
+`./mirror_traffic_to_container.sh`
+
--- a/docker/debian-bullseye/docker_build.sh
+++ b/docker/debian-bullseye/docker_build.sh
@ -1,6 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=debian-bullseye
-
-docker build -t "ssldump-${distribution}:${ssldump_version}" .
--- a/docker/debian-bullseye/docker_run.sh
+++ b/docker/debian-bullseye/docker_run.sh
@ -1,7 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=debian-bullseye
-
-docker run -it ssldump-${distribution}:${ssldump_version}
-
--- a/docker/debian-buster/Dockerfile
+++ b/docker/debian-buster/Dockerfile
@ -1,28 +0,0 @@
-FROM debian:buster-slim
-
-ENV LANG C
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \
-    apt-get clean
-
-RUN useradd -ms /bin/bash ssldump
-RUN passwd -d ssldump
-RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers
-
-USER ssldump
-
-RUN cd /home/ssldump && \
-	git clone https://github.com/adulau/ssldump.git build
-
-RUN cd /home/ssldump/build && \
-	./autogen.sh && \
-	./configure CC=/usr/bin/clang && \
-	make && \
-	sudo make install
-
-WORKDIR "/home/ssldump"
-
-CMD ["/bin/bash"]
--- a/docker/debian-buster/docker_build.sh
+++ b/docker/debian-buster/docker_build.sh
@ -1,6 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=debian-buster
-
-docker build -t "ssldump-${distribution}:${ssldump_version}" .
--- a/docker/debian-buster/docker_run.sh
+++ b/docker/debian-buster/docker_run.sh
@ -1,7 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=debian-buster
-
-docker run -it ssldump-${distribution}:${ssldump_version}
-
--- a/docker/debian-bullseye/Dockerfile
+++ b/docker/debian-bullseye/Dockerfile
@ -1,11 +1,16 @@
-FROM debian:bullseye-slim
+#FROM debian:bookworm-slim
+#FROM debian:bullseye-slim
+#FROM debian:buster-slim
+FROM ubuntu:jammy
+#FROM ubuntu:focal
+

 ENV LANG C
 ENV DEBIAN_FRONTEND noninteractive

 RUN apt-get update && \
    apt-get dist-upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \
+    apt-get install -y --no-install-recommends ca-certificates sudo git build-essential cmake ninja-build clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \
    apt-get clean

 RUN useradd -ms /bin/bash ssldump
@ -15,13 +20,12 @@ RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers
 USER ssldump

 RUN cd /home/ssldump && \
-	git clone https://github.com/adulau/ssldump.git build
+    git clone https://github.com/adulau/ssldump.git ssldump-build

-RUN cd /home/ssldump/build && \
-	./autogen.sh && \
-	./configure CC=/usr/bin/clang CFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-strong -Wformat -Werror=format-security -g" && \
-	make && \
-	sudo make install
+RUN cd /home/ssldump/ssldump-build && \
+    cmake -G Ninja -B build && \
+    ninja -C build && \
+    sudo ninja -C build install

 WORKDIR "/home/ssldump"

--- a/docker/debian-distros/docker_build.sh
+++ b/docker/debian-distros/docker_build.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+ssldump_version=$(awk '/\s+VERSION/ {print $2}' ../../CMakeLists.txt)
+distribution=$(awk '/^FROM/ {gsub(":","-"); print $2}' Dockerfile)
+
+docker build -t "ssldump-${distribution}:${ssldump_version}" .
--- a/docker/debian-distros/docker_run.sh
+++ b/docker/debian-distros/docker_run.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+ssldump_version=$(awk '/\s+VERSION/ {print $2}' ../../CMakeLists.txt)
+distribution=$(awk '/^FROM/ {gsub(":","-"); print $2}' Dockerfile)
+
+docker run -it ssldump-${distribution}:${ssldump_version}
+
--- a/docker/debian-stretch/Dockerfile
+++ b/docker/debian-stretch/Dockerfile
@ -1,28 +0,0 @@
-FROM debian:stretch-slim
-
-ENV LANG C
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \
-    apt-get clean
-
-RUN useradd -ms /bin/bash ssldump
-RUN passwd -d ssldump
-RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers
-
-USER ssldump
-
-RUN cd /home/ssldump && \
-	git clone https://github.com/adulau/ssldump.git build
-
-RUN cd /home/ssldump/build && \
-	./autogen.sh && \
-	./configure CC=/usr/bin/clang && \
-	make && \
-	sudo make install
-
-WORKDIR "/home/ssldump"
-
-CMD ["/bin/bash"]
--- a/docker/debian-stretch/docker_build.sh
+++ b/docker/debian-stretch/docker_build.sh
@ -1,6 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=debian-stretch
-
-docker build -t "ssldump-${distribution}:${ssldump_version}" .
--- a/docker/debian-stretch/docker_run.sh
+++ b/docker/debian-stretch/docker_run.sh
@ -1,7 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=debian-stretch
-
-docker run -it ssldump-${distribution}:${ssldump_version}
-
--- a/docker/mirror_traffic_to_container.sh
+++ b/docker/mirror_traffic_to_container.sh
@ -1,6 +1,6 @@
 #!/bin/bash

-local_if=ens3f0
+local_if=eth0
 container_ip=172.17.0.2

 sudo iptables -t mangle -I PREROUTING 1 -i ${local_if} -j TEE --gateway ${container_ip}
--- a/docker/ubuntu-bionic/Dockerfile
+++ b/docker/ubuntu-bionic/Dockerfile
@ -1,28 +0,0 @@
-FROM ubuntu:bionic
-
-ENV LANG C
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \
-    apt-get clean
-
-RUN useradd -ms /bin/bash ssldump
-RUN passwd -d ssldump
-RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers
-
-USER ssldump
-
-RUN cd /home/ssldump && \
-	git clone https://github.com/adulau/ssldump.git build
-
-RUN cd /home/ssldump/build && \
-	./autogen.sh && \
-	./configure CC=/usr/bin/clang && \
-	make && \
-	sudo make install
-
-WORKDIR "/home/ssldump"
-
-CMD ["/bin/bash"]
--- a/docker/ubuntu-bionic/docker_build.sh
+++ b/docker/ubuntu-bionic/docker_build.sh
@ -1,6 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=ubuntu-bionic
-
-docker build -t "ssldump-${distribution}:${ssldump_version}" .
--- a/docker/ubuntu-bionic/docker_run.sh
+++ b/docker/ubuntu-bionic/docker_run.sh
@ -1,7 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=ubuntu-bionic
-
-docker run -it ssldump-${distribution}:${ssldump_version}
-
--- a/docker/ubuntu-focal/Dockerfile
+++ b/docker/ubuntu-focal/Dockerfile
@ -1,28 +0,0 @@
-FROM ubuntu:focal
-
-ENV LANG C
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \
-    apt-get clean
-
-RUN useradd -ms /bin/bash ssldump
-RUN passwd -d ssldump
-RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers
-
-USER ssldump
-
-RUN cd /home/ssldump && \
-	git clone https://github.com/adulau/ssldump.git build
-
-RUN cd /home/ssldump/build && \
-	./autogen.sh && \
-	./configure CC=/usr/bin/clang && \
-	make && \
-	sudo make install
-
-WORKDIR "/home/ssldump"
-
-CMD ["/bin/bash"]
--- a/docker/ubuntu-focal/docker_build.sh
+++ b/docker/ubuntu-focal/docker_build.sh
@ -1,6 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=ubuntu-focal
-
-docker build -t "ssldump-${distribution}:${ssldump_version}" .
--- a/docker/ubuntu-focal/docker_run.sh
+++ b/docker/ubuntu-focal/docker_run.sh
@ -1,7 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=ubuntu-focal
-
-docker run -it ssldump-${distribution}:${ssldump_version}
-
--- a/docker/ubuntu-groovy/Dockerfile
+++ b/docker/ubuntu-groovy/Dockerfile
@ -1,28 +0,0 @@
-FROM ubuntu:groovy
-
-ENV LANG C
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang libssl-dev libpcap-dev libnet1-dev libjson-c-dev iproute2 && \
-    apt-get clean
-
-RUN useradd -ms /bin/bash ssldump
-RUN passwd -d ssldump
-RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers
-
-USER ssldump
-
-RUN cd /home/ssldump && \
-	git clone https://github.com/adulau/ssldump.git build
-
-RUN cd /home/ssldump/build && \
-	./autogen.sh && \
-	./configure CC=/usr/bin/clang && \
-	make && \
-	sudo make install
-
-WORKDIR "/home/ssldump"
-
-CMD ["/bin/bash"]
--- a/docker/ubuntu-groovy/docker_build.sh
+++ b/docker/ubuntu-groovy/docker_build.sh
@ -1,6 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=ubuntu-groovy
-
-docker build -t "ssldump-${distribution}:${ssldump_version}" .
--- a/docker/ubuntu-groovy/docker_run.sh
+++ b/docker/ubuntu-groovy/docker_run.sh
@ -1,7 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=ubuntu-groovy
-
-docker run -it ssldump-${distribution}:${ssldump_version}
-
--- a/docker/ubuntu-xenial/Dockerfile
+++ b/docker/ubuntu-xenial/Dockerfile
@ -1,41 +0,0 @@
-FROM ubuntu:xenial
-
-ENV LANG C
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates sudo git build-essential automake autoconf clang wget libpcap-dev libnet1-dev libjson-c-dev iproute2 && \
-    apt-get clean
-
-RUN useradd -ms /bin/bash ssldump
-RUN passwd -d ssldump
-RUN printf 'Defaults:ssldump env_keep=LD_LIBRARY_PATH\n' | tee -a /etc/sudoers
-RUN printf 'ssldump ALL=(ALL) ALL\n' | tee -a /etc/sudoers
-
-USER ssldump
-
-RUN mkdir /home/ssldump/openssl && \
-	cd /home/ssldump/openssl && \
-	wget https://www.openssl.org/source/openssl-1.1.1j.tar.gz && \
-	tar xvfz openssl-1.1.1j.tar.gz && \
-	cd openssl-1.1.1j && \
-	./config && \
-	make -j 2
-
-RUN cd /home/ssldump && \
-	git clone https://github.com/adulau/ssldump.git build
-
-RUN cd /home/ssldump/build && \
-	./autogen.sh && \
-	./configure CFLAGS="-I../openssl/openssl-1.1.1j/include" LDFLAGS="-L../openssl/openssl-1.1.1j -lcrypto -lssl" && \
-	make && \
-	sudo make install
-
-ENV LD_LIBRARY_PATH /home/ssldump/openssl/openssl-1.1.1j
-RUN printf '#!/bin/bash\nexport LD_LIBRARY_PATH=/home/ssldump/openssl/openssl-1.1.1j\nssldump $@\n' > /home/ssldump/run_ssldump.sh
-RUN chmod +x /home/ssldump/run_ssldump.sh
-
-WORKDIR "/home/ssldump"
-
-CMD ["/bin/bash"]
--- a/docker/ubuntu-xenial/docker_build.sh
+++ b/docker/ubuntu-xenial/docker_build.sh
@ -1,6 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=ubuntu-xenial
-
-docker build -t "ssldump-${distribution}:${ssldump_version}" .
--- a/docker/ubuntu-xenial/docker_run.sh
+++ b/docker/ubuntu-xenial/docker_run.sh
@ -1,7 +0,0 @@
-#!/bin/bash
-
-ssldump_version=1.4b
-distribution=ubuntu-xenial
-
-docker run -it ssldump-${distribution}:${ssldump_version}
-