From 238d694cd05af244de08715a587aa68359a547ba Mon Sep 17 00:00:00 2001 From: tom Date: Sat, 22 Jun 2024 01:14:28 +1000 Subject: [PATCH] Simplify nsjail configs, remove ubuntu 18.04 from build --- vendor/bin-builder/docker-compose.yml | 20 +++++--- vendor/nsjail/docker-compose.yml | 32 ++++++++++--- ...Dockerfile.debian-10 => Dockerfile.debian} | 10 ++-- ...kerfile.ubuntu-22.04 => Dockerfile.ubuntu} | 10 ++-- .../dockerfiles/Dockerfile.ubuntu-18.04 | 48 ------------------- 5 files changed, 53 insertions(+), 67 deletions(-) rename vendor/nsjail/dockerfiles/{Dockerfile.debian-10 => Dockerfile.debian} (89%) rename vendor/nsjail/dockerfiles/{Dockerfile.ubuntu-22.04 => Dockerfile.ubuntu} (89%) delete mode 100644 vendor/nsjail/dockerfiles/Dockerfile.ubuntu-18.04 diff --git a/vendor/bin-builder/docker-compose.yml b/vendor/bin-builder/docker-compose.yml index 76cd00f..31a071e 100644 --- a/vendor/bin-builder/docker-compose.yml +++ b/vendor/bin-builder/docker-compose.yml @@ -1,21 +1,21 @@ version: '3' services: - bin-builder-ubuntu-18.04: + bin-builder-ubuntu-22.04: build: context: ./context dockerfile: ../dockerfiles/Dockerfile.ubuntu args: - UBUNTU_VERSION: '18.04' - image: ${CONTAINER_PREFIX}/bin-builder:ubuntu-18.04 + UBUNTU_VERSION: '22.04' + image: ${CONTAINER_PREFIX}/bin-builder:ubuntu-22.04 - bin-builder-ubuntu-22.04: + bin-builder-ubuntu-24.04: build: context: ./context dockerfile: ../dockerfiles/Dockerfile.ubuntu args: - UBUNTU_VERSION: '22.04' - image: ${CONTAINER_PREFIX}/bin-builder:ubuntu-22.04 + UBUNTU_VERSION: '24.04' + image: ${CONTAINER_PREFIX}/bin-builder:ubuntu-24.04 bin-builder-debian-10: build: @@ -24,6 +24,14 @@ services: args: DEBIAN_VERSION: '10' image: ${CONTAINER_PREFIX}/bin-builder:debian-10 + + bin-builder-debian-11: + build: + context: ./context + dockerfile: ../dockerfiles/Dockerfile.debian + args: + DEBIAN_VERSION: '11' + image: ${CONTAINER_PREFIX}/bin-builder:debian-11 # Don't know why you'd need this but I like completionism bin-builder-alpine: diff --git a/vendor/nsjail/docker-compose.yml b/vendor/nsjail/docker-compose.yml index c80453e..f52e127 100644 --- a/vendor/nsjail/docker-compose.yml +++ b/vendor/nsjail/docker-compose.yml @@ -1,21 +1,39 @@ version: '3' services: - nsjail-ubuntu-18.04: + nsjail-ubuntu-22.04: build: context: ./context/ - dockerfile: ../dockerfiles/Dockerfile.ubuntu-18.04 - image: ${CONTAINER_PREFIX}/nsjail:ubuntu-18.04 + dockerfile: ../dockerfiles/Dockerfile.ubuntu + args: + UBUNTU_VERSION: '22.04' + LIBPROTOBUF_VERSION: 'libprotobuf23' + image: ${CONTAINER_PREFIX}/nsjail:ubuntu-22.04 - nsjail-ubuntu-22.04: + nsjail-ubuntu-24.04: build: context: ./context/ - dockerfile: ../dockerfiles/Dockerfile.ubuntu-22.04 - image: ${CONTAINER_PREFIX}/nsjail:ubuntu-22.04 + dockerfile: ../dockerfiles/Dockerfile.ubuntu + args: + UBUNTU_VERSION: '24.04' + LIBPROTOBUF_VERSION: 'libprotobuf32t64' + image: ${CONTAINER_PREFIX}/nsjail:ubuntu-24.04 nsjail-debian-10: build: context: ./context/ - dockerfile: ../dockerfiles/Dockerfile.debian-10 + dockerfile: ../dockerfiles/Dockerfile.debian + args: + DEBIAN_VERSION: '10' + LIBPROTOBUF_VERSION: 'libprotobuf17' image: ${CONTAINER_PREFIX}/nsjail:debian-10 + nsjail-debian-11: + build: + context: ./context/ + dockerfile: ../dockerfiles/Dockerfile.debian + args: + DEBIAN_VERSION: '11' + LIBPROTOBUF_VERSION: 'libprotobuf23' + image: ${CONTAINER_PREFIX}/nsjail:debian-11 + diff --git a/vendor/nsjail/dockerfiles/Dockerfile.debian-10 b/vendor/nsjail/dockerfiles/Dockerfile.debian similarity index 89% rename from vendor/nsjail/dockerfiles/Dockerfile.debian-10 rename to vendor/nsjail/dockerfiles/Dockerfile.debian index b01c381..ea13168 100644 --- a/vendor/nsjail/dockerfiles/Dockerfile.debian-10 +++ b/vendor/nsjail/dockerfiles/Dockerfile.debian @@ -1,8 +1,11 @@ -ARG DEBIAN_VERSION=10 +ARG DEBIAN_VERSION +ARG LIBPROTOBUF_VERSION + FROM ghcr.io/downunderctf/docker-vendor/bin-builder:debian-$DEBIAN_VERSION as base FROM base as build +ARG LIBPROTOBUF_VERSION ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update \ && apt-get install -y --no-install-recommends \ @@ -20,6 +23,7 @@ RUN apt-get update \ RUN git clone https://github.com/google/nsjail.git /nsjail && cd /nsjail && make FROM debian:$DEBIAN_VERSION-slim as dist +ARG LIBPROTOBUF_VERSION RUN dpkg --add-architecture i386 \ && apt-get update \ && apt-get install -y --no-install-recommends \ @@ -28,14 +32,14 @@ RUN dpkg --add-architecture i386 \ python3-venv \ python3-gmpy2 \ nano \ - libprotobuf17 \ + $LIBPROTOBUF_VERSION \ libnl-route-3-200 \ libc6:i386 \ libstdc++6:i386 \ && rm -rf /var/lib/apt/lists/* COPY --from=build /nsjail/nsjail /usr/bin/nsjail -RUN useradd -r -m -u 1000 ctf +RUN useradd -r -m ctf COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh /docker-init/ RUN chmod +x /docker-init/* diff --git a/vendor/nsjail/dockerfiles/Dockerfile.ubuntu-22.04 b/vendor/nsjail/dockerfiles/Dockerfile.ubuntu similarity index 89% rename from vendor/nsjail/dockerfiles/Dockerfile.ubuntu-22.04 rename to vendor/nsjail/dockerfiles/Dockerfile.ubuntu index 3436e00..deeb0f2 100644 --- a/vendor/nsjail/dockerfiles/Dockerfile.ubuntu-22.04 +++ b/vendor/nsjail/dockerfiles/Dockerfile.ubuntu @@ -1,8 +1,11 @@ -ARG UBUNTU_VERSION="22.04" +ARG UBUNTU_VERSION +ARG LIBPROTOBUF_VERSION + FROM ghcr.io/downunderctf/docker-vendor/bin-builder:ubuntu-$UBUNTU_VERSION as base FROM base as build +ARG LIBPROTOBUF_VERSION ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update \ && apt-get install -y --no-install-recommends \ @@ -20,6 +23,7 @@ RUN apt-get update \ RUN git clone https://github.com/google/nsjail.git /nsjail && cd /nsjail && make FROM ubuntu:$UBUNTU_VERSION as dist +ARG LIBPROTOBUF_VERSION RUN dpkg --add-architecture i386 \ && apt-get update \ && apt-get install -y --no-install-recommends \ @@ -28,14 +32,14 @@ RUN dpkg --add-architecture i386 \ python3-gmpy2 \ python3-pip \ nano \ - libprotobuf23 \ + $LIBPROTOBUF_VERSION \ libnl-route-3-200 \ libc6:i386 \ libstdc++6:i386 \ && rm -rf /var/lib/apt/lists/* COPY --from=build /nsjail/nsjail /usr/bin/nsjail -RUN useradd -r -m -u 1000 ctf +RUN useradd -r -m ctf COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh /docker-init/ RUN chmod +x /docker-init/* diff --git a/vendor/nsjail/dockerfiles/Dockerfile.ubuntu-18.04 b/vendor/nsjail/dockerfiles/Dockerfile.ubuntu-18.04 deleted file mode 100644 index e6c8ccf..0000000 --- a/vendor/nsjail/dockerfiles/Dockerfile.ubuntu-18.04 +++ /dev/null @@ -1,48 +0,0 @@ -ARG UBUNTU_VERSION="18.04" - -FROM ghcr.io/downunderctf/docker-vendor/bin-builder:ubuntu-$UBUNTU_VERSION as base - -FROM base as build -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - autoconf \ - bison \ - flex \ - git \ - libprotobuf-dev \ - libnl-route-3-dev \ - libtool \ - pkg-config \ - protobuf-compiler - -# hadolint ignore=DL3003,DL3059 -RUN git clone https://github.com/google/nsjail.git /nsjail && cd /nsjail && make - -FROM ubuntu:$UBUNTU_VERSION as dist -RUN dpkg --add-architecture i386 \ - && apt-get update \ - && apt-get install -y --no-install-recommends \ - gettext \ - python3.8 \ - python3.8-venv \ - nano \ - libprotobuf10 \ - libnl-route-3-200 \ - libc6:i386 \ - libstdc++6:i386 \ - && rm -rf /var/lib/apt/lists/* - -COPY --from=build /nsjail/nsjail /usr/bin/nsjail -RUN useradd -r -m -u 1000 ctf - -COPY docker-entrypoint.sh nsjail-launcher.sh nsjail-user.sh nsjail-config-cgroups.sh /docker-init/ -RUN chmod +x /docker-init/* - -ENTRYPOINT ["/docker-init/docker-entrypoint.sh"] -CMD ["/docker-init/nsjail-launcher.sh"] - -# copy in example stuff -COPY nsjail.cfg /home/ctf -COPY chal /home/ctf/chal/ -COPY kctf /home/ctf/kctf/