-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Example Dockerfile fixes for PolyTracker short tool paper #6570
Merged
Merged
Changes from all commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
f27fadb
libjpeg: stable sources link
kaoudis b0896cb
nitro: custom build system of nitro breaks if old python isnt availab…
kaoudis 7e02a88
png: add missing wget dependency
kaoudis 8031618
xpdf: fix zlib location (stored old versions modev to /fossils on the…
kaoudis 6f69fdd
qpdf: use ijg stable jpeg source url
kaoudis 77aba58
file: fix example Dockerfile by checking out a tag from reasonably ar…
kaoudis 314b469
xpdf: make everything work with modern polytracker, but a bit bigger …
kaoudis 367eb74
xpdf: one big instrument-targets
kaoudis 9f38008
xpdf: comments
kaoudis File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,13 @@ | ||
FROM trailofbits/polytracker | ||
MAINTAINER Carson Harmon <carson.harmon@trailofbits.com> | ||
LABEL org.opencontainers.image.authors="carson.harmon@trailofbits.com,kelly.kaoudis@trailofbits.com" | ||
|
||
WORKDIR /polytracker/the_klondike | ||
|
||
#Update pkg-config/util-linux (needed for FontConfig) | ||
RUN apt update && apt install pkg-config \ | ||
# Updating pkg-config/util-linux is needed for FontConfig | ||
# Note also that qt5 is needed for the cmake build of xpdf | ||
# (there appears to not be a cmake macro to turn off the build parts that require it) | ||
RUN apt-get update && apt-get install -y \ | ||
pkg-config \ | ||
uuid-dev \ | ||
gperf \ | ||
wget \ | ||
|
@@ -18,89 +21,78 @@ RUN apt update && apt install pkg-config \ | |
cmake \ | ||
libfreetype6-dev \ | ||
libxcb-composite0-dev \ | ||
libxml2-dev -y | ||
libxml2-dev \ | ||
qtbase5-dev | ||
|
||
#RUN apt-get install python3-dev | ||
|
||
#Fontconfig requires some stuff? | ||
#RUN apt install pkg-config \libasound2-dev libssl-dev cmake libfreetype6-dev libexpat1-dev libxcb-composite0-dev -y | ||
#RUN apt install libxml2-dev -y | ||
WORKDIR /polytracker/the_klondike | ||
RUN wget https://dl.xpdfreader.com/old/xpdf-4.03.tar.gz | ||
RUN tar -xvf xpdf-4.03.tar.gz | ||
ENV build_dir=/polytracker/the_klondike/xpdf-4.03 | ||
|
||
#================================= | ||
WORKDIR /polytracker/the_klondike | ||
WORKDIR $build_dir | ||
|
||
#FreeType http://www.linuxfromscratch.org/blfs/view/svn/general/freetype2.html | ||
# FreeType http://www.linuxfromscratch.org/blfs/view/svn/general/freetype2.html | ||
RUN wget https://downloads.sourceforge.net/freetype/freetype-2.10.1.tar.xz | ||
RUN tar -xvf freetype-2.10.1.tar.xz | ||
|
||
WORKDIR freetype-2.10.1 | ||
WORKDIR $build_dir/freetype-2.10.1 | ||
|
||
#Some linux from scratch magic | ||
# Some linux from scratch magic | ||
RUN sed -ri "s:.*(AUX_MODULES.*valid):\1:" modules.cfg | ||
RUN sed -r "s:.*(#.*SUBPIXEL_RENDERING) .*:\1:" -i include/freetype/config/ftoption.h | ||
RUN ./configure --prefix=/usr --enable-freetype-config | ||
RUN make -j5 install | ||
RUN make -j$(nproc) install | ||
|
||
#================================= | ||
WORKDIR /polytracker/the_klondike | ||
WORKDIR $build_dir | ||
|
||
#zlib | ||
RUN wget https://www.zlib.net/zlib-1.2.11.tar.gz | ||
# zlib | ||
RUN wget https://www.zlib.net/fossils/zlib-1.2.11.tar.gz | ||
RUN tar -xzvf zlib-1.2.11.tar.gz | ||
WORKDIR zlib-1.2.11 | ||
RUN ./configure --prefix=/usr && make -j$(nproc) test && make -j$(nproc) install | ||
WORKDIR $build_dir/zlib-1.2.11 | ||
RUN ./configure --prefix=/usr && \ | ||
make -j$(nproc) test && \ | ||
make -j$(nproc) install | ||
|
||
#================================= | ||
WORKDIR /polytracker/the_klondike | ||
WORKDIR $build_dir | ||
|
||
#Libxml2 | ||
# Libxml2 | ||
|
||
RUN wget http://xmlsoft.org/sources/libxml2-2.9.10.tar.gz | ||
RUN tar -xvf libxml2-2.9.10.tar.gz | ||
WORKDIR libxml2-2.9.10 | ||
RUN wget http://xmlsoft.org/sources/libxml2-2.9.11.tar.gz | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. was getting a Python macro error with previous version |
||
RUN tar -xvf libxml2-2.9.11.tar.gz | ||
WORKDIR $build_dir/libxml2-2.9.11 | ||
RUN ./configure --disable-dependency-tracking --prefix=/usr --with-python=/usr/bin/python3 | ||
RUN make -j5 install | ||
RUN make install | ||
|
||
RUN make -j$(nproc) install | ||
|
||
#================================= | ||
WORKDIR /polytracker/the_klondike | ||
WORKDIR $build_dir | ||
|
||
##Fontconfig (depends on FreeType), note that the linux from scratch version is broken | ||
#The gitlab version is up to date, and has a PR merged from a year ago with the bug fix | ||
#https://gitlab.freedesktop.org/fontconfig/fontconfig/merge_requests/2/diffs?commit_id=8208f99fa1676c42bfd8d74de3e9dac5366c150c | ||
# Fontconfig (depends on FreeType), note that the linux from scratch version is broken | ||
# The gitlab version is up to date, and has a PR merged from a year ago with the bug fix | ||
# https://gitlab.freedesktop.org/fontconfig/fontconfig/merge_requests/2/diffs?commit_id=8208f99fa1676c42bfd8d74de3e9dac5366c150c | ||
|
||
RUN git clone https://gitlab.freedesktop.org/fontconfig/fontconfig.git | ||
|
||
WORKDIR fontconfig | ||
WORKDIR $build_dir/fontconfig | ||
RUN ./autogen.sh --sysconfdir=/etc --prefix=/usr --enable-libxml2 --mandir=/usr/share/man | ||
RUN make -j5 install | ||
RUN make -j$(nproc) install | ||
|
||
#================================= | ||
WORKDIR /polytracker/the_klondike | ||
|
||
RUN wget https://dl.xpdfreader.com/xpdf-4.03.tar.gz | ||
RUN tar -xvf xpdf-4.03.tar.gz | ||
WORKDIR xpdf-4.03 | ||
RUN mkdir build | ||
WORKDIR build | ||
RUN cmake -DCMAKE_BUILD_TYPE=Release .. | ||
RUN make -j5 install | ||
# build, and record the build with Blight | ||
WORKDIR $build_dir/build | ||
RUN polytracker build cmake -S .. -B . -DCMAKE_BUILD_TYPE=Release | ||
RUN polytracker build make -j$(nproc) install | ||
|
||
#================================= | ||
WORKDIR xpdf | ||
|
||
#Extract and instrument pdftotext, other poppler tools should work the same | ||
RUN get-bc -b pdftotext | ||
RUN ${CXX} --lower-bitcode -i pdftotext.bc -o pdftotext_track --libs /build_artifacts/libfofi.a /build_artifacts/libgoo.a /build_artifacts/libsplash.a freetype fontconfig pthread --lists freetype fontconfig xml2 libz | ||
|
||
RUN get-bc -b pdfinfo | ||
RUN ${CXX} --lower-bitcode -i pdfinfo.bc -o pdfinfo_track --libs /build_artifacts/libfofi.a /build_artifacts/libgoo.a /build_artifacts/libsplash.a freetype fontconfig pthread --lists freetype fontconfig xml2 libz | ||
|
||
# Extract and instrument each tool of interest. | ||
# This should make three instrumented binaries (originals live in the xpdf/ directory): | ||
# pdftops.instrumented, pdftotext.instrumented, and pdfinfo.instrumented | ||
# These commands are split up for timing / debugging purposes but you could | ||
# run them all as one big instrument-targets as well. | ||
RUN polytracker instrument-targets --taint --ftrace pdftotext --ignore-lists freetype fontconfig xml2 libz | ||
|
||
RUN get-bc -b pdftops | ||
RUN ${CXX} --lower-bitcode -i pdtops.bc -o pdftops_track --libs /build_artifacts/libfofi.a /build_artifacts/libgoo.a /build_artifacts/libsplash.a freetype fontconfig pthread --lists freetype fontconfig xml2 libz | ||
RUN polytracker instrument-targets --taint --ftrace pdfinfo --ignore-lists freetype fontconfig xml2 libz | ||
|
||
# Note, the /workdir directory is intended to be mounted at runtime | ||
#VOLUME ["/workdir"] | ||
#WORKDIR /workdir | ||
RUN polytracker instrument-targets --taint --ftrace pdftops --ignore-lists freetype fontconfig xml2 libz |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this just pins a
file
version that seems compatible with when this dockerfile was originally created. I dont think we pinned a version before.