Basic kernel autogeneration (based on current config) implementation

2018-11-28 22:41:17 +00:00 · 2018-11-28 22:41:17 +00:00 · 8eff63f2b9
commit 8eff63f2b9
parent 804e0b4879
5 changed files with 272 additions and 0 deletions
--- a/config/config.go
+++ b/config/config.go
@ -21,6 +21,12 @@ type KernelMask struct {
 	ReleaseMask   string
 }

+func (km KernelMask) DockerName() string {
+	distro := strings.ToLower(km.DistroType.String())
+	release := strings.Replace(km.DistroRelease, ".", "", -1)
+	return fmt.Sprintf("out_of_tree_%s_%s", distro, release)
+}
+
 type ArtifactType int

 const (
--- a/examples/kernel-exploit/.out-of-tree.toml
+++ b/examples/kernel-exploit/.out-of-tree.toml
@ -5,15 +5,18 @@ type = "exploit"

 [[supported_kernels]]
 distro_type = "Ubuntu"
+distro_release = "16.04"
 release_mask = "4.4.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32|33|34|35|36|37|38|39|40|41|42|43|44|45|46|47|48|49|50|51|52|53|54|55|56|57|58|59|60|61|62|63|64|65|66|67|68|69|70|71|72|73|74|75|76|77|78|79|80|81|82|83|84|85|86|87|88|89|90|91|92|93|94|95|96|97|98|99|100|101|102|103|104|105|106|107|108|109|110|111|112|113|114|115|116)-.*"

 [[supported_kernels]]
 distro_type = "Ubuntu"
+distro_release = "16.04"
 release_mask = "4.8.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32|33|34|35|36|37|38|39|40|41|42|43|44|45|46|47|48|49|50|51|52|53|54|55|56|57|58)-.*"

 [[supported_kernels]]
 # Can be Ubuntu/CentOS/Debian/etc.
 distro_type = "Ubuntu"
+distro_release = "16.04"
 # regex for `uname -r`
 # See also: regex-golang.appspot.com
 # stupid way to generate: $ echo '4.4.0-('$(seq 44 | xargs echo | sed 's/ /|/g')')-.*'
@ -21,8 +24,10 @@ release_mask = "4.10.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22

 [[supported_kernels]]
 distro_type = "Ubuntu"
+distro_release = "16.04"
 release_mask = "4.11.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14)-.*"

 [[supported_kernels]]
 distro_type = "Ubuntu"
+distro_release = "16.04"
 release_mask = "4.13.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21)-.*"
--- a/examples/kernel-module/.out-of-tree.toml
+++ b/examples/kernel-module/.out-of-tree.toml
@ -6,6 +6,7 @@ type = "module"
 [[supported_kernels]]
 # Can be Ubuntu/CentOS/Debian/etc.
 distro_type = "Ubuntu"
+distro_release = "16.04"
 # regex for `uname -r`
 # See also: regex-golang.appspot.com
 release_mask = "4.4.0-70-.*"
@ -13,5 +14,6 @@ release_mask = "4.4.0-70-.*"
 # [[supported_kernels]] may be defined unlimited number of times
 [[supported_kernels]]
 distro_type = "Ubuntu"
+distro_release = "18.04"
 # Also you can use only one kernel
 release_mask = "4.15.0-29-generic"
--- a/kernel.go
+++ b/kernel.go
@ -7,6 +7,13 @@ package main
 import (
 	"errors"
 	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	"os/exec"
+	"os/user"
+	"regexp"
+	"strings"

 	"github.com/jollheef/out-of-tree/config"
 )
@ -20,3 +27,251 @@ func kernelListHandler(kcfg config.KernelConfig) (err error) {
 	}
 	return
 }
+
+func matchDebianKernelPkg(container, mask string, generic bool) (pkgs []string,
+	err error) {
+
+	cmd := "apt-cache search linux-image | cut -d ' ' -f 1"
+	c := dockerCommand(container, "/tmp", "1m", cmd)
+	rawOutput, err := c.CombinedOutput()
+	if err != nil {
+		return
+	}
+
+	r, err := regexp.Compile("linux-image-" + mask)
+	if err != nil {
+		return
+	}
+
+	kernels := r.FindAll(rawOutput, -1)
+
+	for _, k := range kernels {
+		pkg := string(k)
+		if generic && !strings.HasSuffix(pkg, "generic") {
+			continue
+		}
+		pkgs = append(pkgs, pkg)
+	}
+
+	return
+}
+
+func dockerImagePath(sk config.KernelMask) (path string, err error) {
+	usr, err := user.Current()
+	if err != nil {
+		return
+	}
+
+	path = usr.HomeDir + "/.out-of-tree/"
+	path += sk.DistroType.String() + "/" + sk.DistroRelease
+	return
+}
+
+func generateBaseDockerImage(sk config.KernelMask) (err error) {
+	imagePath, err := dockerImagePath(sk)
+	if err != nil {
+		return
+	}
+	dockerPath := imagePath + "/Dockerfile"
+
+	d := "# BASE\n"
+
+	if exists(dockerPath) {
+		log.Printf("Base image for %s:%s found",
+			sk.DistroType.String(), sk.DistroRelease)
+		return
+	} else {
+		log.Printf("Base image for %s:%s not found, start generating",
+			sk.DistroType.String(), sk.DistroRelease)
+		os.MkdirAll(imagePath, os.ModePerm)
+	}
+
+	d += fmt.Sprintf("FROM %s:%s\n",
+		strings.ToLower(sk.DistroType.String()),
+		sk.DistroRelease,
+	)
+
+	switch sk.DistroType {
+	case config.Ubuntu:
+		d += "ENV DEBIAN_FRONTEND=noninteractive\n"
+		d += "RUN apt-get update\n"
+		d += "RUN apt-get install -y build-essential libelf-dev\n"
+		d += "RUN apt-get install -y wget git\n"
+	default:
+		s := fmt.Sprintf("%s not yet supported", sk.DistroType.String())
+		err = errors.New(s)
+		return
+	}
+
+	d += "# END BASE\n\n"
+
+	err = ioutil.WriteFile(dockerPath, []byte(d), 0644)
+	if err != nil {
+		return
+	}
+
+	cmd := exec.Command("docker", "build", "-t", sk.DockerName(), imagePath)
+	rawOutput, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Printf("Base image for %s:%s generating error, see log",
+			sk.DistroType.String(), sk.DistroRelease)
+		log.Println(string(rawOutput))
+		return
+	}
+
+	log.Printf("Base image for %s:%s generating success",
+		sk.DistroType.String(), sk.DistroRelease)
+
+	return
+}
+
+func dockerImageAppend(sk config.KernelMask, pkgname string) (err error) {
+	imagePath, err := dockerImagePath(sk)
+	if err != nil {
+		return
+	}
+
+	raw, err := ioutil.ReadFile(imagePath + "/Dockerfile")
+	if err != nil {
+		return
+	}
+
+	if strings.Contains(string(raw), pkgname) {
+		// already installed kernel
+		log.Printf("kernel %s for %s:%s is already exists",
+			pkgname, sk.DistroType.String(), sk.DistroRelease)
+		return
+	}
+
+	log.Printf("Start adding kernel %s for %s:%s",
+		pkgname, sk.DistroType.String(), sk.DistroRelease)
+
+	//s := fmt.Sprintf("RUN apt-get install -y %s %s\n", pkgname,
+	s := fmt.Sprintf("RUN apt-get install -y %s %s\n", pkgname,
+		strings.Replace(pkgname, "image", "headers", -1))
+
+	err = ioutil.WriteFile(imagePath+"/Dockerfile",
+		append(raw, []byte(s)...), 0644)
+	if err != nil {
+		return
+	}
+
+	cmd := exec.Command("docker", "build", "-t", sk.DockerName(), imagePath)
+	rawOutput, err := cmd.CombinedOutput()
+	if err != nil {
+		// Fallback to previous state
+		werr := ioutil.WriteFile(imagePath+"/Dockerfile", raw, 0644)
+		if werr != nil {
+			return
+		}
+
+		log.Printf("Add kernel %s for %s:%s error, see log",
+			pkgname, sk.DistroType.String(), sk.DistroRelease)
+		log.Println(string(rawOutput))
+		return
+	}
+
+	log.Printf("Add kernel %s for %s:%s success",
+		pkgname, sk.DistroType.String(), sk.DistroRelease)
+
+	return
+}
+
+func kickImage(name string) (err error) {
+	cmd := exec.Command("docker", "run", name, "bash", "-c", "ls")
+	_, err = cmd.CombinedOutput()
+	return
+}
+
+func copyKernels(name string) (err error) {
+	cmd := exec.Command("docker", "ps", "-a")
+	rawOutput, err := cmd.CombinedOutput()
+	if err != nil {
+		log.Println(string(rawOutput))
+		return
+	}
+
+	r, err := regexp.Compile(".*" + name)
+	if err != nil {
+		return
+	}
+
+	var containerID string
+
+	what := r.FindAll(rawOutput, -1)
+	for _, w := range what {
+		containerID = strings.Fields(string(w))[0]
+		break
+	}
+
+	usr, err := user.Current()
+	if err != nil {
+		return
+	}
+
+	target := usr.HomeDir + "/.out-of-tree/kernels/"
+	if !exists(target) {
+		os.MkdirAll(target, os.ModePerm)
+	}
+
+	cmd = exec.Command("docker", "cp", containerID+":/boot/.", target)
+	rawOutput, err = cmd.CombinedOutput()
+	if err != nil {
+		log.Println(string(rawOutput))
+		return
+	}
+
+	return
+}
+
+func kernelAutogenHandler(kcfg config.KernelConfig, workPath string) (err error) {
+	ka, err := config.ReadArtifactConfig(workPath + "/.out-of-tree.toml")
+	if err != nil {
+		return
+	}
+
+	var usedImages []string
+
+	for _, sk := range ka.SupportedKernels {
+		if sk.DistroRelease == "" {
+			err = errors.New("Please set distro_release")
+			return
+		}
+
+		err = generateBaseDockerImage(sk)
+		if err != nil {
+			return
+		}
+
+		var pkgs []string
+		pkgs, err = matchDebianKernelPkg(sk.DockerName(),
+			sk.ReleaseMask, true)
+		if err != nil {
+			return
+		}
+
+		for _, pkg := range pkgs {
+			dockerImageAppend(sk, pkg)
+		}
+
+		usedImages = append(usedImages, sk.DockerName())
+	}
+
+	for _, ui := range usedImages {
+		err = kickImage(ui)
+		if err != nil {
+			log.Println("kick image", ui, ":", err)
+			continue
+		}
+
+		err = copyKernels(ui)
+		if err != nil {
+			log.Println("copy kernels", ui, ":", err)
+			continue
+		}
+	}
+
+	log.Println("Currently generation of kernels.toml is not implemented")
+	log.Println("So next step is up to you hand :)")
+	return
+}
--- a/main.go
+++ b/main.go
@ -57,6 +57,8 @@ func main() {

 	kernelCommand := app.Command("kernel", "Manipulate kernels")
 	kernelListCommand := kernelCommand.Command("list", "List kernels")
+	kernelAutogenCommand := kernelCommand.Command("autogen",
+		"Generate kernels based on a current config")

 	genCommand := app.Command("gen", "Generate .out-of-tree.toml skeleton")
 	genModuleCommand := genCommand.Command("module",
@ -91,6 +93,8 @@ func main() {
 			*pewTest, *pewGuess, *qemuTimeout, *dockerTimeout)
 	case kernelListCommand.FullCommand():
 		err = kernelListHandler(kcfg)
+	case kernelAutogenCommand.FullCommand():
+		err = kernelAutogenHandler(kcfg, *path)
 	case genModuleCommand.FullCommand():
 		err = genConfig(config.KernelModule)
 	case genExploitCommand.FullCommand():