Basic kernel autogeneration (based on current config) implementation

2018-11-28 22:41:17 +00:00 · 2018-11-28 22:41:17 +00:00 · 8eff63f2b9
commit 8eff63f2b9
parent 804e0b4879
5 changed files with 272 additions and 0 deletions
--- a/config/config.go
+++ b/config/config.go
@ -21,6 +21,12 @@ type KernelMask struct {
 	ReleaseMask   string
 }
 func (km KernelMask) DockerName() string {
 	distro := strings.ToLower(km.DistroType.String())
 	release := strings.Replace(km.DistroRelease, ".", "", -1)
 	return fmt.Sprintf("out_of_tree_%s_%s", distro, release)
 }
 type ArtifactType int
 const (
--- a/examples/kernel-exploit/.out-of-tree.toml
+++ b/examples/kernel-exploit/.out-of-tree.toml
@ -5,15 +5,18 @@ type = "exploit"
 [[supported_kernels]]
 distro_type = "Ubuntu"
 distro_release = "16.04"
 release_mask = "4.4.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32|33|34|35|36|37|38|39|40|41|42|43|44|45|46|47|48|49|50|51|52|53|54|55|56|57|58|59|60|61|62|63|64|65|66|67|68|69|70|71|72|73|74|75|76|77|78|79|80|81|82|83|84|85|86|87|88|89|90|91|92|93|94|95|96|97|98|99|100|101|102|103|104|105|106|107|108|109|110|111|112|113|114|115|116)-.*"
 [[supported_kernels]]
 distro_type = "Ubuntu"
 distro_release = "16.04"
 release_mask = "4.8.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32|33|34|35|36|37|38|39|40|41|42|43|44|45|46|47|48|49|50|51|52|53|54|55|56|57|58)-.*"
 [[supported_kernels]]
 # Can be Ubuntu/CentOS/Debian/etc.
 distro_type = "Ubuntu"
 distro_release = "16.04"
 # regex for `uname -r`
 # See also: regex-golang.appspot.com
 # stupid way to generate: $ echo '4.4.0-('$(seq 44 | xargs echo | sed 's/ /|/g')')-.*'
@ -21,8 +24,10 @@ release_mask = "4.10.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22
 [[supported_kernels]]
 distro_type = "Ubuntu"
 distro_release = "16.04"
 release_mask = "4.11.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14)-.*"
 [[supported_kernels]]
 distro_type = "Ubuntu"
 distro_release = "16.04"
 release_mask = "4.13.0-(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21)-.*"
--- a/examples/kernel-module/.out-of-tree.toml
+++ b/examples/kernel-module/.out-of-tree.toml
@ -6,6 +6,7 @@ type = "module"
 [[supported_kernels]]
 # Can be Ubuntu/CentOS/Debian/etc.
 distro_type = "Ubuntu"
 distro_release = "16.04"
 # regex for `uname -r`
 # See also: regex-golang.appspot.com
 release_mask = "4.4.0-70-.*"
@ -13,5 +14,6 @@ release_mask = "4.4.0-70-.*"
 # [[supported_kernels]] may be defined unlimited number of times
 [[supported_kernels]]
 distro_type = "Ubuntu"
 distro_release = "18.04"
 # Also you can use only one kernel
 release_mask = "4.15.0-29-generic"
--- a/kernel.go
+++ b/kernel.go
@ -7,6 +7,13 @@ package main
 import (
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"os"
 	"os/exec"
 	"os/user"
 	"regexp"
 	"strings"
 	"github.com/jollheef/out-of-tree/config"
 )
@ -20,3 +27,251 @@ func kernelListHandler(kcfg config.KernelConfig) (err error) {
 	}
 	return
 }
 func matchDebianKernelPkg(container, mask string, generic bool) (pkgs []string,
 	err error) {
 	cmd := "apt-cache search linux-image | cut -d ' ' -f 1"
 	c := dockerCommand(container, "/tmp", "1m", cmd)
 	rawOutput, err := c.CombinedOutput()
 	if err != nil {
 		return
 	}
 	r, err := regexp.Compile("linux-image-" + mask)
 	if err != nil {
 		return
 	}
 	kernels := r.FindAll(rawOutput, -1)
 	for _, k := range kernels {
 		pkg := string(k)
 		if generic && !strings.HasSuffix(pkg, "generic") {
 			continue
 		}
 		pkgs = append(pkgs, pkg)
 	}
 	return
 }
 func dockerImagePath(sk config.KernelMask) (path string, err error) {
 	usr, err := user.Current()
 	if err != nil {
 		return
 	}
 	path = usr.HomeDir + "/.out-of-tree/"
 	path += sk.DistroType.String() + "/" + sk.DistroRelease
 	return
 }
 func generateBaseDockerImage(sk config.KernelMask) (err error) {
 	imagePath, err := dockerImagePath(sk)
 	if err != nil {
 		return
 	}
 	dockerPath := imagePath + "/Dockerfile"
 	d := "# BASE\n"
 	if exists(dockerPath) {
 		log.Printf("Base image for %s:%s found",
 			sk.DistroType.String(), sk.DistroRelease)
 		return
 	} else {
 		log.Printf("Base image for %s:%s not found, start generating",
 			sk.DistroType.String(), sk.DistroRelease)
 		os.MkdirAll(imagePath, os.ModePerm)
 	}
 	d += fmt.Sprintf("FROM %s:%s\n",
 		strings.ToLower(sk.DistroType.String()),
 		sk.DistroRelease,
 	)
 	switch sk.DistroType {
 	case config.Ubuntu:
 		d += "ENV DEBIAN_FRONTEND=noninteractive\n"
 		d += "RUN apt-get update\n"
 		d += "RUN apt-get install -y build-essential libelf-dev\n"
 		d += "RUN apt-get install -y wget git\n"
 	default:
 		s := fmt.Sprintf("%s not yet supported", sk.DistroType.String())
 		err = errors.New(s)
 		return
 	}
 	d += "# END BASE\n\n"
 	err = ioutil.WriteFile(dockerPath, []byte(d), 0644)
 	if err != nil {
 		return
 	}
 	cmd := exec.Command("docker", "build", "-t", sk.DockerName(), imagePath)
 	rawOutput, err := cmd.CombinedOutput()
 	if err != nil {
 		log.Printf("Base image for %s:%s generating error, see log",
 			sk.DistroType.String(), sk.DistroRelease)
 		log.Println(string(rawOutput))
 		return
 	}
 	log.Printf("Base image for %s:%s generating success",
 		sk.DistroType.String(), sk.DistroRelease)
 	return
 }
 func dockerImageAppend(sk config.KernelMask, pkgname string) (err error) {
 	imagePath, err := dockerImagePath(sk)
 	if err != nil {
 		return
 	}
 	raw, err := ioutil.ReadFile(imagePath + "/Dockerfile")
 	if err != nil {
 		return
 	}
 	if strings.Contains(string(raw), pkgname) {
 		// already installed kernel
 		log.Printf("kernel %s for %s:%s is already exists",
 			pkgname, sk.DistroType.String(), sk.DistroRelease)
 		return
 	}
 	log.Printf("Start adding kernel %s for %s:%s",
 		pkgname, sk.DistroType.String(), sk.DistroRelease)
 	//s := fmt.Sprintf("RUN apt-get install -y %s %s\n", pkgname,
 	s := fmt.Sprintf("RUN apt-get install -y %s %s\n", pkgname,
 		strings.Replace(pkgname, "image", "headers", -1))
 	err = ioutil.WriteFile(imagePath+"/Dockerfile",
 		append(raw, []byte(s)...), 0644)
 	if err != nil {
 		return
 	}
 	cmd := exec.Command("docker", "build", "-t", sk.DockerName(), imagePath)
 	rawOutput, err := cmd.CombinedOutput()
 	if err != nil {
 		// Fallback to previous state
 		werr := ioutil.WriteFile(imagePath+"/Dockerfile", raw, 0644)
 		if werr != nil {
 			return
 		}
 		log.Printf("Add kernel %s for %s:%s error, see log",
 			pkgname, sk.DistroType.String(), sk.DistroRelease)
 		log.Println(string(rawOutput))
 		return
 	}
 	log.Printf("Add kernel %s for %s:%s success",
 		pkgname, sk.DistroType.String(), sk.DistroRelease)
 	return
 }
 func kickImage(name string) (err error) {
 	cmd := exec.Command("docker", "run", name, "bash", "-c", "ls")
 	_, err = cmd.CombinedOutput()
 	return
 }
 func copyKernels(name string) (err error) {
 	cmd := exec.Command("docker", "ps", "-a")
 	rawOutput, err := cmd.CombinedOutput()
 	if err != nil {
 		log.Println(string(rawOutput))
 		return
 	}
 	r, err := regexp.Compile(".*" + name)
 	if err != nil {
 		return
 	}
 	var containerID string
 	what := r.FindAll(rawOutput, -1)
 	for _, w := range what {
 		containerID = strings.Fields(string(w))[0]
 		break
 	}
 	usr, err := user.Current()
 	if err != nil {
 		return
 	}
 	target := usr.HomeDir + "/.out-of-tree/kernels/"
 	if !exists(target) {
 		os.MkdirAll(target, os.ModePerm)
 	}
 	cmd = exec.Command("docker", "cp", containerID+":/boot/.", target)
 	rawOutput, err = cmd.CombinedOutput()
 	if err != nil {
 		log.Println(string(rawOutput))
 		return
 	}
 	return
 }
 func kernelAutogenHandler(kcfg config.KernelConfig, workPath string) (err error) {
 	ka, err := config.ReadArtifactConfig(workPath + "/.out-of-tree.toml")
 	if err != nil {
 		return
 	}
 	var usedImages []string
 	for _, sk := range ka.SupportedKernels {
 		if sk.DistroRelease == "" {
 			err = errors.New("Please set distro_release")
 			return
 		}
 		err = generateBaseDockerImage(sk)
 		if err != nil {
 			return
 		}
 		var pkgs []string
 		pkgs, err = matchDebianKernelPkg(sk.DockerName(),
 			sk.ReleaseMask, true)
 		if err != nil {
 			return
 		}
 		for _, pkg := range pkgs {
 			dockerImageAppend(sk, pkg)
 		}
 		usedImages = append(usedImages, sk.DockerName())
 	}
 	for _, ui := range usedImages {
 		err = kickImage(ui)
 		if err != nil {
 			log.Println("kick image", ui, ":", err)
 			continue
 		}
 		err = copyKernels(ui)
 		if err != nil {
 			log.Println("copy kernels", ui, ":", err)
 			continue
 		}
 	}
 	log.Println("Currently generation of kernels.toml is not implemented")
 	log.Println("So next step is up to you hand :)")
 	return
 }
--- a/main.go
+++ b/main.go
@ -57,6 +57,8 @@ func main() {
 	kernelCommand := app.Command("kernel", "Manipulate kernels")
 	kernelListCommand := kernelCommand.Command("list", "List kernels")
 	kernelAutogenCommand := kernelCommand.Command("autogen",
 		"Generate kernels based on a current config")
 	genCommand := app.Command("gen", "Generate .out-of-tree.toml skeleton")
 	genModuleCommand := genCommand.Command("module",
@ -91,6 +93,8 @@ func main() {
 			*pewTest, *pewGuess, *qemuTimeout, *dockerTimeout)
 	case kernelListCommand.FullCommand():
 		err = kernelListHandler(kcfg)
 	case kernelAutogenCommand.FullCommand():
 		err = kernelAutogenHandler(kcfg, *path)
 	case genModuleCommand.FullCommand():
 		err = genConfig(config.KernelModule)
 	case genExploitCommand.FullCommand():