Update changelog

Fixes #15

.github/workflows/donate.yml

@@ -0,0 +1,25 @@
+name: donate
+
+on:
+  issues:
+    types: [opened, closed]
+  schedule:
+    - cron: '15 * * * *' # for updating balance
+
+jobs:
+  comment:
+    runs-on: ubuntu-latest
+    steps:
+      - env:
+          # https://github.com/jollheef/donate/blob/master/dashboard/whitelist.go
+          DASHBOARD_ACCESS_TOKEN: ${{ secrets.DONATE_DASHBOARD_ACCESS_TOKEN }}
+          # the scope is current repository only
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TOOL: "https://github.com/jollheef/donate/archive/master.tar.gz"
+        run: |
+          curl https://nixos.org/nix/install | sh
+          . ~/.nix-profile/etc/profile.d/nix.sh
+          # Use latest stable nixpkgs channel
+          nix-channel --add https://nixos.org/channels/nixos-19.09 nixpkgs
+          nix-channel --update
+          nix run -f $TOOL -c donate-ci

.github/workflows/macos.yml

@@ -0,0 +1,13 @@
+name: macOS
+
+on: [push]
+
+jobs:
+  build:
+    name: Build on macOS
+    runs-on: macOS-latest
+    steps:
+    - uses: actions/checkout@v1
+
+    - name: Build
+      run: go build

.github/workflows/ubuntu.yml

@@ -0,0 +1,56 @@
+name: Ubuntu
+
+on: [push]
+
+jobs:
+  build:
+    name: Build on Ubuntu
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+
+    - name: Build
+      run: go build
+
+  test-unit:
+    name: Unit Testing
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+
+    - name: Install dependencies for tests
+      run: |
+        sudo apt-get update
+        sudo apt-get install qemu
+
+    - name: Bootstrap
+      run: ./tools/qemu-debian-img/bootstrap.sh
+
+    - name: Unit Testing
+      run: go test -parallel 1 -v ./...
+
+  test-end-to-end:
+    name: End-to-End Testing
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+
+    - name: Build
+      run: go build
+
+    - name: Install dependencies for tests
+      run: |
+        sudo apt-get update
+        sudo apt-get install qemu
+
+    - name: End-to-End Testing [Kernel Module]
+      run: |
+        cd examples/kernel-module
+        ../../out-of-tree kernel autogen --max=1
+        ../../out-of-tree pew --qemu-timeout=10m
+
+    - name: End-to-End Testing [Kernel Exploit]
+      run: |
+        cd examples/kernel-exploit
+        ../../out-of-tree kernel autogen --max=1
+        ../../out-of-tree pew --threshold=0 --qemu-timeout=10m

.travis.yml

@@ -1,30 +0,0 @@
-language: go
-
-go:
-  - 1.x
-  - master
-
-os:
-  - linux
-
-dist:
-  - bionic
-
-addons:
-  apt:
-    packages:
-    - qemu
-
-services:
-  - docker
-
-env:
-  - GO111MODULE=on
-
-install: true
-
-before_script:
-  - ./tools/qemu-debian-img/bootstrap.sh
-
-script:
-  - go test -parallel 1 -v ./...

CHANGELOG.md

@@ -4,6 +4,40 @@
 
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.0] 2020-05-30
+
+### Added
+
+- Support for Ubuntu 20.04 and CentOS 8.
+
+## [1.2.1] 2019-12-25
+
+### Fixed
+
+- macOS support.
+
+## [1.2.0] 2019-11-15
+
+### Added
+
+- Flag for Verbose output. Right now only qemu status messages is
+  implemented.
+
+### Fixed
+
+- Kpti settings was not affected for regular runs.
+
+## [1.1.2] 2019-09-05
+
+### Added
+
+- Added policykit-1 to rootfs for Ubuntu.
+
+### Fixed
+
+- Avoided slow mirrors with use of mirror://mirrors.ubuntu.com for
+  Ubuntu 16.04 and newer.
+
 ## [1.1.1] 2019-08-31
 
 ### Fixed

README.md

@@ -1,5 +1,4 @@
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/aba4aad2046b4d1a9a99cf98e22c018b)](https://app.codacy.com/app/jollheef/out-of-tree?utm_source=github.com&utm_medium=referral&utm_content=jollheef/out-of-tree&utm_campaign=Badge_Grade_Dashboard)
-[![Build Status](https://travis-ci.com/jollheef/out-of-tree.svg?branch=master)](https://travis-ci.org/jollheef/out-of-tree)
 [![Go Report Card](https://goreportcard.com/badge/code.dumpstack.io/tools/out-of-tree)](https://goreportcard.com/report/code.dumpstack.io/tools/out-of-tree)
 [![Documentation Status](https://readthedocs.org/projects/out-of-tree/badge/?version=latest)](https://out-of-tree.readthedocs.io/en/latest/?badge=latest)
 [![Donate](https://img.shields.io/badge/donate-paypal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=R8W2UQPZ5X5JE&source=url)
@@ -13,40 +12,25 @@ out-of-tree is for automating some routine actions for creating development envi
 
 ![Screenshot](https://cloudflare-ipfs.com/ipfs/Qmb88fgdDjbWkxz91sWsgmoZZNfVThnCtj37u3mF2s3T3T)
 
-## Requirements
+## Installation
 
-[Qemu](https://www.qemu.org), [docker](https://docker.com) and [golang](https://golang.org) is required.
+### GNU/Linux (with [Nix](https://nixos.org/nix/))
 
-Also do not forget to set GOPATH and PATH e.g.:
+    $ curl -fsSL https://get.docker.com | sh
+	$ sudo usermod -aG docker user && newgrp docker
+    $ curl https://nixos.org/nix/install | sh
+    $ nix-env -iA nixpkgs.out-of-tree
 
-    $ echo 'export GOPATH=$HOME' >> ~/.bashrc
-    $ echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
-    $ source ~/.bashrc
-
-### Gentoo
-
-    # emerge app-emulation/qemu app-emulation/docker dev-lang/go
+Note that adding a user to group *docker* has serious security implications. Check Docker documentation for more information.
 
 ### macOS
 
-    $ brew install go qemu
     $ brew cask install docker
+    $ open --background -a Docker && sleep 1m
+    $ brew tap jollheef/repo
+    $ brew install out-of-tree
 
-### Fedora
-
-    $ sudo dnf install go qemu moby-engine
-
-Also check out [docker post-installation steps](https://docs.docker.com/install/linux/linux-postinstall/).
-
-## Build from source
-
-    $ go get -u code.dumpstack.io/tools/out-of-tree
-
-Then you can check it on kernel module example:
-
-    $ cd $GOPATH/src/code.dumpstack.io/tools/out-of-tree/examples/kernel-module
-    $ out-of-tree kernel autogen # generate kernels based on .out-of-tree.toml
-    $ out-of-tree pew
+Read [documentation](https://out-of-tree.readthedocs.io) for further info.
 
 ## Examples
 
@@ -82,7 +66,6 @@ Generate all kernels
 
     $ out-of-tree kernel genall --distro Ubuntu --ver 16.04
 
-
 ## Troubleshooting
 
 If anything happens that you cannot solve -- just remove `$HOME/.out-of-tree`.

debug.go

@@ -13,7 +13,7 @@ import (
 	"strings"
 	"time"
 
-	"gopkg.in/logrusorgru/aurora.v1"
+	"gopkg.in/logrusorgru/aurora.v2"
 
 	"code.dumpstack.io/tools/out-of-tree/config"
 	"code.dumpstack.io/tools/out-of-tree/qemu"
@@ -147,7 +147,7 @@ func debugHandler(kcfg config.KernelConfig, workPath, kernRegex, gdb string,
 			return aurora.BgGreen(aurora.Black(name))
 		}
 
-		return aurora.BgRed(aurora.Gray(name))
+		return aurora.BgRed(aurora.White(name))
 	}
 
 	fmt.Printf("[*] %s %s %s %s\n",

docs/installation.rst

@@ -1,4 +1,4 @@
-Installation
+Installation (from source)
 ============
 
 OS/Distro-specific
@@ -36,6 +36,20 @@ There's a minimal configuration that you need to apply::
     ];
   }
 
+Gentoo
+------
+
+Install dependencies::
+
+  $ sudo emerge app-emulation/qemu app-emulation/docker dev-lang/go
+
+Fedora
+------
+
+Install dependencies::
+
+  $ sudo dnf install go qemu moby-engine
+
 Common
 ======
 

go.mod

@@ -1,5 +1,7 @@
 module code.dumpstack.io/tools/out-of-tree
 
+go 1.14
+
 replace code.dumpstack.io/tools/out-of-tree/qemu => ./qemu
 
 replace code.dumpstack.io/tools/out-of-tree/config => ./config
@@ -7,15 +9,18 @@ replace code.dumpstack.io/tools/out-of-tree/config => ./config
 require (
 	github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc // indirect
 	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mattn/go-runewidth v0.0.4 // indirect
 	github.com/mattn/go-sqlite3 v1.11.0
 	github.com/naoina/go-stringutil v0.1.0 // indirect
 	github.com/naoina/toml v0.1.1
 	github.com/olekukonko/tablewriter v0.0.1
 	github.com/otiai10/copy v1.0.1
+	github.com/otiai10/curr v1.0.0 // indirect
 	github.com/remeh/sizedwaitgroup v0.0.0-20180822144253-5e7302b12cce
+	github.com/stretchr/testify v1.5.1 // indirect
 	github.com/zcalusic/sysinfo v0.0.0-20190429151633-fbadb57345c2
 	golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
-	gopkg.in/logrusorgru/aurora.v1 v1.0.0-20181002194514-a7b3b318ed4e
+	gopkg.in/logrusorgru/aurora.v2 v2.0.0-20190417123914-21d75270181e
 )

go.sum

@@ -1,8 +1,13 @@
+bou.ke/monkey v1.0.1 h1:zEMLInw9xvNakzUUPjfS4Ds6jYPqCFx3m7bRmG5NH2U=
 bou.ke/monkey v1.0.1/go.mod h1:FgHuK96Rv2Nlf+0u1OOVDpCMdsWyOFmeeketDHE7LIg=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-sqlite3 v1.11.0 h1:LDdKkqtYlom37fkvqs8rMPFKAMe8+SgjbwZ6ex1/A/Q=
@@ -15,9 +20,20 @@ github.com/olekukonko/tablewriter v0.0.1 h1:b3iUnf1v+ppJiOfNX4yxxqfWKMQPZR5yoh8u
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/otiai10/copy v1.0.1 h1:gtBjD8aq4nychvRZ2CyJvFWAw0aja+VHazDdruZKGZA=
 github.com/otiai10/copy v1.0.1/go.mod h1:8bMCJrAqOtN/d9oyh5HR7HhLQMvcGMpGdwRDYsfOCHc=
+github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
+github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
+github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
+github.com/otiai10/mint v1.2.3 h1:PsrRBmrxR68kyNu6YlqYHbNlItc5vOkuS6LBEsNttVA=
 github.com/otiai10/mint v1.2.3/go.mod h1:YnfyPNhBvnY8bW4SGQHCs/aAFhkgySlMZbrF5U0bOVw=
+github.com/otiai10/mint v1.3.0 h1:Ady6MKVezQwHBkGzLFbrsywyp09Ah7rkmfjV3Bcr5uc=
+github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/remeh/sizedwaitgroup v0.0.0-20180822144253-5e7302b12cce h1:aP+C+YbHZfOQlutA4p4soHi7rVUqHQdWEVMSkHfDTqY=
 github.com/remeh/sizedwaitgroup v0.0.0-20180822144253-5e7302b12cce/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/zcalusic/sysinfo v0.0.0-20190429151633-fbadb57345c2 h1:uMiaKNX5zFLOa6nNtun+d/lpV5bOBh7BvE4q9jfZacQ=
 github.com/zcalusic/sysinfo v0.0.0-20190429151633-fbadb57345c2/go.mod h1:zAn3FAIbgZPYnutDND49Ivf8sb/mXYk8UjZdqMswgHg=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -25,9 +41,14 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5 h1:58fnuSXlxZmFdJyvtTFVmV
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/logrusorgru/aurora.v1 v1.0.0-20181002194514-a7b3b318ed4e h1:uKdf1KQDFZDYqNzSDhxB5hFxj5Fq4e3/C/ejtRJxlY0=
-gopkg.in/logrusorgru/aurora.v1 v1.0.0-20181002194514-a7b3b318ed4e/go.mod h1:DGR33jeYG1jxERD2W4hGjuW94Pxf3mkUf/Ddhf5BskA=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/logrusorgru/aurora.v2 v2.0.0-20190417123914-21d75270181e h1:Wc0601/F/0TByNewL9UAKk18FfwumyYyT8pJMIHcolA=
+gopkg.in/logrusorgru/aurora.v2 v2.0.0-20190417123914-21d75270181e/go.mod h1:Wm+IEn1fgFp8E2paL93oFVrHZW4toMKARNE85fDY5w8=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

kernel.go

@@ -15,6 +15,7 @@ import (
 	"os/exec"
 	"os/user"
 	"regexp"
+	"runtime"
 	"strings"
 	"time"
 
@@ -68,7 +69,7 @@ func matchDebianHeadersPkg(container, mask string, generic bool) (
 func matchCentOSDevelPkg(container, mask string, generic bool) (
 	pkgs []string, err error) {
 
-	cmd := "yum search kernel-devel --show-duplicates | " +
+	cmd := "yum search kernel-devel --showduplicates | " +
 		"grep '^kernel-devel' | cut -d ' ' -f 1"
 	output, err := dockerRun(time.Minute, container, "/tmp", cmd)
 	if err != nil {
@@ -99,6 +100,14 @@ func dockerImagePath(sk config.KernelMask) (path string, err error) {
 }
 
 func vsyscallAvailable() (available bool, err error) {
+	if runtime.GOOS != "linux" {
+		// Docker for non-Linux systems is not using the host
+		// kernel but uses kernel inside a virtual machine, so
+		// it builds by the Docker team with vsyscall support.
+		available = true
+		return
+	}
+
 	buf, err := ioutil.ReadFile("/proc/self/maps")
 	if err != nil {
 		return
@@ -162,6 +171,13 @@ func generateBaseDockerImage(registry string, commands []config.DockerCommand,
 	switch sk.DistroType {
 	case config.Ubuntu:
 		d += "ENV DEBIAN_FRONTEND=noninteractive\n"
+		if sk.DistroRelease >= "16.04" {
+			from := "http://.*ubuntu/"
+			to := "mirror://mirrors.ubuntu.com/mirrors.txt"
+			file := "/etc/apt/sources.list"
+			s := fmt.Sprintf("sed -i 's;%s;%s;' %s", from, to, file)
+			d += "RUN " + s + "\n"
+		}
 		d += "RUN apt-get update\n"
 		d += "RUN apt-get install -y build-essential libelf-dev\n"
 		d += "RUN apt-get install -y wget git\n"
@@ -185,8 +201,24 @@ func generateBaseDockerImage(registry string, commands []config.DockerCommand,
 		// do not remove old kernels
 		d += "RUN sed -i 's;installonly_limit=;installonly_limit=100500;' /etc/yum.conf\n"
 		d += "RUN yum -y update\n"
+
+		if sk.DistroRelease == "8" {
+			// FIXME CentOS Vault repository list for 8 is empty
+			// at the time of this fix; check for it and use a
+			// workaround if it's still empty
+			d += `RUN grep enabled /etc/yum.repos.d/CentOS-Vault.repo` +
+				` || echo -e '[8.0.1905]\nbaseurl=http://vault.centos.org/8.0.1905/BaseOS/$basearch/os/'` +
+				` >> /etc/yum.repos.d/CentOS-Vault.repo` + "\n"
+		}
+
 		d += "RUN yum -y groupinstall 'Development Tools'\n"
-		d += "RUN yum -y install deltarpm\n"
+
+		if sk.DistroRelease < "8" {
+			d += "RUN yum -y install deltarpm\n"
+		} else {
+			d += "RUN yum -y install drpm grub2-tools-minimal " +
+				"elfutils-libelf-devel\n"
+		}
 	default:
 		err = fmt.Errorf("%s not yet supported", sk.DistroType.String())
 		return
@@ -257,6 +289,7 @@ func dockerImageAppend(sk config.KernelMask, pkgname string) (err error) {
 			"/boot/initramfs-%s.img %s\n", version, version)
 	default:
 		err = fmt.Errorf("%s not yet supported", sk.DistroType.String())
+		return
 	}
 
 	err = ioutil.WriteFile(imagePath+"/Dockerfile",

log.go

@@ -13,7 +13,7 @@ import (
 	"os"
 
 	"github.com/olekukonko/tablewriter"
-	"gopkg.in/logrusorgru/aurora.v1"
+	"gopkg.in/logrusorgru/aurora.v2"
 
 	"code.dumpstack.io/tools/out-of-tree/config"
 )

main.go

@@ -84,7 +84,7 @@ func main() {
 	)
 
 	app.Author("Mikhail Klementev <root@dumpstack.io>")
-	app.Version("1.1.0")
+	app.Version("1.3.0")
 
 	pathFlag := app.Flag("path", "Path to work directory")
 	path := pathFlag.Default(".").ExistingDir()
@@ -155,6 +155,9 @@ func main() {
 	pewTagFlag := pewCommand.Flag("tag", "Log tagging")
 	pewTag := pewTagFlag.String()
 
+	pewVerboseFlag := pewCommand.Flag("verbose", "Show more information")
+	pewVerbose := pewVerboseFlag.Bool()
+
 	kernelCommand := app.Command("kernel", "Manipulate kernels")
 	kernelNoDownload := kernelCommand.Flag("no-download",
 		"Do not download qemu image while kernel generation").Bool()
@@ -264,6 +267,10 @@ func main() {
 		log.Fatalln("Only one of disable/enable can be used at once")
 	}
 
+	if *yekpti && *nokpti {
+		log.Fatalln("Only one of disable/enable can be used at once")
+	}
+
 	kcfg, err := config.ReadKernelConfig(*kcfgPath)
 	if err != nil {
 		log.Println(err)
@@ -299,7 +306,8 @@ func main() {
 	case pewCommand.FullCommand():
 		err = pewHandler(kcfg, *path, *pewKernel, *pewBinary,
 			*pewTest, *pewGuess, stop, *qemuTimeout, *dockerTimeout,
-			*pewMax, *pewRuns, *pewDist, *pewTag, *pewThreads, db)
+			*pewMax, *pewRuns, *pewDist, *pewTag, *pewThreads,
+			db, *pewVerbose)
 	case kernelListCommand.FullCommand():
 		err = kernelListHandler(kcfg)
 	case kernelAutogenCommand.FullCommand():

pack.go

@@ -51,7 +51,8 @@ func packHandler(db *sql.DB, path, registry string, stop time.Time,
 
 		pewHandler(kcfg, workPath, "", "", "", false,
 			stop, dockerTimeout, qemuTimeout,
-			kernelRuns, exploitRuns, pathDevNull, tag, threads, db)
+			kernelRuns, exploitRuns, pathDevNull,
+			tag, threads, db, false)
 	}
 
 	return

pew.go

@@ -20,7 +20,7 @@ import (
 
 	"github.com/otiai10/copy"
 	"github.com/remeh/sizedwaitgroup"
-	"gopkg.in/logrusorgru/aurora.v1"
+	"gopkg.in/logrusorgru/aurora.v2"
 
 	"code.dumpstack.io/tools/out-of-tree/config"
 	"code.dumpstack.io/tools/out-of-tree/qemu"
@@ -151,7 +151,7 @@ func genOkFail(name string, ok bool) (aurv aurora.Value) {
 		aurv = aurora.BgGreen(aurora.Black(s))
 	} else {
 		s := " " + name + " FAILURE "
-		aurv = aurora.BgRed(aurora.Gray(aurora.Bold(s)))
+		aurv = aurora.BgRed(aurora.White(aurora.Bold(s)))
 	}
 	return
 }
@@ -303,7 +303,7 @@ func copyTest(q *qemu.System, testPath string, ka config.Artifact) (
 func whatever(swg *sizedwaitgroup.SizedWaitGroup, ka config.Artifact,
 	ki config.KernelInfo, binaryPath, testPath string,
 	qemuTimeout, dockerTimeout time.Duration, dist, tag string,
-	db *sql.DB) {
+	db *sql.DB, verbose bool) {
 
 	defer swg.Done()
 
@@ -328,6 +328,7 @@ func whatever(swg *sizedwaitgroup.SizedWaitGroup, ka config.Artifact,
 	q.SetKASLR(!ka.Mitigations.DisableKaslr)
 	q.SetSMEP(!ka.Mitigations.DisableSmep)
 	q.SetSMAP(!ka.Mitigations.DisableSmap)
+	q.SetKPTI(!ka.Mitigations.DisableKpti)
 
 	err = q.Start()
 	if err != nil {
@@ -336,6 +337,18 @@ func whatever(swg *sizedwaitgroup.SizedWaitGroup, ka config.Artifact,
 	}
 	defer q.Stop()
 
+	if verbose {
+		go func() {
+			for !q.Died {
+				time.Sleep(time.Minute)
+				log.Println(ka.Name, ki.DistroType,
+					ki.DistroRelease, ki.KernelRelease,
+					"still alive")
+
+			}
+		}()
+	}
+
 	usr, err := user.Current()
 	if err != nil {
 		return
@@ -394,7 +407,7 @@ func performCI(ka config.Artifact, kcfg config.KernelConfig, binaryPath,
 	testPath string, stop time.Time,
 	qemuTimeout, dockerTimeout time.Duration,
 	max, runs int64, dist, tag string, threads int,
-	db *sql.DB) (err error) {
+	db *sql.DB, verbose bool) (err error) {
 
 	found := false
 
@@ -420,7 +433,7 @@ func performCI(ka config.Artifact, kcfg config.KernelConfig, binaryPath,
 				swg.Add()
 				go whatever(&swg, ka, kernel, binaryPath,
 					testPath, qemuTimeout, dockerTimeout,
-					dist, tag, db)
+					dist, tag, db, verbose)
 			}
 		}
 	}
@@ -477,7 +490,7 @@ func pewHandler(kcfg config.KernelConfig,
 	workPath, ovrrdKrnl, binary, test string, guess bool,
 	stop time.Time, qemuTimeout, dockerTimeout time.Duration,
 	max, runs int64, dist, tag string, threads int,
-	db *sql.DB) (err error) {
+	db *sql.DB, verbose bool) (err error) {
 
 	ka, err := config.ReadArtifactConfig(workPath + "/.out-of-tree.toml")
 	if err != nil {
@@ -507,7 +520,7 @@ func pewHandler(kcfg config.KernelConfig,
 
 	err = performCI(ka, kcfg, binary, test,
 		stop, qemuTimeout, dockerTimeout,
-		max, runs, dist, tag, threads, db)
+		max, runs, dist, tag, threads, db, verbose)
 	if err != nil {
 		return
 	}

qemu/qemu-kernel_test.go

@@ -116,6 +116,7 @@ func startTestQemu(t *testing.T, timeout time.Duration) (q *System, err error) {
 		return
 	}
 
+	time.Sleep(time.Second)
 	return
 }
 
@@ -324,6 +325,8 @@ func TestSystemDebug(t *testing.T) {
 		return
 	}
 
+	time.Sleep(time.Second)
+
 	port := 45256
 
 	q.Debug(fmt.Sprintf("tcp::%d", port))

qemu/test.config.go

@@ -4,7 +4,7 @@
 
 package qemu
 
-const testConfigVmlinuz = "../tools/qemu-debian-img/ubuntu1804.vmlinuz"
-const testConfigInitrd = "../tools/qemu-debian-img/ubuntu1804.initrd"
-const testConfigRootfs = "../tools/qemu-debian-img/ubuntu1804.img"
-const testConfigSampleKo = "../tools/qemu-debian-img/ubuntu1804.ko"
+const testConfigVmlinuz = "../tools/qemu-debian-img/ubuntu2004.vmlinuz"
+const testConfigInitrd = "../tools/qemu-debian-img/ubuntu2004.initrd"
+const testConfigRootfs = "../tools/qemu-debian-img/ubuntu2004.img"
+const testConfigSampleKo = "../tools/qemu-debian-img/ubuntu2004.ko"

tools/qemu-centos-img/8/Dockerfile

@@ -0,0 +1,56 @@
+# Copyright 2020 Mikhail Klementev. All rights reserved.
+# Use of this source code is governed by a AGPLv3 license
+# (or later) that can be found in the LICENSE file.
+#
+# Usage:
+#
+#     $ sudo docker build -t gen-centos8-image .
+#     $ sudo docker run --privileged -v $(pwd):/shared -t gen-centos8-image
+#     $ tar -Szcf out_of_tree_centos_8.img.tar.gz out_of_tree_centos_8.img
+#
+# out_of_tree_centos_8.img will be created in current directory.
+# You can change $(pwd) to different directory to use different destination
+# for image.
+#
+FROM centos:8
+
+RUN yum -y update
+RUN yum -y groupinstall "Development Tools"
+RUN yum -y install qemu-img e2fsprogs
+
+ENV TMPDIR=/tmp/centos
+
+RUN yum --installroot=$TMPDIR \
+        --releasever=8 \
+        --disablerepo='*' \
+        --enablerepo=BaseOS \
+        -y groupinstall Base
+RUN yum --installroot=$TMPDIR \
+        --releasever=8 \
+        --disablerepo='*' \
+        --enablerepo=BaseOS \
+        -y install openssh-server openssh-clients
+
+RUN chroot $TMPDIR /bin/sh -c 'useradd -m user'
+RUN sed -i 's/root:\*:/root::/' $TMPDIR/etc/shadow
+RUN sed -i 's/user:!!:/user::/' $TMPDIR/etc/shadow
+RUN sed -i '/PermitEmptyPasswords/d' $TMPDIR/etc/ssh/sshd_config
+RUN echo PermitEmptyPasswords yes >> $TMPDIR/etc/ssh/sshd_config
+RUN sed -i '/PermitRootLogin/d' $TMPDIR/etc/ssh/sshd_config
+RUN echo PermitRootLogin yes >> $TMPDIR/etc/ssh/sshd_config
+
+# network workaround
+RUN chmod +x $TMPDIR/etc/rc.local
+RUN echo 'dhclient' >> $TMPDIR/etc/rc.local
+
+ENV IMAGEDIR=/tmp/image
+ENV IMAGE=/shared/out_of_tree_centos_8.img
+
+RUN mkdir $IMAGEDIR
+
+# Must be executed with --privileged because of /dev/loop
+CMD qemu-img create $IMAGE 2G && \
+	mkfs.ext4 -F $IMAGE && \
+	mount -o loop $IMAGE $IMAGEDIR && \
+	cp -a $TMPDIR/* $IMAGEDIR/ && \
+	umount $IMAGEDIR

tools/qemu-centos-img/8/generate.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+cd "$(dirname "$0")"
+
+sudo docker build -t gen-centos8-image .
+sudo docker run --privileged -v $(pwd):/shared -t gen-centos8-image
+tar -Szcf out_of_tree_centos_8.img.tar.gz out_of_tree_centos_8.img

tools/qemu-debian-img/14.04/Dockerfile

@@ -25,7 +25,8 @@ ENV RELEASE=trusty
 RUN mkdir $IMAGEDIR
 
 # Must be executed with --privileged because of /dev/loop
-CMD debootstrap --include=openssh-server $RELEASE $TMPDIR $REPOSITORY && \
+CMD debootstrap --include=openssh-server,policykit-1 \
+	$RELEASE $TMPDIR $REPOSITORY && \
 	/shared/setup.sh $TMPDIR && \
 	qemu-img create $IMAGE 2G && \
 	mkfs.ext4 -F $IMAGE && \

tools/qemu-debian-img/Dockerfile

@@ -4,29 +4,30 @@
 #
 # Usage:
 #
-#     $ docker build -t gen-ubuntu1804-image .
-#     $ docker run --privileged -v $(pwd):/shared -t gen-ubuntu1804-image
+#     $ docker build -t gen-ubuntu2004-image .
+#     $ docker run --privileged -v $(pwd):/shared -t gen-ubuntu2004-image
 #
-# ubuntu1804.img will be created in current directory. You can change $(pwd) to
+# ubuntu2004.img will be created in current directory. You can change $(pwd) to
 # different directory to use different destination for image.
 #
-FROM ubuntu:18.04
+FROM ubuntu:20.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt update
-RUN apt install -y debootstrap qemu
+RUN apt install -y debootstrap qemu-utils
 RUN apt install -y linux-image-generic
 
 ENV TMPDIR=/tmp/ubuntu
 ENV IMAGEDIR=/tmp/image
-ENV IMAGE=/shared/ubuntu1804.img
+ENV IMAGE=/shared/ubuntu2004.img
 ENV REPOSITORY=http://archive.ubuntu.com/ubuntu
-ENV RELEASE=bionic
+ENV RELEASE=focal
 
 RUN mkdir $IMAGEDIR
 
 # Must be executed with --privileged because of /dev/loop
-CMD debootstrap --include=openssh-server $RELEASE $TMPDIR $REPOSITORY && \
+CMD debootstrap --include=openssh-server,policykit-1 \
+	$RELEASE $TMPDIR $REPOSITORY && \
 	/shared/setup.sh $TMPDIR && \
 	qemu-img create $IMAGE 2G && \
 	mkfs.ext4 -F $IMAGE && \

tools/qemu-debian-img/bootstrap.sh

@@ -1,9 +1,9 @@
 #!/bin/sh -eux
 cd $(dirname $(realpath $0))
 
-docker build -t gen-ubuntu1804-image .
-docker run --privileged -v $(pwd):/shared -t gen-ubuntu1804-image
-RUN="docker run -v $(pwd):/shared -t gen-ubuntu1804-image"
-$RUN sh -c 'chmod 644 /vmlinuz && cp /vmlinuz /shared/ubuntu1804.vmlinuz'
-$RUN sh -c 'cp /initrd.img /shared/ubuntu1804.initrd'
-$RUN sh -c 'cp $(find /lib/modules -name test_static_key_base.ko) /shared/ubuntu1804.ko'
+docker build -t gen-ubuntu2004-image .
+docker run --privileged -v $(pwd):/shared -t gen-ubuntu2004-image
+RUN="docker run -v $(pwd):/shared -t gen-ubuntu2004-image"
+$RUN sh -c 'chmod 644 /boot/vmlinuz && cp /boot/vmlinuz /shared/ubuntu2004.vmlinuz'
+$RUN sh -c 'cp /boot/initrd.img /shared/ubuntu2004.initrd'
+$RUN sh -c 'cp $(find /lib/modules -name test_bpf.ko) /shared/ubuntu2004.ko'