Use single temp directory base

Cleanup after cache kernel package dependencies
brew cask is no longer a brew command
2023-04-07 16:44:21 +00:00 · 2023-04-07 16:27:56 +00:00 · 2023-04-07 14:30:59 +00:00 · 2023-04-07 13:55:58 +00:00 · 2023-04-07 13:30:30 +00:00 · 2023-04-07 10:42:34 +00:00
10 changed files with 117 additions and 88 deletions
--- a/README.md
+++ b/README.md
@ -17,53 +17,33 @@ out-of-tree is for automating some routine actions for creating development envi
    $ curl -fsSL https://get.docker.com | sh
 	$ sudo usermod -aG docker user && newgrp docker
    $ curl -L https://nixos.org/nix/install | sh
-    $ nix-env -iA nixpkgs.out-of-tree
+    $ nix-env -iA nixpkgs.out-of-tree # Note: may not be up to date immediately, in this case consider installing from source

 Note that adding a user to group *docker* has serious security implications. Check Docker documentation for more information.

 ### macOS

-    $ brew cask install docker
+    $ brew install --cask docker
    $ open --background -a Docker && sleep 1m
-    $ brew tap jollheef/repo
+    $ brew tap out-of-tree/repo
    $ brew install out-of-tree

 Read [documentation](https://out-of-tree.readthedocs.io) for further info.

 ## Examples

-Run by absolute path
+Generate all Ubuntu 22.04 kernels:

-    $ out-of-tree --path /path/to/exploit/directory pew
+    $ out-of-tree kernel genall --distro=Ubuntu --ver=22.04

-Test only with one kernel:
+Run tests based on .out-of-tree.toml definitions:

-    $ out-of-tree pew --kernel='Ubuntu:5.4.0-29-generic
+	$ out-of-tree pew
+
+Test with a specific kernel:
+
+    $ out-of-tree pew --kernel='Ubuntu:5.4.0-29-generic'

 Run debug environment:

-    $ out-of-tree debug --kernel='Ubuntu:5.4.0-29-generic
-
-Test binary module/exploit with implicit defined test ($BINARY_test)
-
-    $ out-of-tree pew --binary /path/to/exploit
-
-Test binary module/exploit with explicit defined test
-
-    $ out-of-tree pew --binary /path/to/exploit --test /path/to/exploit_test
-
-Guess work kernels:
-
-    $ out-of-tree pew --guess
-
-Use custom kernels config
-
-    $ out-of-tree --kernels /path/to/kernels.toml pew
-
-Generate all kernels
-
-    $ out-of-tree kernel genall --distro Ubuntu --ver 22.04
-
-## Development
-
-Read [Qemu API](qemu/README.md).
+    $ out-of-tree debug --kernel='Ubuntu:5.4.0-29-generic'
--- a/debug.go
+++ b/debug.go
@ -144,7 +144,7 @@ func (cmd *DebugCmd) Run(g *Globals) (err error) {
 	}
 	defer q.Stop()

-	tmp, err := ioutil.TempDir("/tmp/", "out-of-tree_")
+	tmp, err := ioutil.TempDir(tempDirBase, "out-of-tree_")
 	if err != nil {
 		return
 	}
--- a/go.mod
+++ b/go.mod
@ -1,27 +1,50 @@
 module code.dumpstack.io/tools/out-of-tree

-go 1.14
+go 1.17

 replace code.dumpstack.io/tools/out-of-tree/qemu => ./qemu

 replace code.dumpstack.io/tools/out-of-tree/config => ./config

 require (
-	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/alecthomas/kong v0.7.1
 	github.com/go-git/go-git/v5 v5.6.1
-	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mattn/go-sqlite3 v1.14.16
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/naoina/go-stringutil v0.1.0 // indirect
 	github.com/naoina/toml v0.1.1
 	github.com/natefinch/lumberjack v2.0.0+incompatible
 	github.com/olekukonko/tablewriter v0.0.5
-	github.com/otiai10/copy v1.9.0
+	github.com/otiai10/copy v1.10.0
 	github.com/remeh/sizedwaitgroup v1.0.0
 	github.com/rs/zerolog v1.29.0
 	github.com/zcalusic/sysinfo v0.9.5
 	golang.org/x/crypto v0.7.0
 	gopkg.in/logrusorgru/aurora.v2 v2.0.3
-	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+)
+
+require (
+	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/Microsoft/go-winio v0.5.2 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	github.com/acomagu/bufpipe v1.0.4 // indirect
+	github.com/cloudflare/circl v1.1.0 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.4.1 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/naoina/go-stringutil v0.1.0 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/skeema/knownhosts v1.1.0 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -80,14 +80,10 @@ github.com/natefinch/lumberjack v2.0.0+incompatible/go.mod h1:Wi9p2TTF5DG5oU+6Yf
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
-github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
-github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
-github.com/otiai10/curr v1.0.0 h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=
-github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
-github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
-github.com/otiai10/mint v1.4.0 h1:umwcf7gbpEwf7WFzqmWwSv0CzbeMsae2u9ZvpP8j2q4=
-github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI=
+github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
+github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
+github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
+github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
--- a/images.go
+++ b/images.go
@ -159,7 +159,7 @@ func unpackTar(archive, destination string) (err error) {
 }

 func downloadImage(path, file string) (err error) {
-	tmp, err := ioutil.TempDir("/tmp/", "out-of-tree_")
+	tmp, err := ioutil.TempDir(tempDirBase, "out-of-tree_")
 	if err != nil {
 		return
 	}
--- a/kernel.go
+++ b/kernel.go
@ -172,7 +172,7 @@ func matchDebImagePkg(container, mask string) (pkgs []string, err error) {
 		return
 	}

-	output, err := c.Run("/tmp", cmd)
+	output, err := c.Run(tempDirBase, cmd)
 	if err != nil {
 		return
 	}
@ -203,7 +203,7 @@ func matchCentOSDevelPkg(container, mask string, generic bool) (
 		return
 	}

-	output, err := c.Run("/tmp", cmd)
+	output, err := c.Run(tempDirBase, cmd)
 	if err != nil {
 		return
 	}
@ -307,7 +307,8 @@ func generateBaseDockerImage(registry string, commands []config.DockerCommand,
 		d += "RUN apt-get install -y wget git\n"
 		// Install a single kernel and headers to ensure all dependencies are cached
 		d += "RUN export PKGNAME=$(apt-cache search --names-only '^linux-headers-[0-9\\.\\-]*-generic' | awk '{ print $1 }' | head -n 1); " +
-			"apt-get install -y $PKGNAME $(echo $PKGNAME | sed 's/headers/image/')\n"
+			"apt-get install -y $PKGNAME $(echo $PKGNAME | sed 's/headers/image/'); " +
+			"apt-get remove -y $PKGNAME $(echo $PKGNAME | sed 's/headers/image/')\n"
 		if sk.DistroRelease >= "14.04" {
 			d += "RUN apt-get install -y libseccomp-dev\n"
 		}
@ -388,7 +389,7 @@ func generateBaseDockerImage(registry string, commands []config.DockerCommand,
 }

 func installKernel(sk config.KernelMask, pkgname string, force, headers bool) (err error) {
-	tmpdir, err := os.MkdirTemp("", "out-of-tree-"+pkgname+"-")
+	tmpdir, err := os.MkdirTemp(tempDirBase, "out-of-tree-"+pkgname+"-")
 	if err != nil {
 		log.Fatal().Err(err).Msg("make tmp directory")
 	}
@ -444,7 +445,7 @@ func installKernel(sk config.KernelMask, pkgname string, force, headers bool) (e

 		cmd := fmt.Sprintf("apt-get install -y %s %s", pkgname, headerspkg)

-		_, err = c.Run("/tmp", cmd)
+		_, err = c.Run(tempDirBase, cmd)
 		if err != nil {
 			return
 		}
@ -458,14 +459,14 @@ func installKernel(sk config.KernelMask, pkgname string, force, headers bool) (e
 		}
 		cmd := fmt.Sprintf("yum -y install %s %s\n", imagepkg,
 			pkgname)
-		_, err = c.Run("/tmp", cmd)
+		_, err = c.Run(tempDirBase, cmd)
 		if err != nil {
 			return
 		}

 		cmd = fmt.Sprintf("dracut --add-drivers 'e1000 ext4' -f "+
 			"/boot/initramfs-%s.img %s\n", version, version)
-		_, err = c.Run("/tmp", cmd)
+		_, err = c.Run(tempDirBase, cmd)
 		if err != nil {
 			return
 		}
@ -504,7 +505,7 @@ func installKernel(sk config.KernelMask, pkgname string, force, headers bool) (e
 		cmd += " && cp -r /usr/src/* /target/usr/src/"
 	}

-	_, err = c.Run("/tmp", cmd)
+	_, err = c.Run(tempDirBase, cmd)
 	if err != nil {
 		return
 	}
@ -513,32 +514,34 @@ func installKernel(sk config.KernelMask, pkgname string, force, headers bool) (e
 	return
 }

-func genKernelPath(files []os.FileInfo, kname string) string {
+func findKernelFile(files []os.FileInfo, kname string) (name string, err error) {
 	for _, file := range files {
 		if strings.HasPrefix(file.Name(), "vmlinuz") {
 			if strings.Contains(file.Name(), kname) {
-				return file.Name()
+				name = file.Name()
+				return
 			}
 		}
 	}

-	log.Fatal().Msgf("cannot find kernel %s", kname)
-	return ""
+	err = errors.New("cannot find kernel")
+	return
 }

-func genInitrdPath(files []os.FileInfo, kname string) string {
+func findInitrdFile(files []os.FileInfo, kname string) (name string, err error) {
 	for _, file := range files {
 		if strings.HasPrefix(file.Name(), "initrd") ||
 			strings.HasPrefix(file.Name(), "initramfs") {

 			if strings.Contains(file.Name(), kname) {
-				return file.Name()
+				name = file.Name()
+				return
 			}
 		}
 	}

-	log.Fatal().Msgf("cannot find initrd %s", kname)
-	return ""
+	err = errors.New("cannot find kernel")
+	return
 }

 func genRootfsImage(d containerImageInfo, download bool) (rootfs string, err error) {
@ -640,16 +643,29 @@ func listContainersKernels(dii containerImageInfo, newkcfg *config.KernelConfig,
 	}

 	for _, krel := range moddirs {
+		log.Debug().Msgf("generate config entry for %s", krel.Name())
+
+		var kernelFile, initrdFile string
+		kernelFile, err = findKernelFile(bootfiles, krel.Name())
+		if err != nil {
+			log.Warn().Msgf("cannot find kernel %s", krel.Name())
+			continue
+		}
+
+		initrdFile, err = findInitrdFile(bootfiles, krel.Name())
+		if err != nil {
+			log.Warn().Msgf("cannot find initrd %s", krel.Name())
+			continue
+		}
+
 		ki := config.KernelInfo{
 			DistroType:    dii.DistroType,
 			DistroRelease: dii.DistroRelease,
 			KernelRelease: krel.Name(),
 			ContainerName: dii.Name,

-			KernelPath: c.Volumes.Boot + "/" +
-				genKernelPath(bootfiles, krel.Name()),
-			InitrdPath: c.Volumes.Boot + "/" +
-				genInitrdPath(bootfiles, krel.Name()),
+			KernelPath:  c.Volumes.Boot + "/" + kernelFile,
+			InitrdPath:  c.Volumes.Boot + "/" + initrdFile,
 			ModulesPath: c.Volumes.LibModules + "/" + krel.Name(),

 			RootFS: rootfs,
@ -660,7 +676,7 @@ func listContainersKernels(dii containerImageInfo, newkcfg *config.KernelConfig,
 	for _, cmd := range []string{
 		"find /boot -type f -exec chmod a+r {} \\;",
 	} {
-		_, err = c.Run("/tmp", cmd)
+		_, err = c.Run(tempDirBase, cmd)
 		if err != nil {
 			return
 		}
@ -738,7 +754,9 @@ func generateKernels(km config.KernelMask, registry string,
 				max--
 				break
 			} else if attempt >= retries {
-				log.Fatal().Err(err).Msg("install kernel")
+				log.Error().Err(err).Msg("install kernel")
+				log.Debug().Msg("skip")
+				break
 			} else {
 				log.Warn().Err(err).Msg("install kernel")
 				time.Sleep(time.Second)
--- a/kernel_linux.go
+++ b/kernel_linux.go
@ -37,7 +37,7 @@ func genHostKernels(download bool) (kcfg config.KernelConfig, err error) {
 	}

 	kernelsBase := "/boot/"
-	files, err := ioutil.ReadDir(kernelsBase)
+	bootfiles, err := ioutil.ReadDir(kernelsBase)
 	if err != nil {
 		return
 	}
@ -55,20 +55,35 @@ func genHostKernels(download bool) (kcfg config.KernelConfig, err error) {
 		return
 	}

-	for _, k := range strings.Fields(string(rawOutput)) {
+	for _, krel := range strings.Fields(string(rawOutput)) {
+		log.Debug().Msgf("generate config entry for %s", krel)
+
+		var kernelFile, initrdFile string
+		kernelFile, err = findKernelFile(bootfiles, krel)
+		if err != nil {
+			log.Warn().Msgf("cannot find kernel %s", krel)
+			continue
+		}
+
+		initrdFile, err = findInitrdFile(bootfiles, krel)
+		if err != nil {
+			log.Warn().Msgf("cannot find initrd %s", krel)
+			continue
+		}
+
 		ki := config.KernelInfo{
 			DistroType:    distroType,
 			DistroRelease: si.OS.Version,
-			KernelRelease: k,
+			KernelRelease: krel,

-			KernelSource: "/lib/modules/" + k + "/build",
+			KernelSource: "/lib/modules/" + krel + "/build",

-			KernelPath: kernelsBase + genKernelPath(files, k),
-			InitrdPath: kernelsBase + genInitrdPath(files, k),
+			KernelPath: kernelsBase + kernelFile,
+			InitrdPath: kernelsBase + initrdFile,
 			RootFS:     rootfs,
 		}

-		vmlinux := "/usr/lib/debug/boot/vmlinux-" + k
+		vmlinux := "/usr/lib/debug/boot/vmlinux-" + krel
 		log.Print("vmlinux", vmlinux)
 		if exists(vmlinux) {
 			ki.VmlinuxPath = vmlinux
--- a/main.go
+++ b/main.go
@ -89,6 +89,8 @@ func (lw *LevelWriter) WriteLevel(l zerolog.Level, p []byte) (n int, err error)
 	return len(p), nil
 }

+var tempDirBase string
+
 func main() {
 	rand.Seed(time.Now().UnixNano())

@ -101,7 +103,7 @@ func main() {
 			Compact: true,
 		}),
 		kong.Vars{
-			"version": "2.0.0",
+			"version": "2.0.6",
 		},
 	)

@ -124,6 +126,9 @@ func main() {
 		return
 	}

+	tempDirBase = usr.HomeDir + "/.out-of-tree/tmp/"
+	os.MkdirAll(tempDirBase, os.ModePerm)
+
 	log.Logger = log.Output(zerolog.MultiLevelWriter(
 		&LevelWriter{Writer: zerolog.NewConsoleWriter(
 			func(w *zerolog.ConsoleWriter) {
--- a/pew.go
+++ b/pew.go
@ -14,7 +14,6 @@ import (
 	"math/rand"
 	"os"
 	"os/exec"
-	"os/user"
 	"strings"
 	"time"

@ -599,14 +598,7 @@ func (cmd PewCmd) testArtifact(swg *sizedwaitgroup.SizedWaitGroup,
 		}
 	}()

-	usr, err := user.Current()
-	if err != nil {
-		return
-	}
-	tmpdir := usr.HomeDir + "/.out-of-tree/tmp"
-	os.MkdirAll(tmpdir, os.ModePerm)
-
-	tmp, err := ioutil.TempDir(tmpdir, "out-of-tree_")
+	tmp, err := ioutil.TempDir(tempDirBase, "out-of-tree_")
 	if err != nil {
 		slog.Error().Err(err).Msg("making tmp directory")
 		return
--- a/preload.go
+++ b/preload.go
@ -61,7 +61,7 @@ func preload(q *qemu.System, ki config.KernelInfo, pm config.PreloadModule,
 func buildAndInsmod(workPath string, q *qemu.System, ki config.KernelInfo,
 	dockerTimeout time.Duration, cache string) (err error) {

-	tmp, err := ioutil.TempDir("", "out-of-tree_")
+	tmp, err := ioutil.TempDir(tempDirBase, "out-of-tree_")
 	if err != nil {
 		return
 	}
Author	SHA1	Message	Date
Mikhail Klementev	056e38698e	Use single temp directory base	2023-04-07 16:44:21 +00:00
Mikhail Klementev	32b692f752	Cleanup after cache kernel package dependencies	2023-04-07 16:27:56 +00:00
Mikhail Klementev	3f8c7fd86b	brew cask is no longer a brew command	2023-04-07 14:30:59 +00:00
Mikhail Klementev	f9c2849658	Bump version	2023-04-07 13:55:58 +00:00
Mikhail Klementev	caba73cd7e	Skip the kernel after the end of retries	2023-04-07 13:30:30 +00:00
Mikhail Klementev	5bb79302dd	Bump version	2023-04-07 10:42:34 +00:00
Mikhail Klementev	4570e9adbe	Handling discrepancies between /lib/modules and /boot	2023-04-07 10:27:59 +00:00
Mikhail Klementev	8029ad2185	Update readme	2023-04-07 00:48:38 +00:00
Mikhail Klementev	2f8446864a	go mod tidy	2023-04-07 00:04:10 +00:00
Mikhail Klementev	dd602df291	Set go version to 1.17	2023-04-06 23:52:22 +00:00
Mikhail Klementev	c9d71601f2	Update readme	2023-04-06 23:32:02 +00:00
Mikhail Klementev	9863c93c02	Fix brew tap url	2023-04-06 23:18:47 +00:00