search

OWASP / O-Saft

O-Saft - OWASP SSL advanced forensic tool
GNU General Public License v2.0
373 stars 86 forks source link

issue building docker image from 19.01.19 #119

Closed jerbasco1 closed 4 years ago

jerbasco1 commented 4 years ago

Getting an error building the docker image from the latest 19.01.19 zip docker build --force-rm --rm -f Dockerfile -t owasp/o-saft . window 10 1903 docker desktop community 2.1.0.5 stable

make: *** [Makefile:881: test_dynamic] Error 255
tar: can't open 'o-saft.tgz': No such file or directory
Removing intermediate container dac0e73f41e8
The command '/bin/sh -c apk add --no-cache wget ncurses $OSAFT_VM_APT_INSTALL           gcc make musl-dev linux-headers                 krb5-dev zlib-dev perl perl-readonly perl-dev   c
                                &&              apk add --no-cache gmp-dev lksctp-tools-dev     &&      cd    $WORK_DIR                         &&      mkdir -p $BUILD_DIR $OPENSSL_DIR     &
        wget --no-check-certificate $OSAFT_VM_SRC_OPENSSL -O $OSAFT_VM_TAR_OPENSSL &&   [ -n "$OSAFT_VM_SHA_OPENSSL" ]          &&              echo "$OSAFT_VM_SHA_OPENSSL  $OSAFT_VM_TAR_OPE
                                tar   -xzf $OSAFT_VM_TAR_OPENSSL -C $BUILD_DIR --strip-components=1     &&      cd    $BUILD_DIR                        &&      sed -i '/RANDFILE/a openssl_co
                                        &&      (         echo 'openssl_conf=openssl_def';        echo '[openssl_def]';                   echo 'engines=engine_section';          echo '[engin
                          echo 'gost=gost_section';               echo '[gost_section]';                  echo 'engine_id = gost';                echo 'default_algorithms=ALL';          echo
                                                        ) >> apps/openssl.cnf                   &&      LDFLAGS="-rpath=$LD_RUN_PATH"   && export LDFLAGS       &&      ./config --prefix=$OPE
                                                        $OSAFT_VM_DYN_OPENSSL                   --with-krb5-flavor=MIT --with-krb5-dir=/usr/include/krb5/               -fPIC zlib zlib-dynami
                                                enable-deprecated enable-weak-ssl-ciphers                       enable-heartbeats enable-unit-test  enable-ssl-trace                    enable
                                                                enable-tls1    enable-tls1-method   enable-tls          enable-tls1-1  enable-tls1-1-method enable-tlsext               e
                                                                        enable-dtls1   enable-dtls1-method                      enable-dtls1-2 enable-dtls1-2-method                    enable
                                                        enable-rc2     enable-rc4   enable-rc5                  enable-sha0    enable-sha1  enable-sha256 enable-sha512                 enable
                                                                enable-des     enable-dsa   enable-rsa    enable-rsax                   enable-ec      enable-ec2m  enable-ecdh   enable-ecdsa
                        enable-blake2  enable-bf    enable-cast enable-camellia                 enable-gmp     enable-gost  enable-GOST   enable-idea                   enable-poly1305 enable
                                                        enable-seed    enable-srp   enable-whirlpool                    enable-rfc3779 enable-ec_nistp_64_gcc_128 experimental-jpake    -
                                                                                                &&      make depend && make && make report -i && make install   &&      echo -n "# number of c
                                        $OPENSSL_DIR/bin/openssl ciphers -V ALL:COMPLEMENTOFALL:aNULL|wc -l &&  apk  del --purge gmp-dev lksctp-tools-dev &&    cd    $WORK_DIR         &
        rm   -rf $BUILD_DIR $OSAFT_VM_TAR_OPENSSL &&            cd    $WORK_DIR                         &&      mkdir -p $BUILD_DIR                     &&      wget --no-check-certificate $O
                                                [ -n "$OSAFT_VM_SHA_SSLEAY" ]           &&              echo "$OSAFT_VM_SHA_SSLEAY  $OSAFT_VM_TAR_SSLEAY" | sha256sum -c ;              tar
                                                                &&      apk add --no-cache perl-net-dns perl-net-libidn perl-mozilla-ca         &&      cd    $BUILD_DIR                &
        perl -i.orig -pe 'if (m/^#define\s*REM_AUTOMATICALLY_GENERATED_1_09/){print "const SSL_METHOD * SSLv2_method()\n\nconst SSL_METHOD * SSLv3_method()\n\n";}' SSLeay.xs   &&      LDFLAG
                                                &&      echo "n" | env OPENSSL_PREFIX=$OPENSSL_DIR perl Makefile.PL             INC=-I$OPENSSL_DIR/include DEFINE=-DOPENSSL_BUILD_UNSAFE=1   &
        make && make test && make install       &&      cd    $WORK_DIR                         &&      rm   -rf $BUILD_DIR $OSAFT_VM_TAR_SSLEAY &&             mkdir -p $BUILD_DIR     &
        wget --no-check-certificate $OSAFT_VM_SRC_SOCKET -O $OSAFT_VM_TAR_SOCKET &&     [ -n "$OSAFT_VM_SHA_SOCKET" ]           &&              echo "$OSAFT_VM_SHA_SOCKET  $OSAFT_VM_TAR_SOCK
                                tar   -xzf $OSAFT_VM_TAR_SOCKET -C $BUILD_DIR --strip-components=1      &&      cd    $BUILD_DIR                        &&      echo "n" | perl Makefile.PL IN
                                &&      make && make test && make install       &&      cd    $WORK_DIR                         &&      rm   -r $BUILD_DIR $OSAFT_VM_TAR_SOCKET &&      c
                                        &&      mkdir -p $OSAFT_DIR                     &&      adduser -D -h ${OSAFT_DIR} osaft        &&              wget --no-check-certificate $OSAFT_VM_
                                        &&      [ -n "$OSAFT_VM_SHA_OSAFT" ]            &&              echo "$OSAFT_VM_SHA_OSAFT  $OSAFT_VM_TAR_OSAFT" | sha256sum -c ;                tar
                                        &&      (         [ -d "./O-Saft-master" ] && mv ./O-Saft-master/*           $OSAFT_DIR/ ;        [ -d "./O-Saft-master" ] && mv ./O-Saft-master/.[a-z
                          [ -d "./O-Saft-master" ] && rm -rf ./O-Saft-master/   ;         exit 0 ;      ) &&    chown -R root:root   $OSAFT_DIR         &&      chown -R osaft:osaft $OSAFT_DI
                &&      chown    osaft:osaft $OSAFT_DIR/.o-saft.pl &&   cp       $OSAFT_DIR/.o-saft.pl $OSAFT_DIR/.o-saft.pl-orig       &&      perl -i.bak -pe "s:^#?\s*--openssl=.*:--openssl=$OPENSSL_DIR/bin/openssl:;s:^#?\s*--openssl-cnf=.*:--openssl-cnf=$OPENSSL_DIR/ssl/openssl.cnf:;s:^#?\s*--ca-path=.*:--ca-path=/etc/ssl/certs/:;s:^#?\s*--ca-file=.*:--ca-file=/etc/ssl/certs
                                                        chmod 666 $OSAFT_DIR/.o-saft.pl         &&      rm    -f $OSAFT_VM_TAR_OSAFT            &&              apk del --purge gcc make musl-dev linux-headers perl-dev' returned a non-zero code: 1
EnDe commented 4 years ago

This error most likely occurs if downloading of o-saft.tgz failed. In the Dockerfile it is defined as environment variable, see OSAFT_VM_SRC_OSAFT Please check if you can download this file using wget, see in Dockerfile: wget --no-check-certificate $OSAFT_VM_SRC_OSAFT -O $OSAFT_VM_TAR_OSAFT If the system running the Dockerfile has no internet access, you can provide the file by defining OSAFT_VM_SRC_OSAFT as environment variable and pass like docker build --build-arg "OSAFT_VM_SRC_OSAFT=..." ... the docker VM then must have access to this URL.

Hope this helps.

jerbasco1 commented 4 years ago

The docker build successfully apt updates and downloads many things prior to that point, so I don't think connection is the issue.

EnDe commented 4 years ago

I guess it's related to the known docker/alpine issue, see https://forums.docker.com/t/resolved-service-name-resolution-broken-on-alpine-and-docker-1-11-1-cs1/19307/23

There is already a dirty hack to prevent such race conditions (see nslookup in Dockerfile). I'll try to find a better workaround ...

EnDe commented 4 years ago

The problem is the above-mentioned docker/alpine issue. The workaround is to prefetch name resolving in the Dockerfile, what a pain :-( Workaround can be found in Dockerfile.

EnDe commented 4 years ago

The workaround is not guaranteed to work, unfortunately, but mainly does. It seem to be a race condition within alpines name resolution. That's why some make test may also fail; then make -i test must be used (manual change in the Dockerfile, sorry, not my fault).

jerbasco1 commented 4 years ago

nice work, that fixed it for me.