From 7b0f551f00cec6107f1025ce49f1f8e789b8f137 Mon Sep 17 00:00:00 2001 From: Nikolas Garofil Date: Sat, 10 Aug 2024 12:18:54 +0200 Subject: [PATCH 1/3] Try dynamically linked --- Dockerfile.builder | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile.builder b/Dockerfile.builder index 2ccd1a0..788c39e 100644 --- a/Dockerfile.builder +++ b/Dockerfile.builder @@ -3,5 +3,7 @@ WORKDIR /root RUN apk add --no-cache curl gcc make perl linux-headers musl-dev autoconf automake COPY ./build-static-ssh.sh . RUN ./build-static-ssh.sh +COPY ./build-dynamic-ssh.sh . +RUN ./build-dynamic-ssh.sh COPY dont-use-builder.sh . ENTRYPOINT ["/root/dont-use-builder.sh"] From d11c9a601d8eac516fd1797af8e342ec1adbcc10 Mon Sep 17 00:00:00 2001 From: Nikolas Garofil Date: Sat, 10 Aug 2024 12:54:22 +0200 Subject: [PATCH 2/3] Libs for dyn --- Dockerfile.builder | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile.builder b/Dockerfile.builder index 788c39e..16a5c3e 100644 --- a/Dockerfile.builder +++ b/Dockerfile.builder @@ -1,9 +1,13 @@ FROM alpine WORKDIR /root + RUN apk add --no-cache curl gcc make perl linux-headers musl-dev autoconf automake COPY ./build-static-ssh.sh . RUN ./build-static-ssh.sh + +RUN apk add --no-cache zlib-dev openssl-dev COPY ./build-dynamic-ssh.sh . RUN ./build-dynamic-ssh.sh + COPY dont-use-builder.sh . ENTRYPOINT ["/root/dont-use-builder.sh"] From 410f44b13489777b007a39d2963667b3b7cbd2a9 Mon Sep 17 00:00:00 2001 From: Nikolas Garofil Date: Sat, 10 Aug 2024 12:55:57 +0200 Subject: [PATCH 3/3] Also dynamic version --- build-dynamic-ssh.sh | 55 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100755 build-dynamic-ssh.sh diff --git a/build-dynamic-ssh.sh b/build-dynamic-ssh.sh new file mode 100755 index 0000000..809243c --- /dev/null +++ b/build-dynamic-ssh.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env sh + +OPENSSH_VERSION=V_9_8_P1 + +top="$(pwd)" # Directory where we will download and compile everything (current directory) +root="$top/rootdyn" # Subdirectory where we will install everything. +build="$top/builddyn" # Subdirectory where we will compile everything. +dist="$top/distdyn" # Subdirectory where we will download everything. + +OPENSSH_DIR="openssh-portable-${OPENSSH_VERSION}" +OPENSSH_TGZ="$OPENSSH_DIR.tar.gz" +OPENSSH_URL="https://github.com/openssh/openssh-portable/archive/refs/tags/${OPENSSH_VERSION}.tar.gz" +OPENSSH_CHECKFILE="bin/ssh" +#Make sure it ends up in $root/bin, that it drops privileges and that it should use the OpenSSL instead of the one that comes with the ssh source code +OPENSSH_BUILD_COMMANDS="autoreconf && ./configure --prefix=\"$root\" --exec-prefix=\"$root\" --with-privsep-user=nobody && make && make install" + +read -p "We will be working in $top, things might get messy (t)here. Press Ctrl+C to cancel now or Enter to continue" ignorethisvariable + +set -uex # Show each command before executing it and exits when a command returns a non-zero exit code or a variable is used without being set +umask 0077 # Make sure that no one except the owner can read, write, or execute newly created files + +export "CPPFLAGS=-I$root/include -L. -fPIC -pthread"; export "CFLAGS=$CPPFLAGS" # Compiler will look for headers in $root/include, libraries in the current directory and generate position-independent code and use pthreads + +#Check if everything needed is available +#autoreconf --version || { echo "You still need to install autoconf"; exit 1; } +#aclocal --version || { echo "You still need to install automake"; exit 1; } +#curl --version || { echo "You still need to install curl"; exit 1; } +#perl -v || { echo "You still need to install perl"; exit 1; } # OpenSSL's ./configure needs perl +#make --version || { echo "You still need to install make"; exit 1; } +#gcc --version || { echo "You still need to install gcc"; exit 1; } +#[ -f /usr/include/linux/mman.h ] || { echo "You don't have the Linux kernel headers installed"; exit 1; } +#echo "#include " | gcc -E - -o /dev/null || { echo "You still need to install the C library development files"; exit 1; } + +mkdir -p "$root" "$build" "$dist" # Create directories if they don't exist + +build() { + local name="$1"; local version="$2"; local dir="$3"; local tgz="$4"; local url="$5"; local checkfile="$6"; local buildcommands="$7" + if [ ! -f "$root/$checkfile" ]; then # Only skip this stage if we have already have a correctly $name $version + echo "---- Building $name $version -----" + rm -rf "$build/$dir" # Remove garbage from previous failed builds + if [ ! -f "$dist/$tgz" ]; then # If we didn't download the source code yet + curl --output $dist/$tgz --location $url # Download the source code + fi + tar -C $build -xzf $dist/$tgz || { echo "Extracting $dist/$tgz failed, probably because the download failed"; exit 1; } # Extract the source code + cd "$build"/$dir + eval $buildcommands || { echo "Building $name $version failed"; exit 1; } + else + echo "---- We already have $name $version -----" + fi + cd "$top" +} + +build "OpenSSH" "$OPENSSH_VERSION" "$OPENSSH_DIR" "$OPENSSH_TGZ" "$OPENSSH_URL" "$OPENSSH_CHECKFILE" "$OPENSSH_BUILD_COMMANDS" + +echo "Everything done. You can find the dynamically linked OpenSSH binaries in $root/bin"