From 3c7c3b480d8705d21d279ad43bcbcd0c7331b088 Mon Sep 17 00:00:00 2001 From: Rami Jebara Date: Tue, 18 Apr 2023 23:01:00 -0700 Subject: [PATCH 1/7] Allow to communicate with newly patched windows server --- samba/lib/com/dcom/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samba/lib/com/dcom/main.c b/samba/lib/com/dcom/main.c index 9cccd188..7dd3a3f1 100644 --- a/samba/lib/com/dcom/main.c +++ b/samba/lib/com/dcom/main.c @@ -505,7 +505,7 @@ static struct composite_context *dcom_determine_rpc_binding( if (!NT_STATUS_IS_OK(status)) { /* build a binding string using NCACN_IP_TCP */ - char *bindstr = talloc_asprintf(c, "ncacn_ip_tcp:%s", server); + char *bindstr = talloc_asprintf(c, "ncacn_ip_tcp:%s[sign,seal]", server); if (composite_nomem(bindstr, c)) return c; status = dcerpc_parse_binding(c, bindstr, &activation_state->binding); From ec4a43a5eb20a5ac9796b9ce4673ad99f421effb Mon Sep 17 00:00:00 2001 From: Rami Jebara Date: Thu, 28 Sep 2023 17:39:44 -0700 Subject: [PATCH 2/7] Added alpine support --- .docker/prod-alpine-3.16.Dockerfile | 22 +++ .docker/prod-alpine.Dockerfile | 22 +++ .github/alpine-patches/comparison_fn_t.patch | 38 +++++ .../alpine-patches/disable-backtrace.patch | 135 ++++++++++++++++++ .../fix-missing-includes-path.patch | 135 ++++++++++++++++++ .github/alpine-patches/implicit.patch | 39 +++++ ...install-openvas-smb-dependencies-alpine.sh | 24 ++++ 7 files changed, 415 insertions(+) create mode 100644 .docker/prod-alpine-3.16.Dockerfile create mode 100644 .docker/prod-alpine.Dockerfile create mode 100644 .github/alpine-patches/comparison_fn_t.patch create mode 100644 .github/alpine-patches/disable-backtrace.patch create mode 100644 .github/alpine-patches/fix-missing-includes-path.patch create mode 100644 .github/alpine-patches/implicit.patch create mode 100755 .github/install-openvas-smb-dependencies-alpine.sh diff --git a/.docker/prod-alpine-3.16.Dockerfile b/.docker/prod-alpine-3.16.Dockerfile new file mode 100644 index 00000000..c4450209 --- /dev/null +++ b/.docker/prod-alpine-3.16.Dockerfile @@ -0,0 +1,22 @@ +ARG VERSION=alpine-3.16 + +FROM alpine:3.16 AS build +COPY . /source +RUN sh /source/.github/install-openvas-smb-dependencies-alpine.sh + +WORKDIR /source +RUN cp .github/alpine-patches/*.patch . && git apply *.patch + +RUN cmake -DCMAKE_BUILD_TYPE=Release -B/build /source +RUN DESTDIR=/install cmake --build /build -- install + +FROM alpine:3.16 + +RUN apk update && apk upgrade && \ + apk add --no-cache gnutls \ + heimdal \ + popt + +COPY --from=build /install/ / + +# RUN ldconfig diff --git a/.docker/prod-alpine.Dockerfile b/.docker/prod-alpine.Dockerfile new file mode 100644 index 00000000..d73e7d78 --- /dev/null +++ b/.docker/prod-alpine.Dockerfile @@ -0,0 +1,22 @@ +ARG VERSION=latest-alpine + +FROM alpine:latest AS build +COPY . /source +RUN sh /source/.github/install-openvas-smb-dependencies-alpine.sh + +WORKDIR /source +RUN cp .github/alpine-patches/*.patch . && git apply *.patch + +RUN cmake -DCMAKE_BUILD_TYPE=Release -B/build /source +RUN DESTDIR=/install cmake --build /build -- install + +FROM alpine:latest + +RUN apk update && apk upgrade && \ + apk add --no-cache gnutls \ + heimdal \ + popt + +COPY --from=build /install/ / + +# RUN ldconfig diff --git a/.github/alpine-patches/comparison_fn_t.patch b/.github/alpine-patches/comparison_fn_t.patch new file mode 100644 index 00000000..f2655ac6 --- /dev/null +++ b/.github/alpine-patches/comparison_fn_t.patch @@ -0,0 +1,38 @@ +diff --git a/samba/librpc/ndr/libndr_proto.h b/samba/librpc/ndr/libndr_proto.h +index f60d93d..b97df1d 100644 +--- a/samba/librpc/ndr/libndr_proto.h ++++ b/samba/librpc/ndr/libndr_proto.h +@@ -9,6 +9,7 @@ + #define _PUBLIC_ + #endif + ++typedef int (*comparison_fn_t)(const void *, const void *); + + /* The following definitions come from librpc/ndr/ndr.c */ + +diff --git a/samba/lib/ldb/common/ldb_msg.c b/samba/lib/ldb/common/ldb_msg.c +index 0f7a214..7ff1583 100644 +--- a/samba/lib/ldb/common/ldb_msg.c ++++ b/samba/lib/ldb/common/ldb_msg.c +@@ -35,6 +35,8 @@ + #include "includes.h" + #include "ldb/include/includes.h" + ++typedef int (*comparison_fn_t)(const void *, const void *); ++ + /* + create a new ldb_message in a given memory context (NULL for top level) + */ +diff --git a/samba/lib/ldb/include/includes.h b/samba/lib/ldb/include/includes.h +index ce0d40e..c07f117 100644 +--- a/samba/lib/ldb/include/includes.h ++++ b/samba/lib/ldb/include/includes.h +@@ -16,7 +16,7 @@ + #define dyn_MODULESDIR dyn_LIBDIR + #endif + +- ++typedef int (*comparison_fn_t)(const void *, const void *); + + #define discard_const(ptr) ((void *)((intptr_t)(ptr))) + #define discard_const_p(type, ptr) ((type *)discard_const(ptr)) diff --git a/.github/alpine-patches/disable-backtrace.patch b/.github/alpine-patches/disable-backtrace.patch new file mode 100644 index 00000000..f5e0ef81 --- /dev/null +++ b/.github/alpine-patches/disable-backtrace.patch @@ -0,0 +1,135 @@ +diff --git a/samba/include/config.h b/samba/include/config.h +index b99c4d5..dd85ee4 100644 +--- a/samba/include/config.h ++++ b/samba/include/config.h +@@ -38,7 +38,7 @@ + /* #define HAVE_ATTR_XATTR_H 1 */ + + /* Define to 1 if you have the `backtrace' function. */ +-#define HAVE_BACKTRACE 1 ++#define HAVE_BACKTRACE 0 + + /* Define to 1 if you have the header file. */ + /* #undef HAVE_BLKID_BLKID_H */ +diff --git a/samba/include/config_tmp.h b/samba/include/config_tmp.h +index e85cb77..9c7e93c 100644 +--- a/samba/include/config_tmp.h ++++ b/samba/include/config_tmp.h +@@ -38,7 +38,7 @@ + #define HAVE_ATTR_XATTR_H 1 + + /* Define to 1 if you have the `backtrace' function. */ +-#define HAVE_BACKTRACE 1 ++#define HAVE_BACKTRACE 0 + + /* Define to 1 if you have the header file. */ + /* #undef HAVE_BLKID_BLKID_H */ +diff --git a/samba/lib/util/fault.c b/samba/lib/util/fault.c +index c7d6b7e..a9cdabb 100644 +--- a/samba/lib/util/fault.c ++++ b/samba/lib/util/fault.c +@@ -36,83 +36,6 @@ static struct { + + static const char *progname; + +-#ifdef HAVE_BACKTRACE +-#include +-#elif HAVE_LIBEXC_H +-#include +-#endif +- +-/** +- * Write backtrace to debug log +- */ +-_PUBLIC_ void call_backtrace(void) +-{ +-#ifdef HAVE_BACKTRACE +-#ifndef BACKTRACE_STACK_SIZE +-#define BACKTRACE_STACK_SIZE 64 +-#endif +- void *backtrace_stack[BACKTRACE_STACK_SIZE]; +- size_t backtrace_size; +- char **backtrace_strings; +- +- /* get the backtrace (stack frames) */ +- backtrace_size = backtrace(backtrace_stack,BACKTRACE_STACK_SIZE); +- backtrace_strings = backtrace_symbols(backtrace_stack, backtrace_size); +- +- DEBUG(0, ("BACKTRACE: %lu stack frames:\n", +- (unsigned long)backtrace_size)); +- +- if (backtrace_strings) { +- int i; +- +- for (i = 0; i < backtrace_size; i++) +- DEBUGADD(0, (" #%u %s\n", i, backtrace_strings[i])); +- +- /* Leak the backtrace_strings, rather than risk what free() might do */ +- } +- +-#elif HAVE_LIBEXC +- +-#define NAMESIZE 32 /* Arbitrary */ +-#ifndef BACKTRACE_STACK_SIZE +-#define BACKTRACE_STACK_SIZE 64 +-#endif +- +- /* The IRIX libexc library provides an API for unwinding the stack. See +- * libexc(3) for details. Apparantly trace_back_stack leaks memory, but +- * since we are about to abort anyway, it hardly matters. +- * +- * Note that if we paniced due to a SIGSEGV or SIGBUS (or similar) this +- * will fail with a nasty message upon failing to open the /proc entry. +- */ +- { +- uint64_t addrs[BACKTRACE_STACK_SIZE]; +- char * names[BACKTRACE_STACK_SIZE]; +- char namebuf[BACKTRACE_STACK_SIZE * NAMESIZE]; +- +- int i; +- int levels; +- +- ZERO_ARRAY(addrs); +- ZERO_ARRAY(names); +- ZERO_ARRAY(namebuf); +- +- for (i = 0; i < BACKTRACE_STACK_SIZE; i++) { +- names[i] = namebuf + (i * NAMESIZE); +- } +- +- levels = trace_back_stack(0, addrs, names, +- BACKTRACE_STACK_SIZE, NAMESIZE); +- +- DEBUG(0, ("BACKTRACE: %d stack frames:\n", levels)); +- for (i = 0; i < levels; i++) { +- DEBUGADD(0, (" #%d 0x%llx %s\n", i, addrs[i], names[i])); +- } +- } +-#undef NAMESIZE +-#endif +-} +- + _PUBLIC_ const char *panic_action = NULL; + + /** +@@ -143,8 +66,6 @@ _PUBLIC_ void smb_panic(const char *why) + } + DEBUG(0,("PANIC: %s\n", why)); + +- call_backtrace(); +- + #ifdef SIGABRT + CatchSignal(SIGABRT,SIGNAL_CAST SIG_DFL); + #endif +diff --git a/samba/lib/util/util_proto.h b/samba/lib/util/util_proto.h +index efc787f..bb48f46 100644 +--- a/samba/lib/util/util_proto.h ++++ b/samba/lib/util/util_proto.h +@@ -44,7 +44,6 @@ _PUBLIC_ void register_debug_handlers(const char *name, struct debug_ops *ops); + + /* The following definitions come from lib/util/fault.c */ + +-_PUBLIC_ void call_backtrace(void); + _PUBLIC_ void smb_panic(const char *why); + _PUBLIC_ void fault_setup(const char *pname); + _PUBLIC_ BOOL register_fault_handler(const char *name, void (*fault_handler)(int sig)); diff --git a/.github/alpine-patches/fix-missing-includes-path.patch b/.github/alpine-patches/fix-missing-includes-path.patch new file mode 100644 index 00000000..1757e2db --- /dev/null +++ b/.github/alpine-patches/fix-missing-includes-path.patch @@ -0,0 +1,135 @@ +diff --git a/samba/auth/auth_util.c b/samba/auth/auth_util.c +index b1e1672..7068cdf 100644 +--- a/samba/auth/auth_util.c ++++ b/samba/auth/auth_util.c +@@ -23,7 +23,7 @@ + */ + + #include "includes.h" +-#include ++#include + #include "auth/auth.h" + #include "libcli/security/security.h" + #include "libcli/auth/libcli_auth.h" +diff --git a/samba/auth/credentials/credentials_krb5.h b/samba/auth/credentials/credentials_krb5.h +index a7a05d2..4a23954 100644 +--- a/samba/auth/credentials/credentials_krb5.h ++++ b/samba/auth/credentials/credentials_krb5.h +@@ -21,7 +21,7 @@ + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +-#include ++#include + + struct ccache_container; + +diff --git a/samba/lib/replace/system/kerberos.h b/samba/lib/replace/system/kerberos.h +index 496eec9..88d1d99 100644 +--- a/samba/lib/replace/system/kerberos.h ++++ b/samba/lib/replace/system/kerberos.h +@@ -125,7 +125,7 @@ + /* Whether krb5_princ_realm returns krb5_realm or krb5_data */ + #define KRB5_PRINC_REALM_RETURNS_REALM 1 + +-#include ++#include + #include + #endif + +diff --git a/samba/auth/kerberos/krb5_init_context.h b/samba/auth/kerberos/krb5_init_context.h +index 4b7cc3a..d318149 100644 +--- a/samba/auth/kerberos/krb5_init_context.h ++++ b/samba/auth/kerberos/krb5_init_context.h +@@ -17,7 +17,7 @@ + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +-#include ++#include + + struct smb_krb5_context { + struct krb5_context_data *krb5_context; + +diff --git a/samba/include/config.h b/samba/include/config.h +index a555fbb..b99c4d5 100644 +--- a/samba/include/config.h ++++ b/samba/include/config.h +@@ -454,7 +454,7 @@ + /* #undef HAVE_NSS_COMMON_H */ + + /* Define to 1 if you have the header file. */ +-#define HAVE_NSS_H 1 ++#define HAVE_NSS_H 0 + + /* Define to 1 if you have the header file. */ + /* #undef HAVE_NS_API_H */ +diff --git a/samba/auth/gensec/gensec_gssapi.c b/samba/auth/gensec/gensec_gssapi.c +index 5f92e78..daecb7a 100644 +--- a/samba/auth/gensec/gensec_gssapi.c ++++ b/samba/auth/gensec/gensec_gssapi.c +@@ -23,7 +23,7 @@ + */ + + #include "includes.h" +-#include ++#include + #include "system/kerberos.h" + #include + #include "auth/kerberos/kerberos.h" +diff --git a/samba/auth/gensec/gensec_gssapi.c b/samba/auth/gensec/gensec_gssapi.c +index daecb7a..0139f8d 100644 +--- a/samba/auth/gensec/gensec_gssapi.c ++++ b/samba/auth/gensec/gensec_gssapi.c +@@ -25,7 +25,7 @@ + #include "includes.h" + #include + #include "system/kerberos.h" +-#include ++#include + #include "auth/kerberos/kerberos.h" + #include "librpc/gen_ndr/krb5pac.h" + #include "auth/auth.h" +diff --git a/samba/auth/kerberos/kerberos.c b/samba/auth/kerberos/kerberos.c +index 1f190c1..37a9773 100644 +--- a/samba/auth/kerberos/kerberos.c ++++ b/samba/auth/kerberos/kerberos.c +@@ -24,7 +24,7 @@ + + #include "includes.h" + #include "system/kerberos.h" +-#include ++#include + + #ifdef HAVE_KRB5 + +diff --git a/samba/auth/kerberos/krb5_init_context.c b/samba/auth/kerberos/krb5_init_context.c +index f7230e4..20d65c6 100644 +--- a/samba/auth/kerberos/krb5_init_context.c ++++ b/samba/auth/kerberos/krb5_init_context.c +@@ -27,9 +27,9 @@ + #include "lib/socket/socket.h" + #include "system/network.h" + #include "lib/events/events.h" +-#include ++#include + +-#include ++#include + + /* + context structure for operations on cldap packets +diff --git a/samba/dsdb/samdb/ldb_modules/password_hash.c b/samba/dsdb/samdb/ldb_modules/password_hash.c +index 26101b9..3467d8e 100644 +--- a/samba/dsdb/samdb/ldb_modules/password_hash.c ++++ b/samba/dsdb/samdb/ldb_modules/password_hash.c +@@ -43,7 +43,7 @@ + #include "system/time.h" + #include "dsdb/samdb/samdb.h" + #include "dsdb/common/flags.h" +-#include ++#include + #include "dsdb/samdb/ldb_modules/password_modules.h" + + /* If we have decided there is reason to work on this request, then + diff --git a/.github/alpine-patches/implicit.patch b/.github/alpine-patches/implicit.patch new file mode 100644 index 00000000..7133bea9 --- /dev/null +++ b/.github/alpine-patches/implicit.patch @@ -0,0 +1,39 @@ +fix implicit function decls +-- +diff --git a/samba/auth/credentials/credentials_krb5.c b/samba/auth/credentials/credentials_krb5.c +index a4a0a9a..9b64977 100644 +--- a/samba/auth/credentials/credentials_krb5.c ++++ b/samba/auth/credentials/credentials_krb5.c +@@ -28,6 +28,8 @@ + #include "auth/credentials/credentials.h" + #include "auth/credentials/credentials_krb5.h" + ++#include ++ + int cli_credentials_get_krb5_context(struct cli_credentials *cred, + struct smb_krb5_context **smb_krb5_context) + { +diff --git a/wmi/wmireg.c b/wmi/wmireg.c +index cb4cf6d..b13a587 100644 +--- a/wmi/wmireg.c ++++ b/wmi/wmireg.c +@@ -36,6 +36,7 @@ + #include "includes.h" + #include "lib/cmdline/popt_common.h" + #include "librpc/rpc/dcerpc.h" ++#include "librpc/rpc/dcerpc_table.h" + #include "librpc/gen_ndr/ndr_oxidresolver.h" + #include "librpc/gen_ndr/ndr_oxidresolver_c.h" + #include "librpc/gen_ndr/ndr_dcom.h" +diff --git a/wmi/wmirsop.c b/wmi/wmirsop.c +index 719bb9a..da642d3 100644 +--- a/wmi/wmirsop.c ++++ b/wmi/wmirsop.c +@@ -36,6 +36,7 @@ + #include "includes.h" + #include "lib/cmdline/popt_common.h" + #include "librpc/rpc/dcerpc.h" ++#include "librpc/rpc/dcerpc_table.h" + #include "librpc/gen_ndr/ndr_oxidresolver.h" + #include "librpc/gen_ndr/ndr_oxidresolver_c.h" + #include "librpc/gen_ndr/ndr_dcom.h" diff --git a/.github/install-openvas-smb-dependencies-alpine.sh b/.github/install-openvas-smb-dependencies-alpine.sh new file mode 100755 index 00000000..4923f71d --- /dev/null +++ b/.github/install-openvas-smb-dependencies-alpine.sh @@ -0,0 +1,24 @@ +# This script installs openvas-smb-dependencies. +#/bin/sh +set -ex +apk update && apk upgrade && \ + apk add --no-cache build-base \ + cmake \ + doxygen \ + glib-dev \ + gnutls-dev \ + graphviz \ + gvm-libs-dev \ + heimdal-dev \ + libunistring-dev \ + mingw-w64-binutils \ + mingw-w64-crt \ + mingw-w64-gcc \ + mingw-w64-headers \ + perl-dev \ + popt-dev \ + samurai \ + sqlite-dev \ + xmltoman \ + git + From 7a93ae269b387940fb24da9fb1f58ec07ee5bd4d Mon Sep 17 00:00:00 2001 From: Rami Jebara Date: Thu, 28 Sep 2023 18:59:15 -0700 Subject: [PATCH 3/7] removed commented out code --- .docker/prod-alpine-3.16.Dockerfile | 1 - .docker/prod-alpine.Dockerfile | 1 - 2 files changed, 2 deletions(-) diff --git a/.docker/prod-alpine-3.16.Dockerfile b/.docker/prod-alpine-3.16.Dockerfile index c4450209..54bcbd80 100644 --- a/.docker/prod-alpine-3.16.Dockerfile +++ b/.docker/prod-alpine-3.16.Dockerfile @@ -19,4 +19,3 @@ RUN apk update && apk upgrade && \ COPY --from=build /install/ / -# RUN ldconfig diff --git a/.docker/prod-alpine.Dockerfile b/.docker/prod-alpine.Dockerfile index d73e7d78..3ce0ae1b 100644 --- a/.docker/prod-alpine.Dockerfile +++ b/.docker/prod-alpine.Dockerfile @@ -19,4 +19,3 @@ RUN apk update && apk upgrade && \ COPY --from=build /install/ / -# RUN ldconfig From 74167fa894319693b6b7d073ab1fc497bac40b7e Mon Sep 17 00:00:00 2001 From: Rami Jebara Date: Thu, 9 Nov 2023 15:41:09 -0800 Subject: [PATCH 4/7] Removed dependancy on mingw to allow for easier cross compilation --- .docker/prod-alpine-3.16.Dockerfile | 21 ------------------- .docker/prod-alpine.Dockerfile | 6 +++--- ...install-openvas-smb-dependencies-alpine.sh | 6 ++---- 3 files changed, 5 insertions(+), 28 deletions(-) delete mode 100644 .docker/prod-alpine-3.16.Dockerfile diff --git a/.docker/prod-alpine-3.16.Dockerfile b/.docker/prod-alpine-3.16.Dockerfile deleted file mode 100644 index 54bcbd80..00000000 --- a/.docker/prod-alpine-3.16.Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -ARG VERSION=alpine-3.16 - -FROM alpine:3.16 AS build -COPY . /source -RUN sh /source/.github/install-openvas-smb-dependencies-alpine.sh - -WORKDIR /source -RUN cp .github/alpine-patches/*.patch . && git apply *.patch - -RUN cmake -DCMAKE_BUILD_TYPE=Release -B/build /source -RUN DESTDIR=/install cmake --build /build -- install - -FROM alpine:3.16 - -RUN apk update && apk upgrade && \ - apk add --no-cache gnutls \ - heimdal \ - popt - -COPY --from=build /install/ / - diff --git a/.docker/prod-alpine.Dockerfile b/.docker/prod-alpine.Dockerfile index 3ce0ae1b..d29fab12 100644 --- a/.docker/prod-alpine.Dockerfile +++ b/.docker/prod-alpine.Dockerfile @@ -1,6 +1,6 @@ -ARG VERSION=latest-alpine +ARG VERSION=latest-alpine3.18 -FROM alpine:latest AS build +FROM alpine:3.18 AS build COPY . /source RUN sh /source/.github/install-openvas-smb-dependencies-alpine.sh @@ -10,7 +10,7 @@ RUN cp .github/alpine-patches/*.patch . && git apply *.patch RUN cmake -DCMAKE_BUILD_TYPE=Release -B/build /source RUN DESTDIR=/install cmake --build /build -- install -FROM alpine:latest +FROM alpine:3.18 RUN apk update && apk upgrade && \ apk add --no-cache gnutls \ diff --git a/.github/install-openvas-smb-dependencies-alpine.sh b/.github/install-openvas-smb-dependencies-alpine.sh index 4923f71d..0c7c155e 100755 --- a/.github/install-openvas-smb-dependencies-alpine.sh +++ b/.github/install-openvas-smb-dependencies-alpine.sh @@ -11,10 +11,8 @@ apk update && apk upgrade && \ gvm-libs-dev \ heimdal-dev \ libunistring-dev \ - mingw-w64-binutils \ - mingw-w64-crt \ - mingw-w64-gcc \ - mingw-w64-headers \ + binutils \ + gcc \ perl-dev \ popt-dev \ samurai \ From 8591217b312af459e5ac5dbae47a1fa5c514d26b Mon Sep 17 00:00:00 2001 From: Rami Jebara Date: Wed, 15 Nov 2023 08:02:28 -0800 Subject: [PATCH 5/7] Revert "Removed dependancy on mingw to allow for easier cross compilation" This reverts commit 74167fa894319693b6b7d073ab1fc497bac40b7e. --- .docker/prod-alpine-3.16.Dockerfile | 21 +++++++++++++++++++ .docker/prod-alpine.Dockerfile | 6 +++--- ...install-openvas-smb-dependencies-alpine.sh | 6 ++++-- 3 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 .docker/prod-alpine-3.16.Dockerfile diff --git a/.docker/prod-alpine-3.16.Dockerfile b/.docker/prod-alpine-3.16.Dockerfile new file mode 100644 index 00000000..54bcbd80 --- /dev/null +++ b/.docker/prod-alpine-3.16.Dockerfile @@ -0,0 +1,21 @@ +ARG VERSION=alpine-3.16 + +FROM alpine:3.16 AS build +COPY . /source +RUN sh /source/.github/install-openvas-smb-dependencies-alpine.sh + +WORKDIR /source +RUN cp .github/alpine-patches/*.patch . && git apply *.patch + +RUN cmake -DCMAKE_BUILD_TYPE=Release -B/build /source +RUN DESTDIR=/install cmake --build /build -- install + +FROM alpine:3.16 + +RUN apk update && apk upgrade && \ + apk add --no-cache gnutls \ + heimdal \ + popt + +COPY --from=build /install/ / + diff --git a/.docker/prod-alpine.Dockerfile b/.docker/prod-alpine.Dockerfile index d29fab12..3ce0ae1b 100644 --- a/.docker/prod-alpine.Dockerfile +++ b/.docker/prod-alpine.Dockerfile @@ -1,6 +1,6 @@ -ARG VERSION=latest-alpine3.18 +ARG VERSION=latest-alpine -FROM alpine:3.18 AS build +FROM alpine:latest AS build COPY . /source RUN sh /source/.github/install-openvas-smb-dependencies-alpine.sh @@ -10,7 +10,7 @@ RUN cp .github/alpine-patches/*.patch . && git apply *.patch RUN cmake -DCMAKE_BUILD_TYPE=Release -B/build /source RUN DESTDIR=/install cmake --build /build -- install -FROM alpine:3.18 +FROM alpine:latest RUN apk update && apk upgrade && \ apk add --no-cache gnutls \ diff --git a/.github/install-openvas-smb-dependencies-alpine.sh b/.github/install-openvas-smb-dependencies-alpine.sh index 0c7c155e..4923f71d 100755 --- a/.github/install-openvas-smb-dependencies-alpine.sh +++ b/.github/install-openvas-smb-dependencies-alpine.sh @@ -11,8 +11,10 @@ apk update && apk upgrade && \ gvm-libs-dev \ heimdal-dev \ libunistring-dev \ - binutils \ - gcc \ + mingw-w64-binutils \ + mingw-w64-crt \ + mingw-w64-gcc \ + mingw-w64-headers \ perl-dev \ popt-dev \ samurai \ From ce7167388070de1bf47eb94b24f03255380f7654 Mon Sep 17 00:00:00 2001 From: Rami Jebara Date: Wed, 15 Nov 2023 08:02:58 -0800 Subject: [PATCH 6/7] Revert "removed commented out code" This reverts commit 7a93ae269b387940fb24da9fb1f58ec07ee5bd4d. --- .docker/prod-alpine-3.16.Dockerfile | 1 + .docker/prod-alpine.Dockerfile | 1 + 2 files changed, 2 insertions(+) diff --git a/.docker/prod-alpine-3.16.Dockerfile b/.docker/prod-alpine-3.16.Dockerfile index 54bcbd80..c4450209 100644 --- a/.docker/prod-alpine-3.16.Dockerfile +++ b/.docker/prod-alpine-3.16.Dockerfile @@ -19,3 +19,4 @@ RUN apk update && apk upgrade && \ COPY --from=build /install/ / +# RUN ldconfig diff --git a/.docker/prod-alpine.Dockerfile b/.docker/prod-alpine.Dockerfile index 3ce0ae1b..d73e7d78 100644 --- a/.docker/prod-alpine.Dockerfile +++ b/.docker/prod-alpine.Dockerfile @@ -19,3 +19,4 @@ RUN apk update && apk upgrade && \ COPY --from=build /install/ / +# RUN ldconfig From a9a98545ce131998bb7f48ba3cdbac77b101a12c Mon Sep 17 00:00:00 2001 From: Rami Jebara Date: Wed, 15 Nov 2023 08:03:24 -0800 Subject: [PATCH 7/7] Revert "Added alpine support" This reverts commit ec4a43a5eb20a5ac9796b9ce4673ad99f421effb. --- .docker/prod-alpine-3.16.Dockerfile | 22 --- .docker/prod-alpine.Dockerfile | 22 --- .github/alpine-patches/comparison_fn_t.patch | 38 ----- .../alpine-patches/disable-backtrace.patch | 135 ------------------ .../fix-missing-includes-path.patch | 135 ------------------ .github/alpine-patches/implicit.patch | 39 ----- ...install-openvas-smb-dependencies-alpine.sh | 24 ---- 7 files changed, 415 deletions(-) delete mode 100644 .docker/prod-alpine-3.16.Dockerfile delete mode 100644 .docker/prod-alpine.Dockerfile delete mode 100644 .github/alpine-patches/comparison_fn_t.patch delete mode 100644 .github/alpine-patches/disable-backtrace.patch delete mode 100644 .github/alpine-patches/fix-missing-includes-path.patch delete mode 100644 .github/alpine-patches/implicit.patch delete mode 100755 .github/install-openvas-smb-dependencies-alpine.sh diff --git a/.docker/prod-alpine-3.16.Dockerfile b/.docker/prod-alpine-3.16.Dockerfile deleted file mode 100644 index c4450209..00000000 --- a/.docker/prod-alpine-3.16.Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -ARG VERSION=alpine-3.16 - -FROM alpine:3.16 AS build -COPY . /source -RUN sh /source/.github/install-openvas-smb-dependencies-alpine.sh - -WORKDIR /source -RUN cp .github/alpine-patches/*.patch . && git apply *.patch - -RUN cmake -DCMAKE_BUILD_TYPE=Release -B/build /source -RUN DESTDIR=/install cmake --build /build -- install - -FROM alpine:3.16 - -RUN apk update && apk upgrade && \ - apk add --no-cache gnutls \ - heimdal \ - popt - -COPY --from=build /install/ / - -# RUN ldconfig diff --git a/.docker/prod-alpine.Dockerfile b/.docker/prod-alpine.Dockerfile deleted file mode 100644 index d73e7d78..00000000 --- a/.docker/prod-alpine.Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -ARG VERSION=latest-alpine - -FROM alpine:latest AS build -COPY . /source -RUN sh /source/.github/install-openvas-smb-dependencies-alpine.sh - -WORKDIR /source -RUN cp .github/alpine-patches/*.patch . && git apply *.patch - -RUN cmake -DCMAKE_BUILD_TYPE=Release -B/build /source -RUN DESTDIR=/install cmake --build /build -- install - -FROM alpine:latest - -RUN apk update && apk upgrade && \ - apk add --no-cache gnutls \ - heimdal \ - popt - -COPY --from=build /install/ / - -# RUN ldconfig diff --git a/.github/alpine-patches/comparison_fn_t.patch b/.github/alpine-patches/comparison_fn_t.patch deleted file mode 100644 index f2655ac6..00000000 --- a/.github/alpine-patches/comparison_fn_t.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/samba/librpc/ndr/libndr_proto.h b/samba/librpc/ndr/libndr_proto.h -index f60d93d..b97df1d 100644 ---- a/samba/librpc/ndr/libndr_proto.h -+++ b/samba/librpc/ndr/libndr_proto.h -@@ -9,6 +9,7 @@ - #define _PUBLIC_ - #endif - -+typedef int (*comparison_fn_t)(const void *, const void *); - - /* The following definitions come from librpc/ndr/ndr.c */ - -diff --git a/samba/lib/ldb/common/ldb_msg.c b/samba/lib/ldb/common/ldb_msg.c -index 0f7a214..7ff1583 100644 ---- a/samba/lib/ldb/common/ldb_msg.c -+++ b/samba/lib/ldb/common/ldb_msg.c -@@ -35,6 +35,8 @@ - #include "includes.h" - #include "ldb/include/includes.h" - -+typedef int (*comparison_fn_t)(const void *, const void *); -+ - /* - create a new ldb_message in a given memory context (NULL for top level) - */ -diff --git a/samba/lib/ldb/include/includes.h b/samba/lib/ldb/include/includes.h -index ce0d40e..c07f117 100644 ---- a/samba/lib/ldb/include/includes.h -+++ b/samba/lib/ldb/include/includes.h -@@ -16,7 +16,7 @@ - #define dyn_MODULESDIR dyn_LIBDIR - #endif - -- -+typedef int (*comparison_fn_t)(const void *, const void *); - - #define discard_const(ptr) ((void *)((intptr_t)(ptr))) - #define discard_const_p(type, ptr) ((type *)discard_const(ptr)) diff --git a/.github/alpine-patches/disable-backtrace.patch b/.github/alpine-patches/disable-backtrace.patch deleted file mode 100644 index f5e0ef81..00000000 --- a/.github/alpine-patches/disable-backtrace.patch +++ /dev/null @@ -1,135 +0,0 @@ -diff --git a/samba/include/config.h b/samba/include/config.h -index b99c4d5..dd85ee4 100644 ---- a/samba/include/config.h -+++ b/samba/include/config.h -@@ -38,7 +38,7 @@ - /* #define HAVE_ATTR_XATTR_H 1 */ - - /* Define to 1 if you have the `backtrace' function. */ --#define HAVE_BACKTRACE 1 -+#define HAVE_BACKTRACE 0 - - /* Define to 1 if you have the header file. */ - /* #undef HAVE_BLKID_BLKID_H */ -diff --git a/samba/include/config_tmp.h b/samba/include/config_tmp.h -index e85cb77..9c7e93c 100644 ---- a/samba/include/config_tmp.h -+++ b/samba/include/config_tmp.h -@@ -38,7 +38,7 @@ - #define HAVE_ATTR_XATTR_H 1 - - /* Define to 1 if you have the `backtrace' function. */ --#define HAVE_BACKTRACE 1 -+#define HAVE_BACKTRACE 0 - - /* Define to 1 if you have the header file. */ - /* #undef HAVE_BLKID_BLKID_H */ -diff --git a/samba/lib/util/fault.c b/samba/lib/util/fault.c -index c7d6b7e..a9cdabb 100644 ---- a/samba/lib/util/fault.c -+++ b/samba/lib/util/fault.c -@@ -36,83 +36,6 @@ static struct { - - static const char *progname; - --#ifdef HAVE_BACKTRACE --#include --#elif HAVE_LIBEXC_H --#include --#endif -- --/** -- * Write backtrace to debug log -- */ --_PUBLIC_ void call_backtrace(void) --{ --#ifdef HAVE_BACKTRACE --#ifndef BACKTRACE_STACK_SIZE --#define BACKTRACE_STACK_SIZE 64 --#endif -- void *backtrace_stack[BACKTRACE_STACK_SIZE]; -- size_t backtrace_size; -- char **backtrace_strings; -- -- /* get the backtrace (stack frames) */ -- backtrace_size = backtrace(backtrace_stack,BACKTRACE_STACK_SIZE); -- backtrace_strings = backtrace_symbols(backtrace_stack, backtrace_size); -- -- DEBUG(0, ("BACKTRACE: %lu stack frames:\n", -- (unsigned long)backtrace_size)); -- -- if (backtrace_strings) { -- int i; -- -- for (i = 0; i < backtrace_size; i++) -- DEBUGADD(0, (" #%u %s\n", i, backtrace_strings[i])); -- -- /* Leak the backtrace_strings, rather than risk what free() might do */ -- } -- --#elif HAVE_LIBEXC -- --#define NAMESIZE 32 /* Arbitrary */ --#ifndef BACKTRACE_STACK_SIZE --#define BACKTRACE_STACK_SIZE 64 --#endif -- -- /* The IRIX libexc library provides an API for unwinding the stack. See -- * libexc(3) for details. Apparantly trace_back_stack leaks memory, but -- * since we are about to abort anyway, it hardly matters. -- * -- * Note that if we paniced due to a SIGSEGV or SIGBUS (or similar) this -- * will fail with a nasty message upon failing to open the /proc entry. -- */ -- { -- uint64_t addrs[BACKTRACE_STACK_SIZE]; -- char * names[BACKTRACE_STACK_SIZE]; -- char namebuf[BACKTRACE_STACK_SIZE * NAMESIZE]; -- -- int i; -- int levels; -- -- ZERO_ARRAY(addrs); -- ZERO_ARRAY(names); -- ZERO_ARRAY(namebuf); -- -- for (i = 0; i < BACKTRACE_STACK_SIZE; i++) { -- names[i] = namebuf + (i * NAMESIZE); -- } -- -- levels = trace_back_stack(0, addrs, names, -- BACKTRACE_STACK_SIZE, NAMESIZE); -- -- DEBUG(0, ("BACKTRACE: %d stack frames:\n", levels)); -- for (i = 0; i < levels; i++) { -- DEBUGADD(0, (" #%d 0x%llx %s\n", i, addrs[i], names[i])); -- } -- } --#undef NAMESIZE --#endif --} -- - _PUBLIC_ const char *panic_action = NULL; - - /** -@@ -143,8 +66,6 @@ _PUBLIC_ void smb_panic(const char *why) - } - DEBUG(0,("PANIC: %s\n", why)); - -- call_backtrace(); -- - #ifdef SIGABRT - CatchSignal(SIGABRT,SIGNAL_CAST SIG_DFL); - #endif -diff --git a/samba/lib/util/util_proto.h b/samba/lib/util/util_proto.h -index efc787f..bb48f46 100644 ---- a/samba/lib/util/util_proto.h -+++ b/samba/lib/util/util_proto.h -@@ -44,7 +44,6 @@ _PUBLIC_ void register_debug_handlers(const char *name, struct debug_ops *ops); - - /* The following definitions come from lib/util/fault.c */ - --_PUBLIC_ void call_backtrace(void); - _PUBLIC_ void smb_panic(const char *why); - _PUBLIC_ void fault_setup(const char *pname); - _PUBLIC_ BOOL register_fault_handler(const char *name, void (*fault_handler)(int sig)); diff --git a/.github/alpine-patches/fix-missing-includes-path.patch b/.github/alpine-patches/fix-missing-includes-path.patch deleted file mode 100644 index 1757e2db..00000000 --- a/.github/alpine-patches/fix-missing-includes-path.patch +++ /dev/null @@ -1,135 +0,0 @@ -diff --git a/samba/auth/auth_util.c b/samba/auth/auth_util.c -index b1e1672..7068cdf 100644 ---- a/samba/auth/auth_util.c -+++ b/samba/auth/auth_util.c -@@ -23,7 +23,7 @@ - */ - - #include "includes.h" --#include -+#include - #include "auth/auth.h" - #include "libcli/security/security.h" - #include "libcli/auth/libcli_auth.h" -diff --git a/samba/auth/credentials/credentials_krb5.h b/samba/auth/credentials/credentials_krb5.h -index a7a05d2..4a23954 100644 ---- a/samba/auth/credentials/credentials_krb5.h -+++ b/samba/auth/credentials/credentials_krb5.h -@@ -21,7 +21,7 @@ - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - --#include -+#include - - struct ccache_container; - -diff --git a/samba/lib/replace/system/kerberos.h b/samba/lib/replace/system/kerberos.h -index 496eec9..88d1d99 100644 ---- a/samba/lib/replace/system/kerberos.h -+++ b/samba/lib/replace/system/kerberos.h -@@ -125,7 +125,7 @@ - /* Whether krb5_princ_realm returns krb5_realm or krb5_data */ - #define KRB5_PRINC_REALM_RETURNS_REALM 1 - --#include -+#include - #include - #endif - -diff --git a/samba/auth/kerberos/krb5_init_context.h b/samba/auth/kerberos/krb5_init_context.h -index 4b7cc3a..d318149 100644 ---- a/samba/auth/kerberos/krb5_init_context.h -+++ b/samba/auth/kerberos/krb5_init_context.h -@@ -17,7 +17,7 @@ - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ --#include -+#include - - struct smb_krb5_context { - struct krb5_context_data *krb5_context; - -diff --git a/samba/include/config.h b/samba/include/config.h -index a555fbb..b99c4d5 100644 ---- a/samba/include/config.h -+++ b/samba/include/config.h -@@ -454,7 +454,7 @@ - /* #undef HAVE_NSS_COMMON_H */ - - /* Define to 1 if you have the header file. */ --#define HAVE_NSS_H 1 -+#define HAVE_NSS_H 0 - - /* Define to 1 if you have the header file. */ - /* #undef HAVE_NS_API_H */ -diff --git a/samba/auth/gensec/gensec_gssapi.c b/samba/auth/gensec/gensec_gssapi.c -index 5f92e78..daecb7a 100644 ---- a/samba/auth/gensec/gensec_gssapi.c -+++ b/samba/auth/gensec/gensec_gssapi.c -@@ -23,7 +23,7 @@ - */ - - #include "includes.h" --#include -+#include - #include "system/kerberos.h" - #include - #include "auth/kerberos/kerberos.h" -diff --git a/samba/auth/gensec/gensec_gssapi.c b/samba/auth/gensec/gensec_gssapi.c -index daecb7a..0139f8d 100644 ---- a/samba/auth/gensec/gensec_gssapi.c -+++ b/samba/auth/gensec/gensec_gssapi.c -@@ -25,7 +25,7 @@ - #include "includes.h" - #include - #include "system/kerberos.h" --#include -+#include - #include "auth/kerberos/kerberos.h" - #include "librpc/gen_ndr/krb5pac.h" - #include "auth/auth.h" -diff --git a/samba/auth/kerberos/kerberos.c b/samba/auth/kerberos/kerberos.c -index 1f190c1..37a9773 100644 ---- a/samba/auth/kerberos/kerberos.c -+++ b/samba/auth/kerberos/kerberos.c -@@ -24,7 +24,7 @@ - - #include "includes.h" - #include "system/kerberos.h" --#include -+#include - - #ifdef HAVE_KRB5 - -diff --git a/samba/auth/kerberos/krb5_init_context.c b/samba/auth/kerberos/krb5_init_context.c -index f7230e4..20d65c6 100644 ---- a/samba/auth/kerberos/krb5_init_context.c -+++ b/samba/auth/kerberos/krb5_init_context.c -@@ -27,9 +27,9 @@ - #include "lib/socket/socket.h" - #include "system/network.h" - #include "lib/events/events.h" --#include -+#include - --#include -+#include - - /* - context structure for operations on cldap packets -diff --git a/samba/dsdb/samdb/ldb_modules/password_hash.c b/samba/dsdb/samdb/ldb_modules/password_hash.c -index 26101b9..3467d8e 100644 ---- a/samba/dsdb/samdb/ldb_modules/password_hash.c -+++ b/samba/dsdb/samdb/ldb_modules/password_hash.c -@@ -43,7 +43,7 @@ - #include "system/time.h" - #include "dsdb/samdb/samdb.h" - #include "dsdb/common/flags.h" --#include -+#include - #include "dsdb/samdb/ldb_modules/password_modules.h" - - /* If we have decided there is reason to work on this request, then - diff --git a/.github/alpine-patches/implicit.patch b/.github/alpine-patches/implicit.patch deleted file mode 100644 index 7133bea9..00000000 --- a/.github/alpine-patches/implicit.patch +++ /dev/null @@ -1,39 +0,0 @@ -fix implicit function decls --- -diff --git a/samba/auth/credentials/credentials_krb5.c b/samba/auth/credentials/credentials_krb5.c -index a4a0a9a..9b64977 100644 ---- a/samba/auth/credentials/credentials_krb5.c -+++ b/samba/auth/credentials/credentials_krb5.c -@@ -28,6 +28,8 @@ - #include "auth/credentials/credentials.h" - #include "auth/credentials/credentials_krb5.h" - -+#include -+ - int cli_credentials_get_krb5_context(struct cli_credentials *cred, - struct smb_krb5_context **smb_krb5_context) - { -diff --git a/wmi/wmireg.c b/wmi/wmireg.c -index cb4cf6d..b13a587 100644 ---- a/wmi/wmireg.c -+++ b/wmi/wmireg.c -@@ -36,6 +36,7 @@ - #include "includes.h" - #include "lib/cmdline/popt_common.h" - #include "librpc/rpc/dcerpc.h" -+#include "librpc/rpc/dcerpc_table.h" - #include "librpc/gen_ndr/ndr_oxidresolver.h" - #include "librpc/gen_ndr/ndr_oxidresolver_c.h" - #include "librpc/gen_ndr/ndr_dcom.h" -diff --git a/wmi/wmirsop.c b/wmi/wmirsop.c -index 719bb9a..da642d3 100644 ---- a/wmi/wmirsop.c -+++ b/wmi/wmirsop.c -@@ -36,6 +36,7 @@ - #include "includes.h" - #include "lib/cmdline/popt_common.h" - #include "librpc/rpc/dcerpc.h" -+#include "librpc/rpc/dcerpc_table.h" - #include "librpc/gen_ndr/ndr_oxidresolver.h" - #include "librpc/gen_ndr/ndr_oxidresolver_c.h" - #include "librpc/gen_ndr/ndr_dcom.h" diff --git a/.github/install-openvas-smb-dependencies-alpine.sh b/.github/install-openvas-smb-dependencies-alpine.sh deleted file mode 100755 index 4923f71d..00000000 --- a/.github/install-openvas-smb-dependencies-alpine.sh +++ /dev/null @@ -1,24 +0,0 @@ -# This script installs openvas-smb-dependencies. -#/bin/sh -set -ex -apk update && apk upgrade && \ - apk add --no-cache build-base \ - cmake \ - doxygen \ - glib-dev \ - gnutls-dev \ - graphviz \ - gvm-libs-dev \ - heimdal-dev \ - libunistring-dev \ - mingw-w64-binutils \ - mingw-w64-crt \ - mingw-w64-gcc \ - mingw-w64-headers \ - perl-dev \ - popt-dev \ - samurai \ - sqlite-dev \ - xmltoman \ - git -