diff --git a/.dockerignore b/.dockerignore index ea32980..48b083e 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,3 @@ # Ignore everything * +!debs/ diff --git a/.github/demo.gif b/.github/demo.gif index fc7ebc9..3701d33 100644 Binary files a/.github/demo.gif and b/.github/demo.gif differ diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 78ae9a5..a992d15 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -23,8 +23,10 @@ env: jobs: build: - runs-on: ubuntu-latest + strategy: + matrix: + version: ['5.6.0', '5.6.1'] permissions: contents: read packages: write @@ -69,7 +71,7 @@ jobs: ${{ env.IMAGE_NAME }} ghcr.io/${{ env.IMAGE_NAME }} tags: | - # set latest tag for default branch + type=raw,value={{ matrix.version }} type=raw,value=latest,enable={{is_default_branch}} # Build and push Docker image with Buildx (don't push on PR) @@ -80,6 +82,8 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} + build-args: | + XZ_VERSION=${{ matrix.version }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: ${{ env.PLATFORM }} diff --git a/Dockerfile b/Dockerfile index d5451bd..52bd832 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,8 @@ ARG PLATFORM_CPU_ARCH=x86_64 ARG XZ_VERSION=5.6.1 ARG XZ_SO=liblzma.so ARG XZ_LIB=$XZ_SO.$XZ_VERSION -ARG XZ_DEB=liblzma5_$XZ_VERSION-1_$PLATFORM_ARCH.deb +ARG XZ_DEB=liblzma5_${XZ_VERSION}_${PLATFORM_ARCH}.deb +ARG XZ_BOT_REV=0cabe4c # # BUILD: Clone xzbot repo. @@ -24,7 +25,8 @@ FROM $BUILD_IMAGE as build WORKDIR /build RUN apk add --no-cache git \ - && git clone https://github.com/amlweems/xzbot.git . + && git clone https://github.com/amlweems/xzbot.git . \ + && git checkout $XZ_BOT_REV # # BUILD-PATCH: Patch liblzma with ED448 public key (seed 0). @@ -38,7 +40,7 @@ WORKDIR /build COPY --from=build /build/patch.py /build/assets/$XZ_LIB . RUN ARCH=$(uname -m | tr '_' '-'); \ - apt-get update && apt-get install -y \ + apt-get update && apt-get install -y --no-install-recommends \ binutils-$ARCH-$PLATFORM_OS-gnu \ cpp \ && pip install pwntools \ @@ -68,14 +70,15 @@ ARG PLATFORM_CPU_ARCH ARG PLATFORM_OS WORKDIR /build +COPY debs/$XZ_DEB . COPY --from=build-patch /build/$XZ_LIB.patch . COPY --from=build-ssh-client /build/xzbot . -RUN apt-get update && apt-get install -y \ - wget \ +RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \ + systemd \ openssh-server \ - && wget https://snapshot.debian.org/archive/debian/20240328T025657Z/pool/main/x/xz-utils/$XZ_DEB \ - && apt-get install --allow-downgrades --yes ./$XZ_DEB \ + && dpkg -i ./$XZ_DEB \ + && sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config \ && rm -rf /var/lib/apt/lists/* # Patch liblzma before starting systemd diff --git a/debs/README.md b/debs/README.md new file mode 100644 index 0000000..c5820e4 --- /dev/null +++ b/debs/README.md @@ -0,0 +1,4 @@ +# Debian package snapshots + +* liblzma5_5.6.0_amd64.deb [snapshot](https://snapshot.debian.org/archive/debian/20240301T214050Z/pool/main/x/xz-utils/liblzma5_5.6.0-0.2_amd64.deb) +* liblzma5_5.6.1_amd64.deb [snapshot](https://snapshot.debian.org/archive/debian/20240328T025657Z/pool/main/x/xz-utils/liblzma5_5.6.1-1_amd64.deb) diff --git a/debs/liblzma5_5.6.0_amd64.deb b/debs/liblzma5_5.6.0_amd64.deb new file mode 100644 index 0000000..272d81a Binary files /dev/null and b/debs/liblzma5_5.6.0_amd64.deb differ diff --git a/debs/liblzma5_5.6.1_amd64.deb b/debs/liblzma5_5.6.1_amd64.deb new file mode 100644 index 0000000..358983a Binary files /dev/null and b/debs/liblzma5_5.6.1_amd64.deb differ