Merge pull request #509 from scribblemaniac/multistage-docker

Docker improvements (multistage builds, separate os images, and more)
mvt-project · Sep 30, 2024 · f8e2b09 · f8e2b09
2 parents d79f6cb + e00895a
commit f8e2b09
Show file tree

Hide file tree

Showing 5 changed files with 295 additions and 52 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,2 @@
+# Ignore everything, the dockerfile always pulls from https://github.com/mvt-project/mvt.git@main
+*
diff --git a/Dockerfile b/Dockerfile
@@ -1,79 +1,153 @@
-FROM ubuntu:22.04
+# Base image for building libraries
+# ---------------------------------
+FROM ubuntu:22.04 as build-base
 
-# Ref. https://github.com/mvt-project/mvt
+ARG DEBIAN_FRONTEND=noninteractive
 
-LABEL url="https://mvt.re"
-LABEL vcs-url="https://github.com/mvt-project/mvt"
-LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices."
-
-ENV PIP_NO_CACHE_DIR=1
-ENV DEBIAN_FRONTEND=noninteractive
-
-# Fixing major OS dependencies
-# ----------------------------
-RUN apt update \
-  && apt install -y python3 python3-pip libusb-1.0-0-dev wget unzip default-jre-headless adb \
-
-# Install build tools for libimobiledevice
-# ----------------------------------------
+# Install build tools and dependencies
+RUN apt-get update \
+  && apt-get install -y \
   build-essential \
-  checkinstall \
   git \
   autoconf \
   automake \
   libtool-bin \
-  libplist-dev \
-  libusbmuxd-dev \
-  libssl-dev \
-  sqlite3 \
   pkg-config \
-
-# Clean up
-# --------
-  && apt-get clean \
-  && rm -rf /var/lib/apt/lists/* /var/cache/apt
+  libcurl4-openssl-dev \
+  libusb-1.0-0-dev \
+  libssl-dev \
+  udev \
+  && rm -rf /var/lib/apt/lists/*
 
 
-# Build libimobiledevice
-# ----------------------
-RUN git clone https://github.com/libimobiledevice/libplist \
-  && git clone https://github.com/libimobiledevice/libimobiledevice-glue \
-  && git clone https://github.com/libimobiledevice/libusbmuxd \
-  && git clone https://github.com/libimobiledevice/libimobiledevice \
-  && git clone https://github.com/libimobiledevice/usbmuxd \
+# libplist
+# --------
+FROM build-base as build-libplist
 
-  && cd libplist && ./autogen.sh && make && make install && ldconfig \
+# Build
+RUN git clone https://github.com/libimobiledevice/libplist && cd libplist \
+  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libplist
 
-  && cd ../libimobiledevice-glue && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr && make && make install && ldconfig \
 
-  && cd ../libusbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh && make && make install && ldconfig \
+# libimobiledevice-glue
+# ---------------------
+FROM build-base as build-libimobiledevice-glue
 
-  && cd ../libimobiledevice && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --enable-debug && make && make install && ldconfig \
+# Install dependencies
+COPY --from=build-libplist /build /
 
-  && cd ../usbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make && make install \
+# Build
+RUN git clone https://github.com/libimobiledevice/libimobiledevice-glue && cd libimobiledevice-glue \
+  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libimobiledevice-glue
 
-  # Clean up.
-  && cd .. && rm -rf libplist libimobiledevice-glue libusbmuxd libimobiledevice usbmuxd
 
-# Installing MVT
-# --------------
-RUN pip3 install git+https://github.com/mvt-project/mvt.git@main
+# libtatsu
+# --------
+FROM build-base as build-libtatsu
+
+# Install dependencies
+COPY --from=build-libplist /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/libtatsu && cd libtatsu \
+  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libtatsu
+
+
+# libusbmuxd
+# ----------
+FROM build-base as build-libusbmuxd
+
+# Install dependencies
+COPY --from=build-libplist /build /
+COPY --from=build-libimobiledevice-glue /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/libusbmuxd && cd libusbmuxd \
+  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libusbmuxd
+
+
+# libimobiledevice
+# ----------------
+FROM build-base as build-libimobiledevice
+
+# Install dependencies
+COPY --from=build-libplist /build /
+COPY --from=build-libtatsu /build /
+COPY --from=build-libimobiledevice-glue /build /
+COPY --from=build-libusbmuxd /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/libimobiledevice && cd libimobiledevice \
+  && ./autogen.sh --enable-debug && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libimobiledevice
+
+
+# usbmuxd
+# -------
+FROM build-base as build-usbmuxd
+
+# Install dependencies
+COPY --from=build-libplist /build /
+COPY --from=build-libimobiledevice-glue /build /
+COPY --from=build-libusbmuxd /build /
+COPY --from=build-libimobiledevice /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \
+  && ./autogen.sh --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf usbmuxd && mv /build/lib /build/usr/lib
+
+
+# Create main image
+FROM ubuntu:22.04 as main
+
+LABEL org.opencontainers.image.url="https://mvt.re"
+LABEL org.opencontainers.image.documentation="https://docs.mvt.re"
+LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt"
+LABEL org.opencontainers.image.title="Mobile Verification Toolkit"
+LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices."
+LABEL org.opencontainers.image.base.name=docker.io/library/ubuntu:22.04
+
+# Install runtime dependencies
+ARG DEBIAN_FRONTEND=noninteractive
+RUN apt-get update \
+  && apt-get install -y \
+  adb \
+  default-jre-headless \
+  libcurl4 \
+  libssl3 \
+  libusb-1.0-0 \
+  python3 \
+  sqlite3
+COPY --from=build-libplist /build /
+COPY --from=build-libimobiledevice-glue /build /
+COPY --from=build-libtatsu /build /
+COPY --from=build-libusbmuxd /build /
+COPY --from=build-libimobiledevice /build /
+COPY --from=build-usbmuxd /build /
+
+# Install mvt
+RUN apt-get update \
+  && apt-get install -y git python3-pip \
+  && PIP_NO_CACHE_DIR=1 pip3 install git+https://github.com/mvt-project/mvt.git@main \
+  && apt-get remove -y python3-pip git && apt-get autoremove -y \
+  && rm -rf /var/lib/apt/lists/*
 
 # Installing ABE
-# --------------
-RUN mkdir /opt/abe \
-  && wget https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar -O /opt/abe/abe.jar \
+ADD https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar /opt/abe/abe.jar
 # Create alias for abe
-  && echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc
+RUN echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc
 
-# Generate adb key folder 
-# ------------------------------ 
+# Generate adb key folder
 RUN mkdir /root/.android && adb keygen /root/.android/adbkey
 
 # Setup investigations environment
-# --------------------------------
 RUN mkdir /home/cases
-WORKDIR /home/cases 
+WORKDIR /home/cases
 RUN echo 'echo "Mobile Verification Toolkit @ Docker\n------------------------------------\n\nYou can find information about how to use this image for Android (https://github.com/mvt-project/mvt/tree/master/docs/android) and iOS (https://github.com/mvt-project/mvt/tree/master/docs/ios) in the official docs of the project.\n"' >> ~/.bashrc \
   && echo 'echo "Note that to perform the debug via USB you might need to give the Docker image access to the USB using \"docker run -it --privileged -v /dev/bus/usb:/dev/bus/usb mvt\" or, preferably, the \"--device=\" parameter.\n"' >> ~/.bashrc
 

diff --git a/Dockerfile.android b/Dockerfile.android
@@ -0,0 +1,32 @@
+# Create main image
+FROM python:3.10.14-alpine3.20 as main
+
+LABEL org.opencontainers.image.url="https://mvt.re"
+LABEL org.opencontainers.image.documentation="https://docs.mvt.re"
+LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt"
+LABEL org.opencontainers.image.title="Mobile Verification Toolkit (Android)"
+LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices."
+LABEL org.opencontainers.image.base.name=docker.io/library/python:3.10.14-alpine3.20
+
+# Install runtime dependencies
+RUN apk add --no-cache \
+  android-tools \
+  git \
+  libusb \
+  openjdk11-jre-headless \
+  sqlite
+
+# Install mvt
+RUN apk add --no-cache git \
+  && PIP_NO_CACHE_DIR=1 pip3 install git+https://github.com/mvt-project/mvt.git@main \
+  && apk del git
+
+# Installing ABE
+ADD https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar /opt/abe/abe.jar
+# Create alias for abe
+RUN echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc
+
+# Generate adb key folder
+RUN mkdir /root/.android && adb keygen /root/.android/adbkey
+
+ENTRYPOINT [ "/usr/local/bin/mvt-android" ]
diff --git a/Dockerfile.ios b/Dockerfile.ios
@@ -0,0 +1,135 @@
+# Base image for building libraries
+# ---------------------------------
+FROM ubuntu:22.04 as build-base
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Install build tools and dependencies
+RUN apt-get update \
+  && apt-get install -y \
+  build-essential \
+  git \
+  autoconf \
+  automake \
+  libtool-bin \
+  pkg-config \
+  libcurl4-openssl-dev \
+  libusb-1.0-0-dev \
+  libssl-dev \
+  udev \
+  && rm -rf /var/lib/apt/lists/*
+
+
+# libplist
+# --------
+FROM build-base as build-libplist
+
+# Build
+RUN git clone https://github.com/libimobiledevice/libplist && cd libplist \
+  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libplist
+
+
+# libimobiledevice-glue
+# ---------------------
+FROM build-base as build-libimobiledevice-glue
+
+# Install dependencies
+COPY --from=build-libplist /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/libimobiledevice-glue && cd libimobiledevice-glue \
+  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libimobiledevice-glue
+
+
+# libtatsu
+# --------
+FROM build-base as build-libtatsu
+
+# Install dependencies
+COPY --from=build-libplist /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/libtatsu && cd libtatsu \
+  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libtatsu
+
+
+# libusbmuxd
+# ----------
+FROM build-base as build-libusbmuxd
+
+# Install dependencies
+COPY --from=build-libplist /build /
+COPY --from=build-libimobiledevice-glue /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/libusbmuxd && cd libusbmuxd \
+  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libusbmuxd
+
+
+# libimobiledevice
+# ----------------
+FROM build-base as build-libimobiledevice
+
+# Install dependencies
+COPY --from=build-libplist /build /
+COPY --from=build-libtatsu /build /
+COPY --from=build-libimobiledevice-glue /build /
+COPY --from=build-libusbmuxd /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/libimobiledevice && cd libimobiledevice \
+  && ./autogen.sh --enable-debug && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf libimobiledevice
+
+
+# usbmuxd
+# -------
+FROM build-base as build-usbmuxd
+
+# Install dependencies
+COPY --from=build-libplist /build /
+COPY --from=build-libimobiledevice-glue /build /
+COPY --from=build-libusbmuxd /build /
+COPY --from=build-libimobiledevice /build /
+
+# Build
+RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \
+  && ./autogen.sh --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make -j "$(nproc)" && make install DESTDIR=/build \
+  && cd .. && rm -rf usbmuxd && mv /build/lib /build/usr/lib
+
+
+# Main image
+# ----------
+FROM python:3.10.14-alpine3.20 as main
+
+LABEL org.opencontainers.image.url="https://mvt.re"
+LABEL org.opencontainers.image.documentation="https://docs.mvt.re"
+LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt"
+LABEL org.opencontainers.image.title="Mobile Verification Toolkit (iOS)"
+LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices."
+LABEL org.opencontainers.image.base.name=docker.io/library/python:3.10.14-alpine3.20
+
+# Install runtime dependencies
+RUN apk add --no-cache \
+  gcompat \
+  libcurl \
+  libssl3 \
+  libusb \
+  sqlite
+COPY --from=build-libplist /build /
+COPY --from=build-libimobiledevice-glue /build /
+COPY --from=build-libtatsu /build /
+COPY --from=build-libusbmuxd /build /
+COPY --from=build-libimobiledevice /build /
+COPY --from=build-usbmuxd /build /
+
+# Install mvt
+RUN apk add --no-cache git \
+  && PIP_NO_CACHE_DIR=1 pip3 install git+https://github.com/mvt-project/mvt.git@main \
+  && apk del git
+
+ENTRYPOINT [ "/usr/local/bin/mvt-ios" ]
diff --git a/setup.cfg b/setup.cfg
@@ -29,7 +29,7 @@ install_requires =
     packaging >=21.3
     appdirs >=1.4.4
     iOSbackup >=0.9.923
-    adb-shell >=0.4.3
+    adb-shell[usb] >=0.4.3
     libusb1 >=3.0.0
     cryptography >=42.0.5
     pyyaml >=6.0
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Ignore everything, the dockerfile always pulls from https://github.com/mvt-project/mvt.git@main
		*