CI: import all Dockerfiles used for CI/CD

Claudio André · Claudio André · commit 069158cebd37 · 2024-04-26T09:15:21.000-03:00
It's not the simplest choice, but it makes the code infrastructure more
complete and self-contained.

Signed-off-by: Claudio André &lt;dev@claudioandre.slmail.me&gt;
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -11,13 +11,13 @@ ansible
 apk
 apps
 appveyor
-archs
 asan
 ASLR
 ath
 avx
 awor
 aws
+basekit
 bestpractices
 bugtracker
 BUILDID
@@ -55,16 +55,19 @@ cyggmp
 cyggomp
 cygz
 davidanson
+debhelper
 devcontainer
 distro
 dmg
 dnf
 dns
+Dockerfiles
 drwx
 drwxr
 drwxrwxr
 dynamicbase
 editorconfig
+elfutils
 endfor
 esbenp
 exe
@@ -108,16 +111,20 @@ LASTEXITCODE
 Lauchpad
 LDFLAGS
 len
+libasan
 libbz
 libcrypt
 libexec
 libfuzzer
 libgmp
 libgomp
+libnet
 libomp
 libopencl
 libpcap
 libpocl
+libtsan
+libubsan
 libusb
 lsb
 LWS
@@ -135,6 +142,7 @@ OBJS
 ocl
 oidc
 omp
+oneapi
 openmp
 oss
 osv
@@ -154,6 +162,7 @@ Randomisation
 rar
 RCracker
 realpath
+redhat
 redistributors
 rekor
 rsa
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -30,3 +30,8 @@ updates:
     directory: /.clusterfuzzlite
     schedule:
       interval: daily
+
+  - package-ecosystem: docker
+    directory: /CI/Dockerfiles
+    schedule:
+      interval: daily
diff --git a/.github/workflows/build_CI.yml b/.github/workflows/build_CI.yml
@@ -0,0 +1,108 @@
+###############################################################################
+#        _       _             _   _            _____  _
+#       | |     | |           | | | |          |  __ \(_)
+#       | | ___ | |__  _ __   | |_| |__   ___  | |__) |_ _ __  _ __   ___ _ __
+#   _   | |/ _ \| '_ \| '_ \  | __| '_ \ / _ \ |  _  /| | '_ \| '_ \ / _ \ '__|
+#  | |__| | (_) | | | | | | | | |_| | | |  __/ | | \ \| | |_) | |_) |  __/ |
+#   \____/ \___/|_| |_|_| |_|  \__|_| |_|\___| |_|  \_\_| .__/| .__/ \___|_|
+#                                                       | |   | |
+#                                                       |_|   |_|
+#
+# Copyright (c) 2024 Claudio André <dev@claudioandre.slmail.me>
+#
+# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, as expressed in version 2, seen at
+# http://www.gnu.org/licenses/gpl-2.0.html
+###############################################################################
+
+---
+name: CI Docker image
+
+"on":
+  push:
+    branches: [images]
+  workflow_dispatch:
+
+env:
+  REPO: ghcr.io/${{ github.repository_owner }}/john-ci
+
+permissions: read-all
+jobs:
+  build:
+    name: Build image
+    runs-on: ubuntu-latest
+    continue-on-error: true
+
+    strategy:
+      matrix:
+        include:
+          - image-tag: fedora.latest
+            dockerfile: Dockerfile.FedoraLatest
+          - image-tag: fedora.flatpak
+            dockerfile: Dockerfile.flatpak.package
+          - image-tag: ubuntu.opencl
+            dockerfile: Dockerfile.OpenCL
+          - image-tag: ubuntu.devel
+            dockerfile: Dockerfile.UbuntuDevel
+          - image-tag: ubuntu.rolling
+            dockerfile: Dockerfile.UbuntuRolling
+          - image-tag: redhat.ubi8
+            dockerfile: Dockerfile.RHUbi8
+
+    permissions:
+      packages: write
+      contents: read
+
+    outputs:
+      image: ${{ steps.image.outputs.image }}
+      digest: ${{ steps.build-and-push.outputs.digest }}
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Log in to GitHub Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build container image
+        id: build-and-push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          file: "${{ github.workspace }}/CI/Dockerfiles/${{ matrix.dockerfile }}"
+          tags: |
+            ${{ env.REPO }}:${{ matrix.image-tag }}
+            ${{ env.REPO }}:${{ matrix.image-tag }}J${{ github.run_number }}
+          outputs: "type=image,name=target,\
+            annotation-index.org.opencontainers.image.authors=Claudio André <dev@claudioandre.slmail.me>,\
+            annotation-index.org.opencontainers.image.description=John the Ripper CI"
+
+      - name: Output image
+        id: image
+        run: |
+          image_name="${{ env.REPO }}:${{ matrix.image-tag }}"
+          echo "The image is $image_name"
+          echo "image=$image_name" >> "$GITHUB_OUTPUT"
+
+  # It's unclear whether provenance can work with a matrix of Docker images
+  provenance:
+    if: ${{ false }}
+    needs: [build]
+    permissions:
+      actions: read # for detecting the GitHub Actions environment.
+      id-token: write # for creating OIDC tokens for signing.
+      packages: write # for uploading attestations.
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
+    with:
+      image: ${{ needs.build.outputs.image }}
+      digest: ${{ needs.build.outputs.digest }}
+      registry-username: ${{ github.actor }}
+    secrets:
+      registry-password: ${{ secrets.GITHUB_TOKEN }}
diff --git a/CI/Dockerfiles/Dockerfile.FedoraLatest b/CI/Dockerfiles/Dockerfile.FedoraLatest
@@ -0,0 +1,36 @@
+###############################################################################
+#        _       _             _   _            _____  _
+#       | |     | |           | | | |          |  __ \(_)
+#       | | ___ | |__  _ __   | |_| |__   ___  | |__) |_ _ __  _ __   ___ _ __
+#   _   | |/ _ \| '_ \| '_ \  | __| '_ \ / _ \ |  _  /| | '_ \| '_ \ / _ \ '__|
+#  | |__| | (_) | | | | | | | | |_| | | |  __/ | | \ \| | |_) | |_) |  __/ |
+#   \____/ \___/|_| |_|_| |_|  \__|_| |_|\___| |_|  \_\_| .__/| .__/ \___|_|
+#                                                       | |   | |
+#                                                       |_|   |_|
+#
+# Copyright (c) 2017-2024 Claudio André <dev@claudioandre.slmail.me>
+#
+# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, as expressed in version 2, seen at
+# http://www.gnu.org/licenses/gpl-2.0.html
+###############################################################################
+# Dockerfile for Continuous Integration
+# More info at https://github.com/openwall/john-packages
+
+FROM fedora:latest
+LABEL org.opencontainers.image.authors="Claudio André <dev@claudioandre.slmail.me>"
+LABEL description="Docker images for John the Ripper CI (1.0.Fedora Latest)"
+
+RUN dnf -y -q update \
+    && dnf -y install \
+        @development-tools openssl-devel gmp-devel libpcap-devel bzip2-devel wget \
+        clang libasan libubsan libtsan american-fuzzy-lop zzuf pocl-devel \
+        american-fuzzy-lop-clang \
+    && useradd -U -m JtR
+
+USER JtR
+ENV BASE fedora
+CMD /bin/bash
diff --git a/CI/Dockerfiles/Dockerfile.OpenCL b/CI/Dockerfiles/Dockerfile.OpenCL
@@ -0,0 +1,42 @@
+###############################################################################
+#        _       _             _   _            _____  _
+#       | |     | |           | | | |          |  __ \(_)
+#       | | ___ | |__  _ __   | |_| |__   ___  | |__) |_ _ __  _ __   ___ _ __
+#   _   | |/ _ \| '_ \| '_ \  | __| '_ \ / _ \ |  _  /| | '_ \| '_ \ / _ \ '__|
+#  | |__| | (_) | | | | | | | | |_| | | |  __/ | | \ \| | |_) | |_) |  __/ |
+#   \____/ \___/|_| |_|_| |_|  \__|_| |_|\___| |_|  \_\_| .__/| .__/ \___|_|
+#                                                       | |   | |
+#                                                       |_|   |_|
+#
+# Copyright (c) 2017-2024 Claudio André <dev@claudioandre.slmail.me>
+#
+# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, as expressed in version 2, seen at
+# http://www.gnu.org/licenses/gpl-2.0.html
+###############################################################################
+# Dockerfile for Continuous Integration
+# More info at https://github.com/openwall/john-packages
+
+FROM ubuntu:24.04
+LABEL org.opencontainers.image.authors="Claudio André <dev@claudioandre.slmail.me>"
+LABEL description="Docker images for John the Ripper CI (1.0.Ubuntu 24 OpenCL)"
+
+RUN apt-get update -qq \
+    && export DEBIAN_FRONTEND="noninteractive" \
+    && apt-get install -y \
+        build-essential libssl-dev yasm libgmp-dev libpcap-dev pkg-config debhelper libnet1-dev \
+        libbz2-dev wget llvm libomp-dev zlib1g-dev git clang afl zzuf \
+        libpocl-dev ocl-icd-opencl-dev ocl-icd-libopencl1 pocl-opencl-icd opencl-headers \
+    && useradd -U -m JtR \
+# ==================================================================
+# Clean up the image (shrink the Docker image)
+# ------------------------------------------------------------------
+    && apt-get -y clean \
+    && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
+
+# USER JtR => it is much better to use root on Travis
+ENV BASE ubuntu
+CMD /bin/bash
diff --git a/CI/Dockerfiles/Dockerfile.OpenCL-IntelCPU b/CI/Dockerfiles/Dockerfile.OpenCL-IntelCPU
@@ -0,0 +1,47 @@
+###############################################################################
+#        _       _             _   _            _____  _
+#       | |     | |           | | | |          |  __ \(_)
+#       | | ___ | |__  _ __   | |_| |__   ___  | |__) |_ _ __  _ __   ___ _ __
+#   _   | |/ _ \| '_ \| '_ \  | __| '_ \ / _ \ |  _  /| | '_ \| '_ \ / _ \ '__|
+#  | |__| | (_) | | | | | | | | |_| | | |  __/ | | \ \| | |_) | |_) |  __/ |
+#   \____/ \___/|_| |_|_| |_|  \__|_| |_|\___| |_|  \_\_| .__/| .__/ \___|_|
+#                                                       | |   | |
+#                                                       |_|   |_|
+#
+# Copyright (c) 2023-2024 Claudio André <dev@claudioandre.slmail.me>
+#
+# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, as expressed in version 2, seen at
+# http://www.gnu.org/licenses/gpl-2.0.html
+###############################################################################
+# Dockerfile for Continuous Integration
+# More info at https://github.com/openwall/john-packages
+
+FROM ubuntu:22.04
+LABEL org.opencontainers.image.authors="Claudio André <dev@claudioandre.slmail.me>"
+LABEL description="Docker images for John the Ripper CI (1.0.Ubuntu 22 Intel OpenCL)"
+
+# DO NOT update this automatically. OpenCL drivers are fragile and must be maintained very carefully.
+# RUN apt-get update -qq \
+#     && apt-get install -y \
+#         build-essential libssl-dev zlib1g-dev yasm libgmp-dev libpcap-dev \
+#         pkg-config libbz2-dev wget \
+#         ocl-icd-opencl-dev clinfo git \
+#     && wget -O- https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB \
+#         | gpg --dearmor | tee /usr/share/keyrings/oneapi-archive-keyring.gpg > /dev/null \
+#     && echo "deb [signed-by=/usr/share/keyrings/oneapi-archive-keyring.gpg] https://apt.repos.intel.com/oneapi all main" \
+#         | tee /etc/apt/sources.list.d/oneAPI.list \
+#     && apt-get update -qq \
+#     && apt-get install -y \
+#         intel-oneapi-runtime-opencl intel-basekit \
+#     && useradd -U -m JtR \
+#     && apt-get -y clean \
+#     && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
+
+# Workaround for an issue in Intel libraries installation script
+ENV LD_LIBRARY_PATH=/opt/intel/oneapi/2024.0/lib/:"$LD_LIBRARY_PATH"
+ENV BASE ubuntu
+CMD /bin/bash
diff --git a/CI/Dockerfiles/Dockerfile.RHUbi8 b/CI/Dockerfiles/Dockerfile.RHUbi8
@@ -0,0 +1,33 @@
+###############################################################################
+#        _       _             _   _            _____  _
+#       | |     | |           | | | |          |  __ \(_)
+#       | | ___ | |__  _ __   | |_| |__   ___  | |__) |_ _ __  _ __   ___ _ __
+#   _   | |/ _ \| '_ \| '_ \  | __| '_ \ / _ \ |  _  /| | '_ \| '_ \ / _ \ '__|
+#  | |__| | (_) | | | | | | | | |_| | | |  __/ | | \ \| | |_) | |_) |  __/ |
+#   \____/ \___/|_| |_|_| |_|  \__|_| |_|\___| |_|  \_\_| .__/| .__/ \___|_|
+#                                                       | |   | |
+#                                                       |_|   |_|
+#
+# Copyright (c) 2024 Claudio André <dev@claudioandre.slmail.me>
+#
+# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, as expressed in version 2, seen at
+# http://www.gnu.org/licenses/gpl-2.0.html
+###############################################################################
+# Dockerfile for Continuous Integration
+# More info at https://github.com/openwall/john-packages
+
+FROM registry.access.redhat.com/ubi8/ubi
+LABEL org.opencontainers.image.authors="Claudio André <dev@claudioandre.slmail.me>"
+LABEL description="Docker images for John the Ripper CI (1.0.Red Hat 8)"
+
+RUN yum -y -q update \
+    && yum -y install \
+        openssl-devel gmp-devel libpcap-devel bzip2-devel wget gcc git perl \
+    && useradd -U -m JtR
+
+ENV BASE RedHat-UBI
+CMD /bin/bash
diff --git a/CI/Dockerfiles/Dockerfile.UbuntuDevel b/CI/Dockerfiles/Dockerfile.UbuntuDevel
@@ -0,0 +1,41 @@
+###############################################################################
+#        _       _             _   _            _____  _
+#       | |     | |           | | | |          |  __ \(_)
+#       | | ___ | |__  _ __   | |_| |__   ___  | |__) |_ _ __  _ __   ___ _ __
+#   _   | |/ _ \| '_ \| '_ \  | __| '_ \ / _ \ |  _  /| | '_ \| '_ \ / _ \ '__|
+#  | |__| | (_) | | | | | | | | |_| | | |  __/ | | \ \| | |_) | |_) |  __/ |
+#   \____/ \___/|_| |_|_| |_|  \__|_| |_|\___| |_|  \_\_| .__/| .__/ \___|_|
+#                                                       | |   | |
+#                                                       |_|   |_|
+#
+# Copyright (c) 2017-2024 Claudio André <dev@claudioandre.slmail.me>
+#
+# This program comes with ABSOLUTELY NO WARRANTY; express or implied.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, as expressed in version 2, seen at
+# http://www.gnu.org/licenses/gpl-2.0.html
+###############################################################################
+# Dockerfile for Continuous Integration
+# More info at https://github.com/openwall/john-packages
+
+FROM ubuntu:devel
+LABEL org.opencontainers.image.authors="Claudio André <dev@claudioandre.slmail.me>"
+LABEL description="Docker images for John the Ripper CI (1.0.Ubuntu Devel)"
+
+RUN apt-get update -qq \
+    && export DEBIAN_FRONTEND="noninteractive" \
+    && apt-get install -y \
+        build-essential libssl-dev yasm libgmp-dev libpcap-dev pkg-config debhelper libnet1-dev \
+        libbz2-dev wget llvm libomp-dev zlib1g-dev git clang \
+    && useradd -U -m JtR \
+# ==================================================================
+# Clean up the image (shrink the Docker image)
+# ------------------------------------------------------------------
+    && apt-get -y clean \
+    && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
+
+# USER JtR => it is much better to use root on Travis
+ENV BASE ubuntu
+CMD /bin/bash
diff --git a/CI/Dockerfiles/Dockerfile.UbuntuRolling b/CI/Dockerfiles/Dockerfile.UbuntuRolling
diff --git a/CI/Dockerfiles/Dockerfile.flatpak.package b/CI/Dockerfiles/Dockerfile.flatpak.package
