From bb81bcb4039f4a7438d269cd1c70df7ee6dfe2dc Mon Sep 17 00:00:00 2001
From: Michel Oosterhof <micheloosterhof@users.noreply.github.com>
Date: Fri, 22 Oct 2021 14:19:55 +0800
Subject: [PATCH] Integrated docker (#1646)

* Merge docker build infra into main repo
---
 .dockerignore     |   5 ++
 Makefile          | 105 ++++++++++++++++++++++++++++++++++++----
 docker/Dockerfile | 121 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 221 insertions(+), 10 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 docker/Dockerfile

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..2bc7297d
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,5 @@
+.direnv
+.tox
+.git
+.github
+.eggs
diff --git a/Makefile b/Makefile
index 4c84a1e6..db44cd09 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,14 @@
 # This `Makefile` is intended for Cowrie developers.
 
+
 # Dummy target `all`
+.DEFAULT_GOAL := help
 .PHONY: all
-all:
+all: help
+	@echo $(COMMIT)--
+
+help:
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
 .PHONY: test
 test:
@@ -13,37 +19,38 @@ build:
 	python setup.py build sdist bdist
 
 .PHONY: docs
-docs:
+docs: ## Create documentation
 	make -C docs html
 
 .PHONY: lint
-lint:
+lint: ## Run lint checks
 	tox -e lint
+	hadolint docker/Dockerfile
 
 .PHONY: clean
-clean:
+clean: ## Clean temporary files
 	rm -rf _trial_temp build dist src/_trial_temp src/Cowrie.egg-info
 	make -C docs clean
 
 .PHONY: pre-commit
-pre-commit:
+pre-commit: ## Run pre-commit checks
 	pre-commit run --all-files
 
 .PHONY: pip-upgrade
-pip-upgrade:
+pip-upgrade: ## Upgrade environment from requirements.txt
 	pip install --upgrade -r requirements.txt
 
 .PHONY: pip-check
-pip-check:
+pip-check: ## Verify python packages
 	pip check
 
 # This assumes two remotes, one is `origin`, your fork. The second is `cowrie` the main project
 .PHONY: git-remote
-git-remote:
+git-remote: ## Add remote git configuration
 	git remote add cowrie https://github.com/cowrie/cowrie
 
-.PHONY: dependency-upgrade
-dependency-upgrade:
+.PHONY: pur
+pip-pur: ## Upgrade dependencies based on latest packages
 	git checkout master
 	-git branch -D "dependency-upgrade-`date -u +%Y-%m-%d`"
 	git checkout -b "dependency-upgrade-`date -u +%Y-%m-%d`"
@@ -51,3 +58,81 @@ dependency-upgrade:
 	pur -r requirements-dev.txt
 	pur -r requirements-output.txt
 	git commit -m "dependency upgrade `date -u`" requirements*.txt
+# This Makefile is for developers and is not required to run Cowrie
+
+# The binary to build (just the basename).
+MODULE := cowrie
+
+# Where to push the docker image.
+#REGISTRY ?= docker.pkg.github.com/cowrie/cowrie
+REGISTRY ?= cowrie
+
+IMAGE := $(REGISTRY)/$(MODULE)
+
+IMAGENAME := cowrie/cowrie
+CONTAINERNAME := cowrie
+
+BUILD_DATE = $(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
+TAG=$(shell git rev-parse --short=8 HEAD)
+
+.PHONY: docker-build
+docker-build: docker/Dockerfile ## Build Docker image
+	#docker build -t ${IMAGENAME}:${TAG} --no-cache --build-arg TAG=${TAG} --build-arg BUILD_DATE=${BUILD_DATE} -f docker/Dockerfile .
+	docker build -t ${IMAGENAME}:${TAG} --build-arg BUILD_DATE=${BUILD_DATE} -f docker/Dockerfile .
+
+.PHONY: docker-run
+docker-run: docker-start ## Run Docker container
+
+.PHONY: docker-push
+docker-push: docker-build ## Push Docker image to Docker Hub
+	@echo "Pushing image to GitHub Docker Registry...\n"
+	docker push $(IMAGE):$(TAG)
+	docker tag $(IMAGE):$(TAG) $(IMAGE):latest
+	docker push $(IMAGE):latest
+
+.PHONY: docker-start
+docker-start: docker-create-volumes ## Start Docker container
+	docker run -p 2222:2222/tcp \
+		   -p 2223:2223/tcp \
+		   -v cowrie-etc:/cowrie/cowrie-git/etc \
+		   -v cowrie-var:/cowrie/cowrie-git/var \
+		   -d \
+		   --cap-drop=ALL \
+		   --read-only \
+	           --name ${CONTAINERNAME} ${IMAGENAME}:${TAG}
+
+.PHONY: docker-stop
+docker-stop: ## Stop Docker Container
+	docker stop ${CONTAINERNAME}
+
+.PHONY: docker-rm
+docker-rm: docker-stop ## Delete Docker Container
+	docker rm ${CONTAINERNAME}
+
+.PHONY: docker-clean
+docker-clean: docker-rm ## Clean
+	docker rmi ${IMAGENAME}:${TAG}
+
+.PHONY: docker-shell
+docker-shell: ## Start shell in running Docker container
+	@docker exec -it ${CONTAINERNAME} bash
+
+.PHONY: docker-logs
+docker-logs: ## Show Docker container logs
+	@docker logs ${CONTAINERNAME}
+
+.PHONY: docker-ps
+docker-ps:
+	@docker ps -f name=${CONTAINERNAME}
+
+.PHONY: docker-status
+docker-status: docker-ps ## List running Docker containers
+
+.PHONY: docker-ip
+docker-ip: ## List IP of running Docker container
+	@docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${CONTAINERNAME}
+
+.PHONY: docker-create-volumes
+docker-create-volumes:
+	docker volume create cowrie-var
+	docker volume create cowrie-etc
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 00000000..47070fc3
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,121 @@
+# This Dockerfile contains two images, `builder` and `runtime`.
+# `builder` contains all necessary code to build
+# `runtime` is stripped down.
+
+ARG ARCH=
+ARG BUILD_DATE
+ARG TAG
+FROM ${ARCH}debian:bullseye-slim as builder
+
+WORKDIR /
+
+# This is a temporary workaround, see https://github.com/cowrie/docker-cowrie/issues/26
+ENV CRYPTOGRAPHY_DONT_BUILD_RUST=1
+
+ENV COWRIE_GROUP=cowrie \
+    COWRIE_USER=cowrie \
+    COWRIE_HOME=/cowrie
+
+# Set locale to UTF-8, otherwise upstream libraries have bytes/string conversion issues
+ENV LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8
+
+RUN groupadd -r ${COWRIE_GROUP} && \
+    useradd -r -d ${COWRIE_HOME} -m -g ${COWRIE_GROUP} ${COWRIE_USER}
+
+# Set up Debian prereqs
+RUN export DEBIAN_FRONTEND=noninteractive; \
+    apt-get update && \
+    apt-get install -y \
+        -o APT::Install-Suggests=false \
+        -o APT::Install-Recommends=false \
+      python3-pip \
+      ca-certificates \
+      libffi-dev \
+      libssl-dev \
+      python3-dev \
+      python3-venv \
+      python3 \
+      rustc \
+      cargo \
+      git \
+      build-essential \
+      python3-virtualenv \
+      libsnappy-dev && \
+    rm -rf /var/lib/apt/lists/*
+
+USER ${COWRIE_USER}
+WORKDIR ${COWRIE_HOME}
+
+# Copy requirements first to use Docker caching better
+RUN mkdir -p ${COWRIE_HOME}/cowrie-git
+COPY --chown=${COWRIE_USER}:${COWRIE_GROUP} requirements.txt requirements-output.txt ${COWRIE_HOME}/cowrie-git
+
+RUN python3 -m venv cowrie-env && \
+    . cowrie-env/bin/activate && \
+    pip install --no-cache-dir --upgrade pip wheel setuptools && \
+    pip install --no-cache-dir --upgrade cffi && \
+    pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements.txt && \
+    pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements-output.txt
+
+COPY --chown=${COWRIE_USER}:${COWRIE_GROUP} . ${COWRIE_HOME}/cowrie-git
+
+
+FROM gcr.io/distroless/python3-debian11 AS runtime
+#FROM gcr.io/distroless/python3-debian11:debug AS runtime
+
+LABEL org.opencontainers.image.created="${BUILD_DATE}"
+LABEL org.opencontainers.image.authors="Michel Oosterhof <michel@oosterhof.net>"
+LABEL org.opencontainers.image.url="https://cowrie.org/"
+LABEL org.opencontainers.image.documentation="https://cowrie.readthedocs.io"
+LABEL org.opencontainers.image.source="https://github.com/cowrie/docker-cowrie"
+LABEL org.opencontainers.image.version="${TAG}"
+LABEL org.opencontainers.image.revision="Source control revision identifier for the packaged software."
+LABEL org.opencontainers.image.vendor="Cowrie"
+LABEL org.opencontainers.image.licenses="BSD-3-Clause"
+LABEL org.opencontainers.image.ref.name="${TAG}"
+LABEL org.opencontainers.image.title="Cowrie SSH/Telnet Honeypot"
+LABEL org.opencontainers.image.description="Cowrie SSH/Telnet Honeypot"
+#LABEL org.opencontainers.image.base.digest="7beb0248fd81"
+LABEL org.opencontainers.image.base.name="gcr.io/distroless/python3-debian11"
+
+ENV COWRIE_GROUP=cowrie \
+    COWRIE_USER=cowrie \
+    COWRIE_HOME=/cowrie
+
+#RUN groupadd -r ${COWRIE_GROUP} && \
+#    useradd -r -d ${COWRIE_HOME} -m -g ${COWRIE_GROUP} ${COWRIE_USER}
+COPY --from=builder --chown=0:0 /etc/passwd /etc/passwd
+
+#RUN export DEBIAN_FRONTEND=noninteractive; \
+#    apt-get update && \
+#    apt-get install -y \
+#        -o APT::Install-Suggests=false \
+#        -o APT::Install-Recommends=false \
+#      libssl1.1 \
+#      ca-certificates \
+#      libffi7 \
+#      procps \
+#      python3 \
+#      python3-distutils && \
+#    rm -rf /var/lib/apt/lists/* && \
+#    ln -s /usr/bin/python3 /usr/local/bin/python
+
+COPY --from=builder --chown=${COWRIE_USER}:${COWRIE_GROUP} ${COWRIE_HOME} ${COWRIE_HOME}
+
+RUN python3 -m compileall ${COWRIE_HOME} /usr/lib/python3.9
+
+VOLUME [ "/cowrie/cowrie-git/var", "/cowrie/cowrie-git/etc" ]
+
+USER ${COWRIE_USER}
+WORKDIR ${COWRIE_HOME}/cowrie-git
+
+ENV PATH=${COWRIE_HOME}/cowrie-env/bin:${PATH}
+ENV PYTHONPATH=${COWRIE_HOME}/cowrie-git/src
+ENV PYTHONUNBUFFERED=1
+
+ENTRYPOINT [ "/cowrie/cowrie-env/bin/python3" ]
+CMD [ "/cowrie/cowrie-env/bin/twistd", "-n", "--umask=0022", "--pidfile=", "cowrie" ]
+
+EXPOSE 2222 2223