PCILeechFWGenerator/Containerfile at main · VoltCyclone/PCILeechFWGenerator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Note: Kernel module (donor_dump) should be built on target system, not in container
# The module requires kernel headers matching the host kernel version
# Build instructions are available in src/donor_dump/Makefile

# ---------- build stage for VFIO constants ----------
FROM ubuntu:24.04 AS build

ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 LC_ALL=C.UTF-8 TZ=UTC \
    PIP_BREAK_SYSTEM_PACKAGES=1

# ── base build deps ──────────────────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
        python3 python3-pip build-essential \
        linux-headers-generic \
        pciutils kmod ca-certificates git && \
    rm -rf /var/lib/apt/lists/*

WORKDIR /src

# ── Clone voltcyclone-fpga repository during build ───────────────────────────
# This eliminates user errors with git submodules
RUN mkdir -p lib && \
    git clone --depth 1 https://github.com/VoltCyclone/voltcyclone-fpga.git lib/voltcyclone-fpga && \
    echo "✓ voltcyclone-fpga cloned successfully" && \
    ls -la lib/voltcyclone-fpga/

# ── VFIO constants patching ───────────────────────────────────────────────────
COPY vfio_helper.c patch_vfio_constants.py build_vfio_constants.sh ./
COPY src/cli/vfio_constants.py ./src/cli/
RUN mkdir -p src/cli && \
    chmod +x build_vfio_constants.sh && \
    (./build_vfio_constants.sh && cp src/cli/vfio_constants.py vfio_constants_patched.py) || \
    (echo "⚠ VFIO constants build failed, using original" && cp src/cli/vfio_constants.py vfio_constants_patched.py) && \
    echo "Content of patched file:" && head -20 vfio_constants_patched.py | grep -A 10 "Ioctl numbers" || echo "No ioctl numbers section found"

# ---------- runtime ----------
FROM ubuntu:24.04 AS runtime

ENV DEBIAN_FRONTEND=noninteractive \
    LANG=C.UTF-8 LC_ALL=C.UTF-8 TZ=UTC \
    PCILEECH_PRODUCTION_MODE=true \
    PCILEECH_ALLOW_MOCK_DATA=false \
    PCILEECH_CONTAINER_MODE=true

RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        python3 python3-pip pciutils bsdextrautils kmod ca-certificates git sudo \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Create non-root user with limited sudo for VFIO module loading only
RUN useradd -m -r appuser && \
    echo "appuser ALL=(ALL) NOPASSWD: /sbin/modprobe vfio*, /sbin/modprobe -- vfio*" >> /etc/sudoers && \
    echo "Defaults !requiretty" >> /etc/sudoers

WORKDIR /app

# Copy requirements and install Python dependencies
COPY requirements.txt requirements-tui.txt ./
RUN pip3 install --no-cache-dir -r requirements.txt -r requirements-tui.txt

# Copy application files
COPY src ./src
COPY configs ./configs
COPY pcileech.py .
COPY pyproject.toml setup.py setup.cfg ./

# Install the package itself so `from pcileechfwgenerator.xxx` imports work
# Note: Use regular install (not editable) since source is copied, not mounted
# SETUPTOOLS_SCM_PRETEND_VERSION is required because .git is not copied into the container,
# and setuptools-scm needs it to infer version. We also upgrade setuptools so that
# setuptools-scm>=8 (pulled by pip) is compatible (requires setuptools>=61).
RUN pip3 install --no-cache-dir --upgrade setuptools && \
    SETUPTOOLS_SCM_PRETEND_VERSION=0.0.0 pip3 install --no-cache-dir . && \
    python3 -c "import pcileechfwgenerator; print('✓ pcileechfwgenerator installed successfully')" && \
    python3 -c "from pcileechfwgenerator.string_utils import safe_format; print('✓ string_utils imports work')"

# Copy voltcyclone-fpga from build stage (cloned during build)
COPY --from=build /src/lib/voltcyclone-fpga ./lib/voltcyclone-fpga

# Copy the patched VFIO constants from build stage
COPY --from=build /src/vfio_constants_patched.py ./src/cli/vfio_constants.py

# Ensure __init__.py files exist in directories that don't have them
# IMPORTANT: Do NOT overwrite existing __init__.py files that have actual content
RUN for dir in $(find ./src -type d); do \
        if [ ! -f "$dir/__init__.py" ]; then \
            touch "$dir/__init__.py"; \
        fi; \
    done

# Copy and setup entrypoint
COPY entrypoint.sh /usr/local/bin/entrypoint
RUN chmod 755 /usr/local/bin/entrypoint

# Set up environment and permissions
# NOTE: Only /app should be in PYTHONPATH - the pcileechfwgenerator package is installed
# Adding /app/src causes module import conflicts with the installed package
ENV PYTHONPATH=/app
RUN mkdir -p /app/output && chown appuser /app/output

# Health check to verify essential dependencies
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD python3 -c "import psutil, pydantic, sys; sys.exit(0)" || exit 1

USER appuser
ENTRYPOINT ["entrypoint"]