Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shrink the size of mythic_python_base #4

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Shrink the size of mythic_python_base #4

wants to merge 2 commits into from
+8 −12

Conversation

DarkC0ntributor
Copy link

Shrink the size of python images from 1GB to ~200MB

@DarkC0ntributor
Shrink python size
88c9f6b 
Shrink size of python images from 1GB to ~200MB
@DarkC0ntributor
delete unused file
6532a67
@its-a-feature
Copy link
Contributor

Oh wow, that'll be super helpful! I'll do some testing to make sure it's not losing some functionality that agents are depending on (implicitly) for building, then i can pull it in

@its-a-feature
Copy link
Contributor

its-a-feature commented Jul 17, 2023
edited
Loading

This works nicely for this python image, but right now this mythic_python_base is used in the FROM clause for the other python-based images (mythic_python_dotnet and mythic_python_macos), both of which rely on a bunch of stuff that's stripped out from this version. For example, I edited this version to also copy over wget, but there's still an issue about a missing library:

 => [internal] load metadata for docker.io/library/python_test:latest                                                                                                                                                                        0.0s
 => CACHED [1/7] FROM docker.io/library/python_test                                                                                                                                                                                          0.0s
 => [internal] load build context                                                                                                                                                                                                            0.0s
 => => transferring context: 113B                                                                                                                                                                                                            0.0s
 => ERROR [2/7] RUN wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb &&     dpkg -i packages-microsoft-prod.deb &&     rm packages-microsoft-prod.deb                         0.2s
------
 > [2/7] RUN wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb &&     dpkg -i packages-microsoft-prod.deb &&     rm packages-microsoft-prod.deb:
#0 0.159 wget: error while loading shared libraries: libpsl.so.5: cannot open shared object file: No such file or directory
------
Dockerfile:4

This might be a useful as -slim versions. So, mythic_python_base-slim. Need to see if we can do something similar for the mythic_python_dotnet and mythic_python_macos images to make slim versions of those. That way people can use the slim if they can, or if they need extra components, they can always use the base images

@DarkC0ntributor
Copy link
Author

DarkC0ntributor commented Jul 26, 2023
edited
Loading

It's been quite a while since I played with C# but starting the _dotnet with

RUN apt-get -y update && \
    apt-get -y upgrade && \
    apt-get install --no-install-recommends \
      wget -y  && \
    apt-get purge -y && \
    rm -rf /var/lib/apt/lists/* && \
    apt-get clean

(installing wget, not copying it)
got me quite far:

dpkg: dependency problems prevent configuration of monodoc-http:
 monodoc-http depends on mono-xsp4 | mono-apache-server4 | mono-fastcgi-server4; however:
  Package mono-xsp4 is not configured yet.
  Package mono-apache-server4 is not installed.
  Package mono-fastcgi-server4 is not installed.

dpkg: error processing package monodoc-http (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 mono-xsp4
 monodoc-http
E: Sub-process /usr/bin/dpkg returned an error code (1)
Error: building at STEP "RUN apt-get -y update &&     apt-get -y autoremove &&     apt-get clean &&     apt install --no-install-recommends -y apt-transport-https dirmngr gnupg ca-certificates &&     apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF &&     echo "deb https://download.mono-project.com/repo/debian stable-buster main" | tee /etc/apt/sources.list.d/mono-official-stable.list &&     apt update && apt-get install --no-install-recommends nuget     libreadline-dev llvm libncurses5-dev libncursesw5-dev mono-complete gcc-mingw-w64  -y &&     wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh &&     chmod +x dotnet-install.sh &&     ./dotnet-install.sh --channel 7.0 &&     rm dotnet-install.sh &&     rm -rf /var/lib/apt/lists/*": while running runtime: exit status 100

I wanted to fix that by using a bookworm release instead of the buster one
but it seems download.mono-project.com does not have bookworm releases.

Maybe bookworm's mono works as well?

Or of course base everything on python:3.11-slim-buster (I only picked bookworm because buster was no longer listed on docker hub. But it still works fine). It should be the same as python:3.11-buster only with less packets preinstalled (but still available). And after installing wget the dotnet Dockerfile works with it.

If there where a special slim version, it could also be based on alpine. That would save another 100MB. However, alpine can be tricky.

FROM python:3.11-alpine as base
ARG CA_CERTIFICATE
ARG NPM_REGISTRY
ARG PYPI_INDEX
ARG PYPI_INDEX_URL
ARG DOCKER_REGISTRY_MIRROR
ARG HTTP_PROXY
ARG HTTPS_PROXY

FROM base as builder

RUN apk add --update \
    gcc \
    g++ \
    make \
    musl-dev \
    python3-dev \
    libc6-compat \
    linux-headers

RUN pip install mythic-container pycryptodome

FROM base
COPY --from=builder /usr/local/lib/python3.11/ /usr/local/lib/python3.11/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DarkC0ntributor @its-a-feature