Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add writeup for registry #6

Merged
merged 3 commits into from
Nov 26, 2024
Merged

add writeup for registry #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f27162f
add writeup for registry
keltecc Nov 25, 2024
2a63810
Fix styling
b1r1b1r1 Nov 26, 2024
4481c24
Fix lint
b1r1b1r1 Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions assets/scss/post.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,9 @@

li {
text-indent: -2ch;
> p {
display: inline;
}
}

> li::before {
Expand Down
74 changes: 74 additions & 0 deletions content/blog/ctfzone2024-registry/build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
#!/bin/bash
# This software is designed to flatten and minimize docker images.
# It changes the base of the docker image and compresses
# all the layers above it into a single layer.
set -uo pipefail

REPO=$1
IMAGE_DIR=$2
MAX_LAYERS_COUNT=5
SERVICE_PASSWORD=$(cat /configs/.service_password | tr -d '\n')

echo "Downloading $REPO to $IMAGE_DIR"
mkdir $IMAGE_DIR
skopeo login --tls-verify=false -u $SERVICE_USER -p $SERVICE_PASSWORD $REGISTRY_HOST:$REGISTRY_PORT
skopeo copy --tls-verify=false docker://$REGISTRY_HOST:$REGISTRY_PORT/$REPO:latest docker-archive://$IMAGE_DIR.tar

tar -C $IMAGE_DIR -xf $IMAGE_DIR.tar
rm -f $IMAGE_DIR.tar

CONFIGNAME=$(jq -r '.[0].Config' $IMAGE_DIR/manifest.json)

LAYERS_COUNT=$(jq -r '.rootfs.diff_ids | length' $IMAGE_DIR/$CONFIGNAME)
if [ $LAYERS_COUNT -gt $MAX_LAYERS_COUNT ]; then
echo "Too many layers";
exit 1
fi
LAYERS=$(jq -r ".rootfs.diff_ids[1:$MAX_LAYERS_COUNT][]" $IMAGE_DIR/$CONFIGNAME)
BASE_LAYER=$(jq -r ".rootfs.diff_ids[0]" $IMAGE_DIR/$CONFIGNAME | sed "s/sha256://g")

# unpack layers
cd $IMAGE_DIR
mkdir .overlay
i=1
for l in $LAYERS; do
LAYER=$(printf "$l"| sed "s/sha256://g").tar
echo $LAYER
tar -C .overlay -xf $LAYER --overwrite
i=$((i+1))
rm -f $IMAGE_DIR/$LAYER
done

echo "creating tar from overlay"
tar -cf flattened.tar -C .overlay/ .
rm -rf .overlay/
FLATTENED=$(sha256sum flattened.tar | awk '{ printf $1 }')
mv flattened.tar $FLATTENED.tar

echo "replacing first layer with appropriate base"
NEW_BASE=$(sha256sum /app/base.tar | awk '{ printf $1 }')
rm -f "$IMAGE_DIR/$BASE_LAYER.tar"
cp /app/base.tar $IMAGE_DIR/$NEW_BASE.tar

echo "fixing configs"
jq -rM ".history |= [] | .rootfs.diff_ids |= [\"sha256:$NEW_BASE\",\"sha256:$FLATTENED\"]" $CONFIGNAME > $CONFIGNAME.new
rm -f $CONFIGNAME

# rename Config
CONFIGHASH=$(sha256sum $CONFIGNAME.new | awk '{ printf $1 }')
mv $CONFIGNAME.new $CONFIGHASH.json

# fix Config in manifest.json
sed -i "s/$CONFIGNAME/$CONFIGHASH.json/g" $IMAGE_DIR/manifest.json

# fix layers in manifest.json
jq -rM ".[0].Layers |= [\"$NEW_BASE.tar\",\"$FLATTENED.tar\"]" $IMAGE_DIR/manifest.json > $IMAGE_DIR/manifest.json.new
rm -f manifest.json
mv -f manifest.json.new manifest.json

find . -type d -exec rm -rf {} ';' 2>/dev/null

tar -cf $IMAGE_DIR.tar -C $IMAGE_DIR .
rm -rf $IMAGE_DIR
echo "image builed: $IMAGE_DIR.tar, pushing to $REGISTRY_HOST:$REGISTRY_PORT/$REPO:latest"
skopeo copy --tls-verify=false docker-archive://$IMAGE_DIR.tar docker://$REGISTRY_HOST:$REGISTRY_PORT/$REPO:latest
Loading