-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathsetupdocker
More file actions
executable file
·209 lines (169 loc) · 7.29 KB
/
setupdocker
File metadata and controls
executable file
·209 lines (169 loc) · 7.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
#!/usr/bin/env bash
# --- CONFIGURATION ---
TOOL_NAME="storm"
REPO_NAME="storm-framework"
GITHUB_REPO="https://github.com/StormWorld0/$REPO_NAME.git"
# Color
GREEN='\033[92m'
RED='\033[91m'
BLUE='\033[94m'
NC='\033[0m'
write_to_file() {
local content=$1
local file=$2
local append=$3
if [ "$append" = true ]; then
echo "$content" | sudo tee -a "$file" > /dev/null
else
echo "$content" | sudo tee "$file" > /dev/null
fi
}
# -----------------------------------------------------------------------------
# --- AUTOMATIC ENVIRONMENT DETECTION & PATH CONFIGURATION ---
# -----------------------------------------------------------------------------
# Standard Linux Environment
echo -e "${GREEN}[!] Environment detected: Standard Linux${NC}"
BIN_DIR="/usr/local/bin"
SHEBANG_PATH="#!/usr/bin/env bash"
PYTHON_CMD="python3"
INSTALL_DIR="/opt/$REPO_NAME"
# Kita hanya menginstal dependensi inti untuk orkestrasi di Host, termasuk Docker.
# Compiler berat (golang, rust, dll) akan dipindahkan ke dalam Dockerfile.
sudo apt update
sudo apt install -y jq python3 git openssl docker.io
# -----------------------------------------------------------------------------
echo -e "${GREEN}[!] Start Installation: ${REPO_NAME} [!] ${NC}"
# Check Python and Git (Dan Docker)
if ! command -v git &> /dev/null; then
echo -e "${RED}[x] ERROR: Git not found. Install Git first.${NC}"
exit 1
fi
if ! command -v "$PYTHON_CMD" &> /dev/null; then
echo -e "${RED}[x] ERROR: Python not found. Make sure $PYTHON_CMD installed.${NC}"
exit 1
fi
if ! command -v docker &> /dev/null; then
echo -e "${RED}[x] ERROR: Docker not found. Make sure Docker is installed and running.${NC}"
exit 1
fi
# Installation Directory Preparation
if [ -d "$INSTALL_DIR" ]; then
echo -e "${GREEN}[-] Remove old installations.${NC}"
cd ~
sudo rm -rf "$INSTALL_DIR"
fi
echo -e "${GREEN}[+] Create installation directory${NC}"
# Mengecek apakah script sedang berjalan di dalam GitHub Actions
if [ "$GITHUB_ACTIONS" == "true" ]; then
echo -e "${BLUE}[*] CI Environment detected. Injecting local branch code...${NC}"
# Salin semua file dari branch lokal (DevExperiment) ke folder instalasi
# Ini menghindari git clone yang secara otomatis menarik branch main
sudo cp -a . "$INSTALL_DIR"
else
echo -e "${BLUE}[*] Production Environment detected. Cloning repository...${NC}"
# Pengguna asli tetap akan mengunduh dari internet
sudo mkdir -p "$INSTALL_DIR"
sudo git clone "$GITHUB_REPO" "$INSTALL_DIR"
fi
if [ $? -ne 0 ]; then
echo -e "${RED}[x] ERROR: Failed to clone repository.${NC}"
sudo rm -rf "$INSTALL_DIR"
exit 1
fi
# Validasi apakah folder berhasil terisi
if [ ! -f "$INSTALL_DIR/pyproject.toml" ]; then
echo -e "${RED}[x] ERROR: Failed to prepare repository files.${NC}"
sudo rm -rf "$INSTALL_DIR"
exit 1
fi
# Install Python Dependencies (Diubah menjadi proses Build Docker Image)
if [ -f "$INSTALL_DIR/pyproject.toml" ]; then
echo -e "${GREEN}[+] Installing Python dependencies and Building Image.${NC}"
CREATE_DOCKERFILE="FROM python:3.13-slim
RUN apt-get update && apt-get install -y git golang build-essential libpcap-dev clang ffmpeg openssl cargo pkg-config libssl-dev rustc python3-dev
WORKDIR $INSTALL_DIR
COPY . $INSTALL_DIR
RUN pip install --upgrade pip setuptools wheel
RUN pip install --no-cache-dir $INSTALL_DIR/."
write_to_file "$CREATE_DOCKERFILE" "$INSTALL_DIR/Dockerfile" false
echo -e "${BLUE}[*] Initiating Docker Build Process...${NC}"
# Mengecek apakah script sedang berjalan di dalam GitHub Actions (CI/CD) atau di Produksi
if [ "$GITHUB_ACTIONS" == "true" ]; then
echo -e "${BLUE}[*] CI Environment detected.${NC}"
sudo -E docker buildx build -t "$REPO_NAME" \
--cache-from type=gha \
--cache-to type=gha,mode=max \
--load "$INSTALL_DIR"
else
echo -e "${BLUE}[*] Production Environment detected.${NC}"
sudo docker build -t "$REPO_NAME" "$INSTALL_DIR"
fi
# PENERAPAN FAIL-FAST
if [ $? -ne 0 ]; then
echo -e "${RED}[x] FATAL ERROR: Failed to build Docker Image and Python dependencies.${NC}"
echo -e "${RED}[x] Halting installation to prevent downstream failures.${NC}"
exit 1
fi
fi
# Run binary compilation
if [ -d "$INSTALL_DIR" ]; then
cd "$INSTALL_DIR" || { echo -e "${RED}[x] ERROR: Cannot access $INSTALL_DIR${NC}"; }
fi
# Menyuntikkan -e GOFLAGS="-buildvcs=false" untuk mematikan VCS stamping
sudo docker run --rm -e GOFLAGS="-buildvcs=false" -v "$INSTALL_DIR":"$INSTALL_DIR" -w "$INSTALL_DIR" "$REPO_NAME" "$PYTHON_CMD" -m scripts.cpl.compiler
cd "$INSTALL_DIR" || { echo -e "${RED}[x] ERROR: Lost track of directory!${NC}"; exit 1; }
# --- Security Identity Generation (Version: The 60-Char Fix) ---
if [ ! -f .env ]; then
echo -e "[+] Generating unique security keys via OpenSSL..."
# Generate Private Key
PRIV_KEY=$(openssl genpkey -algorithm ed25519 2>/dev/null | openssl pkey -outform DER 2>/dev/null | base64 -w 0 | tr -d '[:space:]')
# Generate Public Key
PUB_KEY=$(echo -n "$PRIV_KEY" | base64 -d | openssl pkey -inform DER -pubout -outform DER 2>/dev/null | base64 -w 0 | tr -d '[:space:]')
# This code just adds '=' when PUBKEY is only 59 characters long
# Rust with its dependencies is very sensitive, it doesn't want anything odd.
# Storm's security logic is written in Rust, and this Key is to make it run.
if [ ${#PUB_KEY} -eq 59 ]; then
PUB_KEY="${PUB_KEY}="
fi
# This code will insert the key into .env
# This is very crucial because if there is only 1 space it will not be usable.
write_to_file "STORM_PRIVKEY=${PRIV_KEY}" ".env" false
write_to_file "STORM_PUBKEY=${PUB_KEY}" ".env" true
echo -e "[✓] Security identity created successfully."
fi
# This ensures that the command always matches the environment.
sudo chmod 600 .env
# Sign dieksekusi di dalam Docker, karena librari kriptografinya ada di dalam image
sudo docker run --rm -v "$INSTALL_DIR":"$INSTALL_DIR" -w "$INSTALL_DIR" "$REPO_NAME" python3 -m scripts.security.sign
# Creating a Dynamic Wrapper Script
WRAPPER_DST="$BIN_DIR/$TOOL_NAME"
# Create wrapper content in variables for easy management
CREATE_WRAPPER="${SHEBANG_PATH}
PROJECT_DIR=\"$INSTALL_DIR\"
cd \"\$PROJECT_DIR\" || { echo \"[x] ERROR: Failed to access project directory.\"; exit 1; }
# Cek apakah descriptor 1 (STDOUT) terhubung ke terminal asli (TTY)
if [ -t 1 ]; then
TTY_FLAG=\"-it\"
else
TTY_FLAG=\"\"
fi
DOCKER_CMD=\"sudo docker run \$TTY_FLAG --rm --network host -v \$PROJECT_DIR:\$PROJECT_DIR -w \$PROJECT_DIR $REPO_NAME\"
if [ \"\$1\" == \"--update\" ] && [ \$# -eq 1 ]; then
exec \$DOCKER_CMD ./smfupdate
elif [ \$# -eq 0 ]; then
if [ ! -f \"./smfstart\" ]; then
exec \$DOCKER_CMD ./smfupdate
else
exec \$DOCKER_CMD ./smfstart
fi
else
echo \"[x] Error: Command '\$@' not found.\"
exit 1
fi"
write_to_file "$CREATE_WRAPPER" "$WRAPPER_DST" false
sudo chmod +x "$WRAPPER_DST"
echo -e "${GREEN}####################################################${NC}"
echo -e "${GREEN}[✓] INSTALLATION COMPLETE${NC}"
echo -e "${GREEN}[✓] PATH STORM: ${INSTALL_DIR}${NC}"
echo -e "${GREEN}[✓] PATH WRAPPER: ${BIN_DIR}/${TOOL_NAME}${NC}"
echo -e "${GREEN}####################################################${NC}"