49 lines
1.7 KiB
Docker
49 lines
1.7 KiB
Docker
# Multi-stage build: Use Alpine for building, scratch for final image
|
|
FROM alpine:latest AS build
|
|
|
|
# Install build dependencies
|
|
# build-base: gcc, make, and essential build tools
|
|
# musl-dev: C library headers for static linking
|
|
# linux-headers: Kernel headers for system calls
|
|
# upx: Ultimate Packer for eXecutables - binary compression tool
|
|
RUN apk add --no-cache build-base musl-dev linux-headers upx
|
|
|
|
# Set working directory for all subsequent operations
|
|
WORKDIR /src
|
|
|
|
# Copy all yescrypt source and header files flat
|
|
COPY yescrypt/*.h .
|
|
COPY yescrypt/yescrypt-ref.c .
|
|
COPY yescrypt/yescrypt-common.c .
|
|
COPY yescrypt/sha256.c .
|
|
COPY yescrypt/insecure_memzero.c .
|
|
|
|
# Copy main bruteforce source code
|
|
COPY bruteforce.c .
|
|
|
|
# Basic compilation with size optimization
|
|
# -static: Create statically linked executable (no external dependencies)
|
|
# -Os: Optimize for size, not speed
|
|
# -s: Strip all symbol table and relocation information
|
|
RUN gcc -static -Os -s -o bruteforce \
|
|
bruteforce.c \
|
|
yescrypt-ref.c \
|
|
yescrypt-common.c \
|
|
sha256.c \
|
|
insecure_memzero.c \
|
|
# Basic binary stripping:
|
|
# --strip-all: Remove all symbol and debug information
|
|
# --remove-section=.comment: Remove compiler/version comments
|
|
&& strip --strip-all --remove-section=.comment bruteforce \
|
|
# UPX compression with standard settings:
|
|
# --ultra-brute: Try all compression methods and use the best result
|
|
&& upx --ultra-brute bruteforce
|
|
|
|
# Final stage: Start with completely empty image (scratch)
|
|
FROM scratch
|
|
|
|
# Copy only the final compressed binary from build stage
|
|
COPY --from=build /src/bruteforce /
|
|
|
|
# Set the default command for the container
|
|
ENTRYPOINT ["/bruteforce"] |