From 63b690f228086994cf08788a81896d11c9a8c5bb Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 00:03:45 +0100 Subject: [PATCH 01/15] GITHUB ACTIONS::IMPROVEMENTS:: remove set-env deprecated command --- .github/workflows/docker-dev.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/docker-dev.yml b/.github/workflows/docker-dev.yml index 1137516c..1d717b02 100644 --- a/.github/workflows/docker-dev.yml +++ b/.github/workflows/docker-dev.yml @@ -26,8 +26,7 @@ jobs: - uses: actions/checkout@v2 - name: Prepare build run: | - GITHUB_LOWERCASE_REPO=`echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]'` - echo "::set-env name=github_lowercase_repo::${GITHUB_LOWERCASE_REPO}" + echo "github_lowercase_repo=`echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]'`" >> $GITHUB_ENV - uses: whoan/docker-build-with-cache-action@v5 with: From d67817502cf97ec6f19e2f8b4a83d87a8fedba54 Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 00:09:38 +0100 Subject: [PATCH 02/15] GITHUB ACTIONS::TEMPORARY:: add docker branch to trigger --- .github/workflows/docker-dev.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker-dev.yml b/.github/workflows/docker-dev.yml index 1d717b02..fee3e647 100644 --- a/.github/workflows/docker-dev.yml +++ b/.github/workflows/docker-dev.yml @@ -4,6 +4,7 @@ on: push: branches: - dev + - docker env: FAUP_VERSION: 1.5 From 9ce7985abc3575cd56920c948267c6edd9a102f4 Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 00:15:14 +0100 Subject: [PATCH 03/15] FILTERS::DEPRECATION:: remove DGA from default compilation - DGA removed from default cmake filters to compile - DGA/tensorflow removed from compilation on docker builds --- CMakeLists.txt | 1 - docker/darwin | 75 ++++++++++++++------------------------------------ 2 files changed, 20 insertions(+), 56 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 114bee3c..c1e0af7a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -22,7 +22,6 @@ if (NOT DEFINED FILTER) FILTERS HOSTLOOKUP SESSION - DGA CONNECTION TANOMALY ANOMALY diff --git a/docker/darwin b/docker/darwin index 62f3d3b1..e14aec5b 100644 --- a/docker/darwin +++ b/docker/darwin @@ -3,7 +3,8 @@ FROM ubuntu:18.04 AS faup_builder ARG FAUP_VERSION WORKDIR /root -RUN apt-get update && apt-get install -y\ +RUN apt-get update && apt-get install -y --no-install-recommends\ + ca-certificates\ wget\ cmake\ g++\ @@ -14,7 +15,7 @@ RUN wget https://github.com/stricaud/faup/archive/v${FAUP_VERSION}.tar.gz \ && mkdir faup/build || true \ && cd faup/build \ && cmake .. \ - && make -j2 install DESTDIR=../install + && make -j4 install DESTDIR=../install @@ -23,13 +24,12 @@ FROM ubuntu:18.04 as boost_builder ARG BOOST_VERSION WORKDIR /root -RUN apt-get update && apt-get install -y\ +RUN apt-get update && apt-get install -y --no-install-recommends\ wget\ cmake\ g++\ pkg-config\ - ca-certificates\ - && rm -rf /var/lib/apt/lists/* + ca-certificates RUN BOOST_UNDERSCORE_VERSION=`echo ${BOOST_VERSION} | tr . _` \ && wget https://dl.bintray.com/boostorg/release/${BOOST_VERSION}/source/boost_${BOOST_UNDERSCORE_VERSION}.tar.gz \ && mkdir boost \ @@ -47,18 +47,20 @@ ARG MLPACK_VERSION WORKDIR /root COPY --from=boost_builder /root/boost/install/ /usr/local/ -RUN apt-get update && apt-get install -y\ +RUN apt-get update && apt-get install -y --no-install-recommends\ wget\ cmake\ + make\ + xz-utils\ + gcc\ g++\ git\ liblapacke-dev\ libopenblas-dev\ - ca-certificates\ - && rm -rf /var/lib/apt/lists/* -RUN wget https://gitlab.com/conradsnicta/armadillo-code/-/archive/${ARMADILLO_VERSION}/armadillo-code-${ARMADILLO_VERSION}.tar.gz \ + ca-certificates +RUN wget https://sourceforge.net/projects/arma/files/armadillo-${ARMADILLO_VERSION}.tar.xz \ && mkdir armadillo-code \ - && tar xvf armadillo-code-${ARMADILLO_VERSION}.tar.gz -C armadillo-code --strip-components 1 + && tar xvf armadillo-${ARMADILLO_VERSION}.tar.xz -C armadillo-code --strip-components 1 RUN wget https://github.com/mlpack/mlpack/archive/${MLPACK_VERSION}.tar.gz \ && mkdir mlpack \ && tar xvf ${MLPACK_VERSION}.tar.gz -C mlpack --strip-components 1 \ @@ -66,42 +68,8 @@ RUN wget https://github.com/mlpack/mlpack/archive/${MLPACK_VERSION}.tar.gz \ && mkdir build\ && cd build\ && cmake .. -DBUILD_TESTS=OFF -DBUILD_CLI_EXECUTABLES=OFF -DBUILD_PYTHON_BINDINGS=OFF -DFORCE_CXX11=ON -DUSE_OPENMP=ON -DBUILD_SHARED_LIBS=OFF -DARMADILLO_INCLUDE_DIR=/root/armadillo-code/include/ -DCMAKE_INSTALL_PREFIX:PATH=../install\ - && make -j2 install - - - -#TENSORFLOW -FROM ubuntu:18.04 AS tensorflow_builder -ARG TF_VERSION -#disable optimisations done for "recent" processor architectures -ENV CC_OPT_FLAGS="-march=native" - -RUN apt-get update && apt-get install -y \ - build-essential \ - curl \ - git \ - cmake \ - unzip \ - autoconf \ - autogen \ - libtool \ - mlocate \ - zlib1g-dev \ - g++-7 \ - python \ - python3-numpy \ - python3-dev \ - python3-pip \ - python3-wheel \ - sudo \ - wget && rm -rf /var/lib/apt/lists/* -RUN wget https://github.com/FloopCZ/tensorflow_cc/archive/v${TF_VERSION}.tar.gz \ - && mkdir tensorflow_cc \ - && tar xvf v${TF_VERSION}.tar.gz -C tensorflow_cc --strip-components 1 \ - && cd tensorflow_cc/tensorflow_cc \ - && mkdir build && cd build \ - && cmake .. \ - && make install + && make -j16 install + # YARA FROM ubuntu:18.04 AS yara_builder @@ -116,6 +84,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ libpcre3\ make\ g++\ + gcc\ + pkg-config\ wget\ autoconf\ automake\ @@ -127,7 +97,7 @@ RUN wget https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz \ && cd yara\ && ./bootstrap.sh\ && ./configure\ - && make -j2 install DESTDIR=`pwd`/install + && make -j4 install DESTDIR=`pwd`/install @@ -154,16 +124,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ python3-dev\ python3-pip\ python3-setuptools\ - python3-wheel &&\ - rm -rf /var/lib/apt/lists/* + python3-wheel COPY --from=faup_builder /root/faup/install/ / COPY --from=mlpack_builder /root/mlpack/install/ / COPY --from=mlpack_builder /root/armadillo-code/ /root/armadillo-code/ COPY --from=boost_builder /root/boost/install/ /usr/local/ -COPY --from=tensorflow_builder /usr/local/lib/tensorflow_cc /usr/local/lib/tensorflow_cc -COPY --from=tensorflow_builder /usr/local/include/tensorflow /usr/local/include/tensorflow -COPY --from=tensorflow_builder /usr/local/lib/cmake/TensorflowCC /usr/local/lib/cmake/TensorflowCC COPY --from=yara_builder /root/yara/install/ / COPY . /home/darwin @@ -172,7 +138,7 @@ WORKDIR /home/darwin RUN mkdir filters || rm -rf filters/*\ && cd filters \ && cmake .. -DARMADILLO_INCLUDE_DIR=/root/armadillo-code/include/\ - && make -j2 + && make -j4 RUN pip3 install -r manager/requirements.txt\ && pip3 install -r tests/requirements.txt @@ -195,8 +161,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ python3-setuptools \ python3-wheel \ python3-psutil \ - python3-redis \ - && rm -rf /var/lib/apt/lists/* + python3-redis RUN pip3 install jsonschema==3.2.0 From 4a4b0b631ccadccba3f7c93db417bba2d8687779 Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 00:19:53 +0100 Subject: [PATCH 04/15] GITHUB ACTIONS::IMPROVEMENTS:: remove set-env deprecated command (release actions) --- .github/workflows/docker-releases.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index 70bffcea..ffb4f135 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -25,10 +25,8 @@ jobs: - uses: actions/checkout@v2 - name: Prepare build run: | - GITHUB_LOWERCASE_REPO=`echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]'` - GITHUB_TAG=`echo "${{ github.ref }}" | cut -d / -f 3` - echo "::set-env name=github_lowercase_repo::${GITHUB_LOWERCASE_REPO}" - echo "::set-env name=tag_name::${GITHUB_TAG}" + echo "github_lowercase_repo=`echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]'`" >> $GITHUB_ENV + echo "tag_name=`echo "${{ github.ref }}" | cut -d / -f 3`" >> $GITHUB_ENV - uses: whoan/docker-build-with-cache-action@v5 with: From 501971ee5da1134000f4ebe0d237210902bf4354 Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 00:20:18 +0100 Subject: [PATCH 05/15] GITHUB ACTIONS::TEMPORARY:: add docker branch to trigger (release actions) --- .github/workflows/docker-releases.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index ffb4f135..a7de57e3 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -4,6 +4,7 @@ on: release: types: - published + - docker env: FAUP_VERSION: 1.5 From aae9829848867259ced551f3737dab9b740b3043 Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 00:31:33 +0100 Subject: [PATCH 06/15] GITHUB ACTIONS::FIX:: fix armadillo version --- .github/workflows/docker-dev.yml | 2 +- .github/workflows/docker-releases.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-dev.yml b/.github/workflows/docker-dev.yml index fee3e647..7e45762d 100644 --- a/.github/workflows/docker-dev.yml +++ b/.github/workflows/docker-dev.yml @@ -9,7 +9,7 @@ on: env: FAUP_VERSION: 1.5 BOOST_VERSION: 1.71.0 - ARMADILLO_VERSION: 9.900.x + ARMADILLO_VERSION: 9.900.4 MLPACK_VERSION: 3.4.0 TF_VERSION: 1.13.0 YARA_VERSION: 3.11.0 diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index a7de57e3..faf487b8 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -9,7 +9,7 @@ on: env: FAUP_VERSION: 1.5 BOOST_VERSION: 1.71.0 - ARMADILLO_VERSION: 9.900.x + ARMADILLO_VERSION: 9.900.4 MLPACK_VERSION: 3.4.0 TF_VERSION: 1.13.0 YARA_VERSION: 3.11.0 From f1915ca1794bf9652faf0a004bea7c92916dae86 Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 08:54:34 +0100 Subject: [PATCH 07/15] GITHUB ACTIONS::FIX:: use armadillo 9.900.1 for Mlpack 3.4.0 --- .github/workflows/docker-releases.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index faf487b8..40d30cf6 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -9,7 +9,7 @@ on: env: FAUP_VERSION: 1.5 BOOST_VERSION: 1.71.0 - ARMADILLO_VERSION: 9.900.4 + ARMADILLO_VERSION: 9.900.1 MLPACK_VERSION: 3.4.0 TF_VERSION: 1.13.0 YARA_VERSION: 3.11.0 From f77152ded41092d48905a3ad8150dcc2fa7b115c Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 08:55:06 +0100 Subject: [PATCH 08/15] GITHUB ACTIONS::IMPROVEMENTS:: concentrate jobs in a single file --- .github/workflows/docker-dev.yml | 47 --------------------------- .github/workflows/docker-releases.yml | 38 +++++++++++++++++++++- 2 files changed, 37 insertions(+), 48 deletions(-) delete mode 100644 .github/workflows/docker-dev.yml diff --git a/.github/workflows/docker-dev.yml b/.github/workflows/docker-dev.yml deleted file mode 100644 index 7e45762d..00000000 --- a/.github/workflows/docker-dev.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: docker dev - -on: - push: - branches: - - dev - - docker - -env: - FAUP_VERSION: 1.5 - BOOST_VERSION: 1.71.0 - ARMADILLO_VERSION: 9.900.4 - MLPACK_VERSION: 3.4.0 - TF_VERSION: 1.13.0 - YARA_VERSION: 3.11.0 - DOCKER_REPO: vultureproject - DOCKER_USER: vultureworker - IMAGE_NAME: darwin - IMAGE_TAG: dev - -jobs: - - darwin-docker-dev: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Prepare build - run: | - echo "github_lowercase_repo=`echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]'`" >> $GITHUB_ENV - - - uses: whoan/docker-build-with-cache-action@v5 - with: - image_name: ${{ env.IMAGE_NAME }} - username: ${{ github.actor }} - password: ${{ secrets.DEPLOY_TOKEN }} - registry: docker.pkg.github.com/${{ env.github_lowercase_repo }} - image_tag: ${{ env.IMAGE_TAG }} - dockerfile: docker/darwin - build_extra_args: --target darwin_builder --cpuset-cpus 0,1 --build-arg FAUP_VERSION=${{ env.FAUP_VERSION }} --build-arg BOOST_VERSION=${{ env.BOOST_VERSION }} --build-arg ARMADILLO_VERSION=${{ env.ARMADILLO_VERSION }} --build-arg MLPACK_VERSION=${{ env.MLPACK_VERSION }} --build-arg TF_VERSION=${{ env.TF_VERSION }} --build-arg YARA_VERSION=${{ env.YARA_VERSION }} - - - name: push image to docker hub - run: | - echo ${{secrets.DOCKER_USER_TOKEN}} | docker login -u ${{ env.DOCKER_USER }} --password-stdin - docker tag docker.pkg.github.com/${{ env.github_lowercase_repo }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} - docker push ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} - docker logout diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index 40d30cf6..08253b16 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -4,6 +4,9 @@ on: release: types: - published + push: + branches: + - dev - docker env: @@ -19,11 +22,44 @@ env: jobs: + darwin-docker-dev: + runs-on: ubuntu-latest + + if: github.event_name == "push" + + steps: + - uses: actions/checkout@v2 + + - name: Prepare build + run: | + echo "github_lowercase_repo=`echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]'`" >> $GITHUB_ENV + + - uses: whoan/docker-build-with-cache-action@v5 + with: + image_name: ${{ env.IMAGE_NAME }} + username: ${{ github.actor }} + password: ${{ secrets.DEPLOY_TOKEN }} + registry: docker.pkg.github.com/${{ env.github_lowercase_repo }} + image_tag: ${{ env.IMAGE_TAG }} + dockerfile: docker/darwin + build_extra_args: --target darwin_builder --cpuset-cpus 0,1 --build-arg FAUP_VERSION=${{ env.FAUP_VERSION }} --build-arg BOOST_VERSION=${{ env.BOOST_VERSION }} --build-arg ARMADILLO_VERSION=${{ env.ARMADILLO_VERSION }} --build-arg MLPACK_VERSION=${{ env.MLPACK_VERSION }} --build-arg TF_VERSION=${{ env.TF_VERSION }} --build-arg YARA_VERSION=${{ env.YARA_VERSION }} + + - name: push image to docker hub + run: | + echo ${{secrets.DOCKER_USER_TOKEN}} | docker login -u ${{ env.DOCKER_USER }} --password-stdin + docker tag docker.pkg.github.com/${{ env.github_lowercase_repo }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} + docker push ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} + docker logout + + darwin-docker-release: runs-on: ubuntu-latest + if: github.event_name == "release" + steps: - uses: actions/checkout@v2 + - name: Prepare build run: | echo "github_lowercase_repo=`echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]'`" >> $GITHUB_ENV @@ -39,7 +75,7 @@ jobs: dockerfile: docker/darwin build_extra_args: --target darwin --cpuset-cpus 0,1 --build-arg FAUP_VERSION=${{ env.FAUP_VERSION }} --build-arg BOOST_VERSION=${{ env.BOOST_VERSION }} --build-arg ARMADILLO_VERSION=${{ env.ARMADILLO_VERSION }} --build-arg MLPACK_VERSION=${{ env.MLPACK_VERSION }} --build-arg TF_VERSION=${{ env.TF_VERSION }} --build-arg YARA_VERSION=${{ env.YARA_VERSION }} - - name: push image to docker hub + - name: push release image to docker hub run: | echo ${{secrets.DOCKER_USER_TOKEN}} | docker login -u ${{ env.DOCKER_USER }} --password-stdin docker tag docker.pkg.github.com/${{ env.github_lowercase_repo }}/${{ env.IMAGE_NAME }}:${{ env.tag_name }} ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:${{ env.tag_name }} From 0b90a7c3aaa5bac31e88cbe8128ee3504445d1b3 Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 07:57:25 +0000 Subject: [PATCH 09/15] GITHUB ACTIONS::FIX:: try valid syntax for if --- .github/workflows/docker-releases.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index 08253b16..30e080d4 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -25,7 +25,7 @@ jobs: darwin-docker-dev: runs-on: ubuntu-latest - if: github.event_name == "push" + if: github.event_name == 'push' steps: - uses: actions/checkout@v2 @@ -55,7 +55,7 @@ jobs: darwin-docker-release: runs-on: ubuntu-latest - if: github.event_name == "release" + if: github.event_name == 'release' steps: - uses: actions/checkout@v2 From ca3e899a9312414252227744cd3c8117d94ddf1a Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 09:15:01 +0100 Subject: [PATCH 10/15] GITHUB ACTIONS::FIX:: remove 'IMAGE_TAG' envvar --- .github/workflows/docker-releases.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index 30e080d4..b3e9b79b 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -40,15 +40,15 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.DEPLOY_TOKEN }} registry: docker.pkg.github.com/${{ env.github_lowercase_repo }} - image_tag: ${{ env.IMAGE_TAG }} + image_tag: dev dockerfile: docker/darwin build_extra_args: --target darwin_builder --cpuset-cpus 0,1 --build-arg FAUP_VERSION=${{ env.FAUP_VERSION }} --build-arg BOOST_VERSION=${{ env.BOOST_VERSION }} --build-arg ARMADILLO_VERSION=${{ env.ARMADILLO_VERSION }} --build-arg MLPACK_VERSION=${{ env.MLPACK_VERSION }} --build-arg TF_VERSION=${{ env.TF_VERSION }} --build-arg YARA_VERSION=${{ env.YARA_VERSION }} - name: push image to docker hub run: | echo ${{secrets.DOCKER_USER_TOKEN}} | docker login -u ${{ env.DOCKER_USER }} --password-stdin - docker tag docker.pkg.github.com/${{ env.github_lowercase_repo }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} - docker push ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} + docker tag docker.pkg.github.com/${{ env.github_lowercase_repo }}/${{ env.IMAGE_NAME }}:dev ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:dev + docker push ${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}:dev docker logout From 122da4a7988816ef428cb91aadf56563ed2e0099 Mon Sep 17 00:00:00 2001 From: frikilax Date: Wed, 10 Mar 2021 09:42:26 +0100 Subject: [PATCH 11/15] DOCKER::FIX:: Fix copy from faup --- docker/darwin | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/darwin b/docker/darwin index e14aec5b..0db08ff6 100644 --- a/docker/darwin +++ b/docker/darwin @@ -165,9 +165,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ RUN pip3 install jsonschema==3.2.0 -COPY --from=faup_builder /root/faup/install/usr/local/lib/libfaup.so* /usr/local/lib/ +COPY --from=faup_builder /root/faup/install/usr/local/lib/libfaup* /usr/local/lib/ COPY --from=faup_builder /root/faup/install/usr/local/share/faup/ /usr/local/share/faup -COPY --from=yara_builder /root/yara/install/usr/local/lib/libyara.so* /usr/local/lib/ +COPY --from=yara_builder /root/yara/install/usr/local/lib/libyara* /usr/local/lib/ COPY --from=darwin_builder /home/darwin/filters/darwin_* /home/darwin/filters/ COPY --from=darwin_builder /home/darwin/manager /home/darwin/manager COPY --from=darwin_builder /home/darwin/conf /home/darwin/conf From 341fdc3300c15e7f488c6c2263734e3eb5d37846 Mon Sep 17 00:00:00 2001 From: frikilax Date: Thu, 11 Mar 2021 22:17:54 +0100 Subject: [PATCH 12/15] ACTIONS::TEMPORARY:: Remove 'docker' from branches that trigger actions --- .github/workflows/docker-releases.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index b3e9b79b..f091c642 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -7,7 +7,6 @@ on: push: branches: - dev - - docker env: FAUP_VERSION: 1.5 From 44355e386766173dfd75a10b5c8cbe14e582cc36 Mon Sep 17 00:00:00 2001 From: frikilax Date: Thu, 11 Mar 2021 22:18:24 +0100 Subject: [PATCH 13/15] ACTIONS::UPDATE:: Use Yara v4.0.5 --- .github/workflows/docker-releases.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index f091c642..daecd696 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -14,7 +14,7 @@ env: ARMADILLO_VERSION: 9.900.1 MLPACK_VERSION: 3.4.0 TF_VERSION: 1.13.0 - YARA_VERSION: 3.11.0 + YARA_VERSION: 4.0.5 DOCKER_REPO: vultureproject DOCKER_USER: vultureworker IMAGE_NAME: darwin From 5f8355f951ed794ef01ec54fc1465d3d6ccde3f0 Mon Sep 17 00:00:00 2001 From: frikilax Date: Thu, 25 Mar 2021 12:10:56 +0100 Subject: [PATCH 14/15] DOCKER::IMPROVEMENTS:: to dockerfile --- .github/workflows/docker-releases.yml | 4 +- docker/darwin | 469 +++++++++++++++++++++----- 2 files changed, 377 insertions(+), 96 deletions(-) diff --git a/.github/workflows/docker-releases.yml b/.github/workflows/docker-releases.yml index daecd696..82c90734 100644 --- a/.github/workflows/docker-releases.yml +++ b/.github/workflows/docker-releases.yml @@ -9,11 +9,9 @@ on: - dev env: - FAUP_VERSION: 1.5 BOOST_VERSION: 1.71.0 ARMADILLO_VERSION: 9.900.1 MLPACK_VERSION: 3.4.0 - TF_VERSION: 1.13.0 YARA_VERSION: 4.0.5 DOCKER_REPO: vultureproject DOCKER_USER: vultureworker @@ -41,7 +39,7 @@ jobs: registry: docker.pkg.github.com/${{ env.github_lowercase_repo }} image_tag: dev dockerfile: docker/darwin - build_extra_args: --target darwin_builder --cpuset-cpus 0,1 --build-arg FAUP_VERSION=${{ env.FAUP_VERSION }} --build-arg BOOST_VERSION=${{ env.BOOST_VERSION }} --build-arg ARMADILLO_VERSION=${{ env.ARMADILLO_VERSION }} --build-arg MLPACK_VERSION=${{ env.MLPACK_VERSION }} --build-arg TF_VERSION=${{ env.TF_VERSION }} --build-arg YARA_VERSION=${{ env.YARA_VERSION }} + build_extra_args: --target darwin_full_build --cpuset-cpus 0,1 --build-arg BOOST_VERSION=${{ env.BOOST_VERSION }} --build-arg ARMADILLO_VERSION=${{ env.ARMADILLO_VERSION }} --build-arg MLPACK_VERSION=${{ env.MLPACK_VERSION }} --build-arg YARA_VERSION=${{ env.YARA_VERSION }} - name: push image to docker hub run: | diff --git a/docker/darwin b/docker/darwin index 0db08ff6..99637096 100644 --- a/docker/darwin +++ b/docker/darwin @@ -1,35 +1,32 @@ -# FAUP -FROM ubuntu:18.04 AS faup_builder -ARG FAUP_VERSION - -WORKDIR /root -RUN apt-get update && apt-get install -y --no-install-recommends\ - ca-certificates\ - wget\ - cmake\ - g++\ - pkg-config -RUN wget https://github.com/stricaud/faup/archive/v${FAUP_VERSION}.tar.gz \ - && mkdir faup \ - && tar xvf v${FAUP_VERSION}.tar.gz -C faup --strip-components 1 \ - && mkdir faup/build || true \ - && cd faup/build \ - && cmake .. \ - && make -j4 install DESTDIR=../install +ARG BASE_IMAGE=ubuntu:18.04 +ARG FULL_RELEASE_IMAGE=${BASE_IMAGE} +ARG FILTER_RELEASE_IMAGE=${BASE_IMAGE} +ARG BOOST_VERSION=1.71.0 +ARG ARMADILLO_VERSION=9.900.1 +ARG MLPACK_VERSION=3.4.0 +ARG YARA_VERSION=4.0.5 +######### +# BOOST # +######### -# BOOST -FROM ubuntu:18.04 as boost_builder +FROM ${BASE_IMAGE} as boost_builder ARG BOOST_VERSION +ENV TZ=UTC +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + WORKDIR /root + RUN apt-get update && apt-get install -y --no-install-recommends\ wget\ cmake\ g++\ pkg-config\ - ca-certificates + ca-certificates\ + && rm -rf /var/lib/apt/lists/* + RUN BOOST_UNDERSCORE_VERSION=`echo ${BOOST_VERSION} | tr . _` \ && wget https://dl.bintray.com/boostorg/release/${BOOST_VERSION}/source/boost_${BOOST_UNDERSCORE_VERSION}.tar.gz \ && mkdir boost \ @@ -40,27 +37,33 @@ RUN BOOST_UNDERSCORE_VERSION=`echo ${BOOST_VERSION} | tr . _` \ -# MLPACK -FROM ubuntu:18.04 AS mlpack_builder +########## +# MLPACK # +########## + +FROM ${BASE_IMAGE} AS mlpack_builder ARG ARMADILLO_VERSION ARG MLPACK_VERSION WORKDIR /root + COPY --from=boost_builder /root/boost/install/ /usr/local/ + RUN apt-get update && apt-get install -y --no-install-recommends\ + build-essential\ wget\ cmake\ - make\ - xz-utils\ - gcc\ - g++\ git\ liblapacke-dev\ libopenblas-dev\ - ca-certificates + ca-certificates\ + && rm -rf /var/lib/apt/lists/* + RUN wget https://sourceforge.net/projects/arma/files/armadillo-${ARMADILLO_VERSION}.tar.xz \ - && mkdir armadillo-code \ - && tar xvf armadillo-${ARMADILLO_VERSION}.tar.xz -C armadillo-code --strip-components 1 + && mkdir armadillo-code\ + && tar xvf armadillo-${ARMADILLO_VERSION}.tar.xz -C armadillo-code --strip-components 1 \ + && rm -r armadillo-${ARMADILLO_VERSION}.tar.xz + RUN wget https://github.com/mlpack/mlpack/archive/${MLPACK_VERSION}.tar.gz \ && mkdir mlpack \ && tar xvf ${MLPACK_VERSION}.tar.gz -C mlpack --strip-components 1 \ @@ -68,14 +71,19 @@ RUN wget https://github.com/mlpack/mlpack/archive/${MLPACK_VERSION}.tar.gz \ && mkdir build\ && cd build\ && cmake .. -DBUILD_TESTS=OFF -DBUILD_CLI_EXECUTABLES=OFF -DBUILD_PYTHON_BINDINGS=OFF -DFORCE_CXX11=ON -DUSE_OPENMP=ON -DBUILD_SHARED_LIBS=OFF -DARMADILLO_INCLUDE_DIR=/root/armadillo-code/include/ -DCMAKE_INSTALL_PREFIX:PATH=../install\ - && make -j16 install + && make -j$(nproc) install -# YARA -FROM ubuntu:18.04 AS yara_builder + +######## +# YARA # +######## + +FROM ${BASE_IMAGE} AS yara_builder ARG YARA_VERSION WORKDIR /root + RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates\ libjansson-dev\ @@ -89,7 +97,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ wget\ autoconf\ automake\ - libtool + libtool\ + && rm -rf /var/lib/apt/lists/* RUN wget https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz \ && mkdir yara \ @@ -97,89 +106,363 @@ RUN wget https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz \ && cd yara\ && ./bootstrap.sh\ && ./configure\ - && make -j4 install DESTDIR=`pwd`/install + && make -j$(nproc) install DESTDIR=`pwd`/install + + +########################### +# DARWIN BUILDER TEMPLATE # +########################### +FROM ${BASE_IMAGE} as darwin_builder_template -# DARWIN dev image -FROM ubuntu:18.04 AS darwin_builder +WORKDIR /darwin +ENV TZ=UTC -RUN mkdir -p var/sockets/darwin \ +COPY --from=boost_builder /root/boost/install/ /usr/local/ + +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone\ + && mkdir -p /var/sockets/darwin \ && mkdir -p /var/run/darwin \ - && mkdir -p /var/log/darwin + && mkdir -p /var/log/darwin \ + && mkdir -p /darwin/filters RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates\ - libevent-dev\ - libmaxminddb-dev\ libhiredis-dev\ - libssl-dev\ - liblapacke-dev\ - libopenblas-dev\ cmake\ pkg-config\ g++\ - git\ - redis\ + && rm -rf /var/lib/apt/lists/* + +COPY ./cmake/ /darwin/cmake/ +COPY ./conf/ /darwin/conf/ +COPY ./manager/ /darwin/manager/ +COPY ./samples/ /darwin/samples/ +COPY ./tests/ /darwin/tests/ +COPY ./toolkit/ /darwin/toolkit/ +COPY ./tools/ /darwin/tools/ +COPY ./CMakeLists.txt /darwin/ + +RUN find /darwin/conf/ -type f -exec bash -c 'mv $0 ${0/.example/}' {} \; + + + +########################### +# FILTER RELEASE TEMPLATE # +########################### + +FROM ${FILTER_RELEASE_IMAGE} AS filter_release_template +VOLUME ["/darwin/conf"] +HEALTHCHECK CMD nc -U /var/sockets/darwin/${FILTER_NAME}.mon.sock + +WORKDIR /darwin +ENV OUTPUT_TYPE NONE +ENV NB_THREADS 5 +ENV CACHE 0 +ENV THRESHOLD 70 +ENV LOGLEVEL WARNING +ENV TZ=UTC + +RUN groupadd -r darwin && useradd -r -s /bin/false -g darwin darwin + +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone\ + && mkdir -p /var/sockets/darwin\ + && mkdir -p /var/run/darwin\ + && mkdir -p /var/log/darwin\ + && ln -s /dev/stdout /var/log/darwin/darwin.log\ + && chown -R darwin:darwin /var/sockets/darwin\ + && chown -R darwin:darwin /var/run/darwin\ + && chown -R darwin:darwin /var/log/darwin + +RUN apt-get update && apt-get install -y --no-install-recommends \ + dumb-init\ + netcat-openbsd\ + && rm -rf /var/lib/apt/lists/* + +CMD /darwin/filters/filter ${FILTER_NAME} /var/sockets/darwin/${FILTER_NAME}.sock /darwin/conf/filter.conf /var/sockets/darwin/${FILTER_NAME}.mon.sock /var/run/darwin/${FILTER_NAME}.pid ${OUTPUT_TYPE} no ${NB_THREADS} ${CACHE} ${THRESHOLD} -l${LOGLEVEL} -n + + + +########################### +# DARWIN FULL BUILD IMAGE # +########################### + +FROM darwin_builder_template as darwin_full_build + +COPY --from=mlpack_builder /root/mlpack/install/ / +COPY --from=mlpack_builder /root/armadillo-code/include/ /usr/local/include/ +COPY --from=yara_builder /root/yara/install/ / + +RUN apt-get update && apt-get install -y --no-install-recommends \ + libssl-dev\ + liblapacke-dev\ + libopenblas-dev\ + libgomp1\ python3-dev\ python3-pip\ python3-setuptools\ - python3-wheel + python3-venv\ + git\ + && rm -rf /var/lib/apt/lists/* + +RUN python3 -m venv /darwin/env\ + && /darwin/env/bin/pip3 install --no-cache-dir -r /darwin/manager/requirements.txt\ + && /darwin/env/bin/pip3 install --no-cache-dir -r /darwin/tests/requirements.txt + +RUN cd filters\ + && cmake ..\ + && make -j$(nproc) + + + +######################## +# DARWIN RELEASE IMAGE # +######################## + +FROM ${FULL_RELEASE_IMAGE} AS darwin +VOLUME ["/darwin/conf"] + +HEALTHCHECK CMD echo '{"type": "monitor"}' | nc -U /var/sockets/darwin/darwin.sock + +WORKDIR /darwin +ENV LOGLEVEL WARNING +ENV TZ=UTC + +RUN groupadd -r darwin && useradd -r -s /bin/false -g darwin darwin + +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone\ + && mkdir -p /var/sockets/darwin\ + && mkdir -p /var/run/darwin\ + && mkdir -p /var/log/darwin\ + && ln -s /dev/stdout /var/log/darwin/darwin.log\ + && chown -R darwin:darwin /var/sockets/darwin\ + && chown -R darwin:darwin /var/run/darwin\ + && chown -R darwin:darwin /var/log/darwin + +RUN apt-get update && apt-get install -y --no-install-recommends\ + liblapacke\ + libopenblas-base\ + libgomp1\ + python3\ + netcat-openbsd\ + && rm -rf /var/lib/apt/lists/* + +COPY --from=yara_builder /root/yara/install/usr/local/lib/libyara* /usr/local/lib/ +COPY --from=darwin_full_build --chown=darwin:darwin /darwin/filters/darwin_* /darwin/filters/ +COPY --from=darwin_full_build --chown=darwin:darwin /darwin/env/ /darwin/env/ +COPY --from=darwin_builder_template --chown=darwin:darwin /darwin/manager /darwin/manager +COPY --from=darwin_builder_template --chown=darwin:darwin /darwin/conf /darwin/conf + +CMD /darwin/env/bin/python3 /darwin/manager/manager.py -l ${LOGLEVEL} /darwin/conf/darwin.conf + + + +################ +# BUFR BUILDER # +################ + +FROM darwin_builder_template as fbuffer_builder + +RUN cd filters \ + && cmake .. -DFILTER="BUFFER"\ + && make -j$(nproc) + + +################ +# BUFR RELEASE # +################ + +FROM filter_release_template as fbuffer_release + +ENV FILTER_NAME buffer + +COPY --chown=darwin:darwin --from=fbuffer_builder /darwin/filters/darwin_buffer /darwin/filters/ +COPY --chown=darwin:darwin ./conf/fbuffer/ /darwin/conf/ + +RUN find /darwin/conf/ -type f -exec bash -c 'mv $0 ${0/.example/}' {} \;\ + && ln -s /darwin/filters/darwin_buffer /darwin/filters/filter\ + && ln -s /darwin/conf/fbuffer.conf /darwin/conf/filter.conf + +USER darwin + + + +################ +# CONN BUILDER # +################ + +FROM darwin_builder_template as fconnection_builder + +RUN cd filters \ + && cmake .. -DFILTER="CONNECTION"\ + && make -j$(nproc) + + +################ +# CONN RELEASE # +################ + +FROM filter_release_template as fconnection_release + +ENV FILTER_NAME connection + +COPY --chown=darwin:darwin --from=fconnection_builder /darwin/filters/darwin_connection /darwin/filters/ +COPY --chown=darwin:darwin ./conf/fconnection/ /darwin/conf/ + +RUN find /darwin/conf/ -type f -exec bash -c 'mv $0 ${0/.example/}' {} \;\ + && ln -s /darwin/filters/darwin_connection /darwin/filters/filter\ + && ln -s /darwin/conf/fconnection.conf /darwin/conf/filter.conf + +USER darwin + + + +################ +# LKUP BUILDER # +################ + +FROM darwin_builder_template as fhostlookup_builder + +RUN cd filters \ + && cmake .. -DFILTER="HOSTLOOKUP"\ + && make -j$(nproc) + + +################ +# LKUP RELEASE # +################ + +FROM filter_release_template as fhostlookup_release + +ENV FILTER_NAME hostlookup + +COPY --chown=darwin:darwin --from=fhostlookup_builder /darwin/filters/darwin_hostlookup /darwin/filters/ +COPY --chown=darwin:darwin ./conf/fhostlookup/ /darwin/conf/ + +RUN find /darwin/conf/ -type f -exec bash -c 'mv $0 ${0/.example/}' {} \;\ + && ln -s /darwin/filters/darwin_hostlookup /darwin/filters/filter\ + && ln -s /darwin/conf/fhostlookup.conf /darwin/conf/filter.conf + +USER darwin + + + +################ +# SESS BUILDER # +################ + +FROM darwin_builder_template as fsession_builder + +RUN apt-get update && apt-get install -y --no-install-recommends \ + libssl-dev\ + && rm -rf /var/lib/apt/lists/* + +RUN cd filters \ + && cmake .. -DFILTER="SESSION"\ + && make -j$(nproc) + + +################ +# SESS RELEASE # +################ + +FROM filter_release_template as fsession_release + +ENV FILTER_NAME session + +COPY --chown=darwin:darwin --from=fsession_builder /darwin/filters/darwin_session /darwin/filters/ +COPY --chown=darwin:darwin ./conf/fsession/ /darwin/conf/ + + +RUN find /darwin/conf/ -type f -exec bash -c 'mv $0 ${0/.example/}' {} \;\ + && ln -s /darwin/filters/darwin_session /darwin/filters/filter\ + && ln -s /darwin/conf/fsession.conf /darwin/conf/filter.conf + +USER darwin + + + +################ +# UNAD BUILDER # +################ + +FROM darwin_builder_template as fanomaly_builder -COPY --from=faup_builder /root/faup/install/ / COPY --from=mlpack_builder /root/mlpack/install/ / -COPY --from=mlpack_builder /root/armadillo-code/ /root/armadillo-code/ -COPY --from=boost_builder /root/boost/install/ /usr/local/ -COPY --from=yara_builder /root/yara/install/ / +COPY --from=mlpack_builder /root/armadillo-code/include/ /usr/local/include/ + +RUN apt-get update && apt-get install -y --no-install-recommends \ + liblapacke-dev\ + libopenblas-dev\ + libgomp1\ + && rm -rf /var/lib/apt/lists/* -COPY . /home/darwin -WORKDIR /home/darwin +RUN cd filters \ + && cmake .. -DFILTER="ANOMALY"\ + && make -j$(nproc) -RUN mkdir filters || rm -rf filters/*\ - && cd filters \ - && cmake .. -DARMADILLO_INCLUDE_DIR=/root/armadillo-code/include/\ - && make -j4 -RUN pip3 install -r manager/requirements.txt\ - && pip3 install -r tests/requirements.txt +################ +# UNAD RELEASE # +################ +FROM filter_release_template as fanomaly_release -FROM ubuntu:18.04 AS darwin -RUN mkdir -p /var/sockets/darwin \ - && mkdir -p /var/run/darwin \ - && mkdir -p /var/log/darwin +ENV FILTER_NAME anomaly + +COPY --chown=darwin:darwin --from=fanomaly_builder /darwin/filters/darwin_anomaly /darwin/filters/ +COPY --chown=darwin:darwin ./conf/fanomaly/ /darwin/conf/ + +RUN apt-get update && apt-get install -y --no-install-recommends\ + liblapacke\ + libopenblas-base\ + libgomp1\ + && rm -rf /var/lib/apt/lists/* + +RUN find /darwin/conf/ -type f -exec bash -c 'mv $0 ${0/.example/}' {} \;\ + && ln -s /darwin/filters/darwin_anomaly /darwin/filters/filter\ + && ln -s /darwin/conf/fanomaly.conf /darwin/conf/filter.conf + +USER darwin + + + +################ +# YARA BUILDER # +################ + +FROM darwin_builder_template as fyara_builder + +COPY --from=yara_builder /root/yara/install/ / RUN apt-get update && apt-get install -y --no-install-recommends \ - libevent-2.1 \ - libmaxminddb0 \ - libhiredis0.13 \ - liblapacke \ - libopenblas-base \ - libgomp1 \ - python3 \ - python3-pip \ - python3-setuptools \ - python3-wheel \ - python3-psutil \ - python3-redis - -RUN pip3 install jsonschema==3.2.0 - -COPY --from=faup_builder /root/faup/install/usr/local/lib/libfaup* /usr/local/lib/ -COPY --from=faup_builder /root/faup/install/usr/local/share/faup/ /usr/local/share/faup + libssl-dev\ + && rm -rf /var/lib/apt/lists/* + +RUN cd filters \ + && cmake .. -DFILTER="YARA"\ + && make -j$(nproc) + + +################ +# YARA RELEASE # +################ + +FROM filter_release_template as fyara_release + +ENV FILTER_NAME yara + COPY --from=yara_builder /root/yara/install/usr/local/lib/libyara* /usr/local/lib/ -COPY --from=darwin_builder /home/darwin/filters/darwin_* /home/darwin/filters/ -COPY --from=darwin_builder /home/darwin/manager /home/darwin/manager -COPY --from=darwin_builder /home/darwin/conf /home/darwin/conf -RUN find /home/darwin/conf/ -type f -exec bash -c 'mv $0 ${0/.example/}' {} \; +COPY --chown=darwin:darwin --from=fyara_builder /darwin/filters/darwin_yara /darwin/filters/ +COPY --chown=darwin:darwin ./conf/fyara/ /darwin/conf/ -WORKDIR /home/darwin -ENV LOGLEVEL WARNING -CMD sh -c "python3 ./manager/manager.py -l ${LOGLEVEL} /home/darwin/conf/darwin.conf" -VOLUME ["/home/darwin/conf"] -VOLUME ["/var/sockets/darwin"] -VOLUME ["/var/log/darwin"] +RUN apt-get update && apt-get install -y --no-install-recommends\ + libssl1.1\ + && rm -rf /var/lib/apt/lists/* + +RUN find /darwin/conf/ -type f -exec bash -c 'mv $0 ${0/.example/}' {} \;\ + && ln -s /darwin/filters/darwin_yara /darwin/filters/filter\ + && ln -s /darwin/conf/fyara.conf /darwin/conf/filter.conf -# define default final image -FROM darwin \ No newline at end of file +USER darwin \ No newline at end of file From 86b1ab21269bf708a9ed5d1c81b9a13b1b2d25ce Mon Sep 17 00:00:00 2001 From: frikilax Date: Thu, 25 Mar 2021 16:29:57 +0100 Subject: [PATCH 15/15] DOCS::IMPROVEMENTS:: add precisions on docker images --- docs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs b/docs index 977e16a9..66ac29bc 160000 --- a/docs +++ b/docs @@ -1 +1 @@ -Subproject commit 977e16a99531e3544c485da2c87122b56ef3ab59 +Subproject commit 66ac29bc5e6f412eef7f04569cfe2af81b52c21a