Docker metasploit does not run on ARM processors #18588
Comments
|
Does this build script work for you? It will create a new docker image: And running: |
|
hi, thanks for your reply. I have the following error when i am trying to build the new image: There is a problem with the mingw-w64-gcc package. The same error exists when I try to build the image from the Dockerfile: |
|
Interesting! I believe we only require mingw in Docker for compiling the the runtime payloads that are generated by some of our dynamic encryption modules: So I'm thinking it could be conditionally skipped at build time for the docker ARM env for now |
|
I deleted the package mingw-w64-gcc from the Dockerfile. Now there is an issue on impacket library on alpine linux images, not sure why: I try to solve this by using libraries (added on Dockerfile) suggested in posts like the following: I think if I manage to solve this error, the image will build successfully. |
|
Looks like adding libffi might work; Also potentially pulling in a newer base alpine image like in - #18570 |
|
Managed to build the arm docker image ! Can i create a pull request with a new dockerfile named Dockerfile.arm ? |
|
Awesome! Instead of creating a new file, I wonder if it's possible to keep having a single Dockerfile, and conditionally compile the ARM vs Intel dependencies instead? 🤔 I believe it's possible to do via this approach https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/ |
|
Your suggestion is very nice ! i managed to create a single multi-stage Dockerfile. I used a build argument named architecture on which i define the platform architecture. On the Dockerfile i use the following stages (see the pics) So, by using the below command, I successfully built and ran Metasploit for both AMD and ARM architectures. docker build -f Dockerfile.t --build-arg architecture=amd64 -t metasploit_amd .
docker build -f Dockerfile.t --build-arg architecture=arm64 -t metasploit_arm .I tried to use the built-in variable named TARGETPLATFORM, as the attached blog suggests, but for some reason, I couldn't make it work (Maybe this is a fault of my Docker Engine version, the value of this always empty) Of courses this needs to be tested more! Let me know your thoughts on that |
I took a quick look, and I think you can't use From the original post, it looks like they'll change the behavior of
|
|
Indeed, on the previous comment's commands i didn't used the buildx command. I tried to build the below Dockerfile but it didn't work for some reason. FROM ubuntu:latest AS base
RUN echo "architecture is equal to ${TARGETPLATFORM}"If you build it with the following command, it should echo the defined architecture: docker buildx build --platform=linux/arm64 .but not in my case. |
|
How about with adding FROM ubuntu:latest AS base
ARG TARGETPLATFORM
RUN echo "architecture is equal to ${TARGETPLATFORM}" >> platform.txtFor my env I built the docker image with buildx, and for some reason for my env I needed to export to And then ran it locally to verify the file contents that I generated were as I expected: |
|
what about the following Dockerfile ARG architecture
FROM ubuntu:latest AS base
ARG TARGETPLATFORM
FROM base AS branch-version-arm64
RUN echo "this is the stage that sets ${TARGETPLATFORM}"
FROM base AS branch-version-amd64
RUN echo "this is the stage that sets ${TARGETPLATFORM}"
FROM branch-version-${architecture} AS final
RUN echo "PLATFORM is ${TARGETPLATFORM}"and build it with the following command docker buildx build --platform=linux/arm64 --build-arg architecture=arm64 --output type=docker --tag build_test:latest .my main problem is on line FROM branch-version-${architecture} AS final i could use ${TARGETPLAFORM} but because the value is linux/arm64 and have the / i have an error because it cant contain that symbol. If somehow we can parse that then we can remove completely the architecture variable from the build. |
|
Hm! If you want to put up a PR for whatever you think is the easiest approach for building both the new ARM setup and old setup - we could get that landed and available for users on Dockerhub first, and then we could look at consolidating the improving/codegolfing the setup afterwards 👍 |
|
Will mark this as closed now, thanks for the contribution! 👍 |
It seems that docker image of the metasploit framework does work on ARM processors .
To reproduce it:
docker run -it --rm metasploitframework/metasploit-framework /bin/bash -c "./msfconsole -x 'show exploits;exit'"The text was updated successfully, but these errors were encountered: