panda: add dockerfile and dependencies

.dockerignore

@@ -0,0 +1,9 @@
+build
+venv
+local
+Dockerfile
+panda/debian
+.*sw*
+.dockerignore
+.github
+.git/FETCH_HEAD

Dockerfile

@@ -0,0 +1,55 @@
+ARG BASE_IMAGE="ubuntu:22.04"
+ARG TARGET_LIST="x86_64-softmmu,i386-softmmu,arm-softmmu,aarch64-softmmu,ppc-softmmu,ppc64-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu"
+
+### BASE IMAGE
+FROM $BASE_IMAGE AS base
+ARG BASE_IMAGE
+
+# Copy dependencies lists into container. We copy them all and then do a mv because
+# we need to transform base_image into a windows compatible filename which we can't
+# do in a COPY command.
+COPY ./panda/dependencies/* /tmp
+RUN mv /tmp/$(echo "$BASE_IMAGE" | sed 's/:/_/g')_build.txt /tmp/build_dep.txt && \
+    mv /tmp/$(echo "$BASE_IMAGE" | sed 's/:/_/g')_base.txt /tmp/base_dep.txt
+
+# Base image just needs runtime dependencies
+RUN [ -e /tmp/base_dep.txt ] && \
+    apt-get -qq update && \
+    DEBIAN_FRONTEND=noninteractive apt-get -qq install -y --no-install-recommends curl $(cat /tmp/base_dep.txt | grep -o '^[^#]*') && \
+    apt-get clean
+
+### BUILD IMAGE - STAGE 2
+FROM base AS builder
+ARG BASE_IMAGE
+ARG TARGET_LIST
+
+RUN [ -e /tmp/build_dep.txt ] && \
+    apt-get -qq update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $(cat /tmp/build_dep.txt | grep -o '^[^#]*') && \
+    apt-get clean
+
+# Build and install panda
+# Copy repo root directory to /panda, note we explicitly copy in .git directory
+# Note .dockerignore file keeps us from copying things we don't need
+COPY . /panda/
+
+# Note we diable NUMA for docker builds because it causes make check to fail in docker
+RUN mkdir /panda/build && cd /panda/build && \
+     python3 -m pip install setuptools_scm && \
+     /panda/configure \
+         --target-list="${TARGET_LIST}" \
+         --enable-plugins
+
+
+RUN ninja -C /panda/build -j "$(nproc)"
+
+FROM builder AS installer
+RUN  ninja -C /panda/build install
+
+# this layer is used to strip shared objects and change python data to be
+# symlinks to the installed panda data directory
+FROM installer AS cleanup
+RUN find /panda/build -name "*.so" -exec strip {} \;
+
+FROM base AS panda
+COPY --from=cleanup /panda/build/libpanda* /usr/local/bin

panda/debian/.gitignore

@@ -0,0 +1 @@
+panda.deb

panda/debian/Dockerfile

@@ -0,0 +1,36 @@
+# First run the main Dockerfile to build the base image and name it panda. Then we run here
+# to generate a debian package
+
+FROM debian:buster-slim
+
+# Install necessary tools for packaging
+RUN apt-get -qq update && \
+    DEBIAN_FRONTEND=noninteractive apt-get -qq install -y \
+        fakeroot dpkg-dev
+
+# Get dependencies list from base image
+COPY --from=panda /tmp/base_dep.txt /tmp
+COPY --from=panda /tmp/build_dep.txt /tmp
+
+# Set up /package-root with files from panda we'll package
+COPY --from=panda /usr/local/lib/x86_64-linux-gnu /package-root/usr/local/lib/x86_64-linux-gnu
+COPY --from=panda /usr/local/share/qemu /package-root/usr/local/share/qemu
+COPY --from=panda /panda/build/config-host.mak /package-root/usr/local/share/qemu
+
+# Create DEBIAN directory and control file
+COPY control /package-root/DEBIAN/control
+
+# Update control file with dependencies
+# Build time. We only select dependencies that are not commented out or blank
+RUN dependencies=$(grep '^[a-zA-Z]' /tmp/build_dep.txt | tr '\n' ',' | sed 's/,,\+/,/g'| sed 's/,$//') && \
+    sed -i "s/BUILD_DEPENDS_LIST/Build-Depends: $dependencies/" /package-root/DEBIAN/control
+
+# Run time. Also includes ipxe-qemu so we can get pc-bios files
+RUN dependencies=$(grep '^[a-zA-Z]' /tmp/base_dep.txt | tr '\n' ',' | sed 's/,,\+/,/g' | sed 's/,$//') && \
+    sed -i "s/DEPENDS_LIST/Depends: ipxe-qemu,${dependencies}/" /package-root/DEBIAN/control
+
+# Build the package
+RUN fakeroot dpkg-deb --build /package-root /pandare.deb
+
+# The user can now extract the .deb file from the container with something like
+#docker run --rm -v $(pwd):/out packager bash -c "cp /pandare.deb /out"

panda/debian/control

@@ -0,0 +1,12 @@
+Package: pandare
+Version: 3.1.0
+Architecture: all
+BUILD_DEPENDS_LIST
+DEPENDS_LIST
+Maintainer: Luke Craig <[email protected]>
+Description: dynamic analysis platform
+ Platform for Architecture Neutral Dynamic Analysis (PANDA) is a processor
+ emulator designed to support analyses of guest code. PANDA supports record-
+ and-replay based analyses as well as analyses on live systems. PANDA is forked
+ from the QEMU emulator.
+ Panda currently supports i386, x86_64, ARM, MIPS, and PPC.

panda/debian/setup.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+set -eu
+
+# Function to get the current Ubuntu version
+get_ubuntu_version() {
+    lsb_release -i -s 2>/dev/null
+}
+
+if [[ $# -eq 0 ]]; then
+	# No argument given, try building a package for current Ubuntu version
+
+	# Check if we're running Ubuntu, exit otherwise
+	OS=$(get_ubuntu_version)
+else
+	OS=$1
+fi
+
+if [[ $(get_ubuntu_version) != "Ubuntu" ]]; then
+	echo "ERROR: OS of $OS is not Ubuntu and unsupported"
+	exit 1
+fi
+
+if [[ $# -eq 1 ]]; then
+	echo "USAGE:"
+	echo "	To build a package for current Ubuntu version:"
+	echo "	  $0"
+	echo "	To build a package for a specific OS/version (only Ubuntu supported for now):"
+	echo "	  $0 <OS> <version>"
+	exit 1
+fi
+
+if [[ $# -eq 2 ]]; then
+	version=$2
+
+else
+	version=$(lsb_release -r | awk '{print $2}')
+fi
+
+# Check if the given version is supported
+if [[ ! -f "../dependencies/ubuntu_${version}_base.txt" ]]; then
+	echo "ERROR: Ubuntu ${version} is not supported, no dependencies file found"
+	exit 1
+fi
+
+# Build the installer to generate the wheel file
+DOCKER_BUILDKIT=1 docker build --target cleanup -t panda --build-arg BASE_IMAGE="ubuntu:${version}" ../..
+
+# Copy wheel file out of container to host
+# this also preserves wheel name, which is important as pip install WILL fail if you arbitarily change the generated wheel file name
+# docker run --rm -v $(pwd):/out panda bash -c "cp /panda/panda/python/core/dist/*.whl /out"
+
+# Finish building main panda container for the target ubuntu version
+# DOCKER_BUILDKIT=1 docker build --target panda -t panda --build-arg BASE_IMAGE="ubuntu:${version}" ../..
+
+# Now build the packager container from that
+docker build -t packager .
+
+# Copy deb file out of container to host
+docker run --rm -v $(pwd):/out packager bash -c "cp /pandare.deb /out"
+mv pandare.deb pandare_${version}.deb

panda/dependencies/README.md

@@ -0,0 +1,7 @@
+This directory contains plaintext lists of build and runtime dependencies for PANDA on various architectures.
+The files here are sourced by our Dockerfile as well as our install scripts.
+By consolidating dependencies into a single location we're able to avoid things getting out of sync.
+
+Files must be named `[base_image]_[base|build].txt` where `base_image` refers to the docker tag used (e.g., `ubuntu:20.04`). Build should describe build dependencies and base should describe runtime dependencies.
+
+Files can contain comments usith `#`

panda/dependencies/ubuntu_22.04_base.txt

@@ -0,0 +1,82 @@
+# Panda dependencies
+# Note that libcapstone >= v4.1 is also required, but that's not available in apt
+git
+libdwarf1
+libjsoncpp-dev
+libllvm11
+libprotobuf-c-dev
+libvte-2.91-0
+libwireshark-dev
+libwiretap-dev
+libxen-dev
+libz3-dev
+python3
+python3-pip
+wget
+
+# pyperipheral (only needed for armel)
+libpython3-dev
+
+# pypanda dependencies
+genisoimage
+libffi-dev
+python3-protobuf
+python3-colorama
+
+# Not sure what this one is needed for
+liblzo2-2
+
+# apt-rdepends qemu-system-common
+acl
+libc6
+libcap-ng0
+libcap2
+libgbm1
+libglib2.0-0
+libgnutls30
+libnettle8
+libpixman-1-0
+libvirglrenderer1
+
+# apt-rdepends qemu-block-extra
+libcurl3-gnutls
+libglib2.0-0
+libiscsi7
+librados2
+librbd1
+libssh-4
+
+# apt-rdepends qemu-system-arm, seems most of the system-[arch]es have same dependencies
+libaio1
+libasound2
+libbrlapi-dev
+libc6
+libcacard0
+libepoxy0
+libfdt1
+libgbm1
+libgcc-s1
+libglib2.0-0
+libgnutls30
+libibverbs1
+libjpeg8
+libncursesw6
+libnuma1
+libpixman-1-0
+libpmem1
+libpng16-16
+librdmacm1
+libsasl2-2
+libseccomp2
+libslirp0
+libspice-server1
+libstdc++6
+libtinfo6
+libusb-1.0-0
+libusbredirparser1
+libvirglrenderer1
+zlib1g
+
+#rr2 dependencies
+libarchive-dev
+libssl-dev

panda/dependencies/ubuntu_22.04_build.txt

@@ -0,0 +1,90 @@
+libc++-dev
+libelf-dev
+libtool-bin
+libwireshark-dev
+libwiretap-dev
+lsb-core
+zip
+
+# panda build deps
+# Note libcapstone-dev is required, but we need v4 + which isn't in apt
+build-essential
+chrpath
+clang-11
+gcc
+libdwarf-dev
+libprotoc-dev
+llvm-11-dev
+protobuf-c-compiler
+protobuf-compiler
+python3-dev
+libpixman-1-dev
+zip
+
+# pypanda dependencies
+python3-setuptools
+python3-wheel
+
+# pypanda test dependencies
+gcc-multilib
+libc6-dev-i386
+nasm
+
+# Qemu build deps
+debhelper
+device-tree-compiler
+libgnutls28-dev
+libaio-dev
+libasound2-dev
+libattr1-dev
+libbrlapi-dev
+libcacard-dev
+libcap-dev
+libcap-ng-dev
+libcurl4-gnutls-dev
+libdrm-dev
+libepoxy-dev
+libfdt-dev
+libgbm-dev
+libibumad-dev
+libibverbs-dev
+libiscsi-dev
+libjpeg-dev
+libncursesw5-dev
+libnuma-dev
+libpmem-dev
+libpng-dev
+libpulse-dev
+librbd-dev
+librdmacm-dev
+libsasl2-dev
+libseccomp-dev
+libslirp-dev
+libspice-protocol-dev
+libspice-server-dev
+libssh-dev
+libudev-dev
+libusb-1.0-0-dev
+libusbredirparser-dev
+libvirglrenderer-dev
+nettle-dev
+python3
+python3-sphinx
+texinfo
+uuid-dev
+xfslibs-dev
+zlib1g-dev
+libc6.1-dev-alpha-cross
+
+# qemu build deps that conflict with gcc-multilib
+#gcc-alpha-linux-gnu
+#gcc-powerpc64-linux-gnu
+#gcc-s390x-linux-gnu
+
+# rust install deps
+curl
+
+# libosi install deps
+cmake
+ninja-build
+rapidjson-dev

panda/meson.build

@@ -0,0 +1 @@
+subdir('src')