Revive aarch64 image

.github/workflows/verify.yml

@@ -27,7 +27,7 @@ on:
 jobs:
   test:
     runs-on: ${{ matrix.os }}
-    timeout-minutes: 90
+    timeout-minutes: 180
 
     strategy:
       fail-fast: false
@@ -37,9 +37,11 @@ jobs:
         # From: 'ls ./docker/'
         image_name:
           - centos6-x64
+          - debian-aarch64
           - debian-armv7
           - fedora30-x64
-          - kali109-x64
+          # Currently fails on rate limiting on Kali's side:
+          # - kali109-x64
           - ubuntu1204-x64
           - ubuntu1204-x86
           - ubuntu1804-x64
@@ -49,9 +51,38 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Set the docker build metadata
+        run: |
+          export BUILD_DATE=$(date "+%Y_%m")
+          echo "BUILD_DATE=$BUILD_DATE" >> "$GITHUB_ENV"
+          echo "BUILD_TAG=rapid7/${IMAGE_NAME}-omnibus:${BUILD_DATE}" >> "$GITHUB_ENV"
+        env:
+          IMAGE_NAME: ${{ matrix.image_name }}
+
       - name: Build Docker image
         run: |
-          export BUILD_DATE=$(date "+%y_%m")
-          /bin/bash -x -c "docker build --tag rapid7/${IMAGE_NAME}-omnibus:${BUILD_DATE} -f ./docker/${IMAGE_NAME}/Dockerfile ./docker/${IMAGE_NAME}"
+          /bin/bash -x -c "docker build --tag ${BUILD_TAG} -f ./docker/${IMAGE_NAME}/Dockerfile ./docker/${IMAGE_NAME}"
+        env:
+          IMAGE_NAME: ${{ matrix.image_name }}
+
+      # Checkout again - but with the submodules enabled to start a real build
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Run omnibus
+        run: |
+          cat <<EOF >>build_docker.sh
+          #!/bin/sh -Eeuo pipefail
+          # install omnibus' dependencies
+          bundle install
+          bundle binstubs --all
+
+          # build the metasploit-framework package
+          bin/omnibus build metasploit-framework
+          EOF
+          chmod +x ./build_docker.sh
+          /bin/bash -x -c "docker run --rm --volume $(pwd):$(pwd) --workdir $(pwd) --user jenkins ${BUILD_TAG} /bin/bash -l -c './build_docker.sh'"
         env:
           IMAGE_NAME: ${{ matrix.image_name }}

README.md

@@ -32,7 +32,7 @@ docker build --tag metasploit-omnibus-builder - < ./docker/ubuntu1204-x86/Docker
 Or on OSX you can use the following script to build all images following the latest Docker image naming convention:
 
 ```shell
-export BUILD_DATE=$(date "+%y_%m"); ls ./docker | xargs -I IMAGE_NAME /bin/bash -x -c "docker build --tag rapid7/IMAGE_NAME-omnibus:$BUILD_DATE -f ./docker/IMAGE_NAME/Dockerfile ./docker/IMAGE_NAME"
+export BUILD_DATE=$(date "+%Y_%m"); ls ./docker | xargs -I IMAGE_NAME /bin/bash -x -c "docker build --tag rapid7/IMAGE_NAME-omnibus:$BUILD_DATE -f ./docker/IMAGE_NAME/Dockerfile ./docker/IMAGE_NAME"
 ```
 
 You can then run a new container using the above tagged image, whilst mounting the current directory as a volume:

build_docker.sh

@@ -0,0 +1,8 @@
+          #!/bin/sh -Eeuo pipefail
+          # install omnibus' dependencies
+          bundle install
+          bundle binstubs --all
+
+          # build the metasploit-framework package
+          bin/omnibus build metasploit-framework
+          EOF

config/software/ruby.rb

@@ -84,7 +84,7 @@
 
 env = with_standard_compiler_flags(with_embedded_path)
 
-# do not remote - Rapid7 custom - do not remove:
+# do not remove - Rapid7 custom - do not remove:
 jemalloc_required = linux? || mac_os_x?
 if jemalloc_required
   dependency "jemalloc"

docker/centos6-x64/Dockerfile

@@ -5,7 +5,7 @@ MAINTAINER Rapid7 Release Engineering <[email protected]>
 
 VOLUME /pkg
 
-# https://stackoverflow.com/questions/21396508/yumrepo-error-all-mirror-urls-are-not-using-ftp-https-or-file
+# # Copy newer apt sources that are valid/use https
 COPY yum.repos.d /etc/yum.repos.d
 
 RUN rpm -ivh https://dl.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm

docker/debian-aarch64/.dockerignore

@@ -0,0 +1,3 @@
+*
+
+!apt

docker/debian-aarch64/Dockerfile

@@ -0,0 +1,69 @@
+# docker build -t rapid7/msf-debian-aarch64-omnibus .
+FROM rapid7/msf-debian-aarch64-omnibus:2020_03
+MAINTAINER Rapid7 Release Engineering <[email protected]>
+
+RUN ["docker-build-start"]
+
+# Copy newer apt sources that are valid/use https
+COPY apt /etc/apt
+
+# Update certs as the current ones have expired
+RUN mkdir -p /tmp/updated_certs && \
+    cd /tmp/updated_certs && \
+    curl --location --insecure --output cacert-2023-08-22.pem https://curl.se/ca/cacert-2023-08-22.pem && \
+    echo '23c2469e2a568362a62eecf1b49ed90a15621e6fa30e29947ded3436422de9b9  cacert-2023-08-22.pem' > cacert-2023-08-22.pem.sha256 && \
+    sha256sum -c cacert-2023-08-22.pem.sha256 && \
+    mv cacert-2023-08-22.pem /etc/ssl/certs/ca-certificates.crt && \
+    rm -rf /tmp/updated_certs
+
+# Import newer debian signing keys, as the current version available in the docker image is outdated and apt-get fails
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9 6ED0E7B82643E131 F8D2585B8783D481
+
+RUN apt-get update && apt-get install -y \
+    git \
+    curl \
+    autoconf \
+    binutils-doc \
+    bison \
+    flex \
+    gettext \
+    build-essential \
+    ruby \
+    rsync \
+    ccache \
+    devscripts \
+    fakeroot \
+    unzip \
+    procps \
+    gnupg \
+	build-essential \
+    m4 && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN git config --global user.email "[email protected]" && \
+    git config --global user.name "Omnibus Packager"
+
+RUN command curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
+    command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
+    curl -L -sSL https://get.rvm.io | bash -s stable
+RUN /bin/bash -l -c "rvm requirements"
+RUN /bin/bash -l -c "rvm install 3.0.6"
+RUN /bin/bash -l -c "gem install bundler -v 2.2.3 --no-document"
+
+# pre-load the omnibus dependencies
+RUN /bin/bash -l -c 'cd ~/ && git clone https://github.com/rapid7/metasploit-omnibus.git && \
+        cd ~/metasploit-omnibus && bundle install && bundle binstubs --all && cd ~/ && rm -fr metasploit-omnibus'
+
+ENV JENKINS_HOME /home/jenkins
+RUN useradd -d "$JENKINS_HOME" -u 1001 -m -s /bin/sh jenkins
+RUN cp ~/.gitconfig "$JENKINS_HOME"
+RUN chown -R jenkins "$JENKINS_HOME"
+
+RUN mkdir -p /var/cache/omnibus
+RUN mkdir -p /opt/metasploit-framework
+RUN chown jenkins /var/cache/omnibus
+RUN chown jenkins /opt/metasploit-framework
+RUN chown -R jenkins /var/lib/gems/
+
+RUN ["docker-build-end"]

docker/debian-aarch64/apt/sources.list

@@ -0,0 +1,8 @@
+deb http://deb.debian.org/debian bullseye main contrib non-free
+deb-src http://deb.debian.org/debian bullseye main contrib non-free
+
+deb http://deb.debian.org/debian bullseye-updates main contrib non-free
+deb-src http://deb.debian.org/debian bullseye-updates main contrib non-free
+
+deb http://deb.debian.org/debian bullseye-backports main contrib non-free
+deb-src http://deb.debian.org/debian bullseye-backports main contrib non-free

docker/debian-armv7/Dockerfile

@@ -4,7 +4,7 @@ MAINTAINER Rapid7 Release Engineering <[email protected]>
 
 RUN ["cross-build-start"]
 
-# https://unix.stackexchange.com/questions/508724/failed-to-fetch-jessie-backports-repository/508728
+# Copy newer apt sources that are valid
 COPY apt /etc/apt
 
 RUN apt-get update && apt-get install -y \

docker/kali109-x64/Dockerfile

@@ -53,10 +53,7 @@ RUN curl -O ftp://ftp.tcl.tk/pub/tcl/tcl8_6/tcl8.6.9-src.tar.gz && \
   ./configure && make && make install && \
   cd ../../ && rm -rf tcl8.6.9*
 
-# Update certs to fix later git clone issues:
-#   error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://github.com/rapid7/metasploit-omnibus.git/info/refs
-# We extract a new https://curl.se/docs/caextract.html bundle using the sha256summ
-# from https://curl.se/ca/cacert-2023-08-22.pem.sha256
+# Update certs as the current ones have expired
 RUN mkdir -p /tmp/updated_certs && \
     cd /tmp/updated_certs && \
     curl --location --insecure --output cacert-2023-08-22.pem https://curl.se/ca/cacert-2023-08-22.pem && \