Dockerfile.el8

# PONZU
# build lime kernel module and volatilty profiles from lime and dwarfDump source.
# change the FROM line to a different OS release if required
# also change the COPY centos-el6-vault.repo line as necessary
#
# [build ponzu]
# docker build -t ponzu:el8 .
#
# [run ponzu]
# docker run --rm -v /YourPath/rpms/:/rpms/ ponzu:el8 3.10.0-123.1.2
#
# I keep the rpms out of the ponzu directory to keep the build process compact
# [optional]
# mkdir /YourPath/rpms
# cp kernel-${KVER}*.rpm /YourPath/rpms
# cp kernel-devel-${KVER}*.rpm /YourPath/rpms
# cp kernel-firmware-${KVER}*.rpm /YourPath/rpms
#
# If you're doing el5, el6, el7, or el8, change the release value below and change the OSVER in build-volatility.sh

FROM centos:centos8

LABEL maintainer Dannen Harris version 3.0

RUN mkdir /lime-module /rpms

# x86_64 only
COPY centos-el8-vault.repo /etc/yum.repos.d
RUN echo "exclude=*.i386 *.i586 *.i686" >> /etc/yum.conf
RUN dnf --assumeyes --disablerepo '*' --enablerepo=extras swap centos-linux-repos centos-stream-repos \
 && dnf --assumeyes distro-sync \
 && dnf --assumeyes -q -e 0 install autoconf \
 automake \
 cmake \
 gcc \
 gcc-c++ \
 make \
 patch \
 patchutils \
 dracut \
 dracut-kernel \
 elfutils \
 elfutils-devel \
 elfutils-libelf \
 elfutils-libelf-devel \
 git \
 kbd \
 kbd-misc \
 grubby \
 zip \
 zlib \
 && dnf clean all --enablerepo=\*
WORKDIR /
RUN git clone https://github.com/davea42/libdwarf-code.git \
 && mkdir /build \
 && cd /build \
 && cmake ../libdwarf-code \
 && make > /tmp/log-file 2>&1 \
 && cp -p /build/src/bin/dwarfdump/dwarfdump /bin/dwarfdump \
 && cd / \
 && rm -rf /build /libdwarf-code

RUN git clone https://github.com/504ensicsLabs/LiME.git
RUN git clone https://github.com/volatilityfoundation/volatility.git

COPY build-volatility.el8.sh /build-volatility.sh

ENTRYPOINT ["/build-volatility.sh"]