stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
37e11918e0f26d698baa71d2ea7b810ac3df25b3
git.stella-ops.org/devops/docker/ghidra/Dockerfile.headless
StellaOps Bot 37e11918e0 save progress
2026-01-06 09:42:20 +02:00

85 lines
2.9 KiB
Docker
Raw Blame History

# Copyright (c) StellaOps. All rights reserved.
# Licensed under AGPL-3.0-or-later.
# Ghidra Headless Analysis Server for BinaryIndex
#
# This image provides Ghidra headless analysis capabilities including:
# - Ghidra Headless Analyzer (analyzeHeadless)
# - ghidriff for automated binary diffing
# - Version Tracking and BSim support
#
# Build:
# docker build -f Dockerfile.headless -t stellaops/ghidra-headless:11.2 .
#
# Run:
# docker run --rm -v /path/to/binaries:/binaries stellaops/ghidra-headless:11.2 \
# /projects GhidraProject -import /binaries/target.exe -analyze
FROM eclipse-temurin:17-jdk-jammy
ARG GHIDRA_VERSION=11.2
ARG GHIDRA_BUILD_DATE=20241105
ARG GHIDRA_SHA256
LABEL org.opencontainers.image.title="StellaOps Ghidra Headless"
LABEL org.opencontainers.image.description="Ghidra headless analysis server with ghidriff for BinaryIndex"
LABEL org.opencontainers.image.version="${GHIDRA_VERSION}"
LABEL org.opencontainers.image.licenses="AGPL-3.0-or-later"
LABEL org.opencontainers.image.source="https://github.com/stellaops/stellaops"
LABEL org.opencontainers.image.vendor="StellaOps"
# Install dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
python3 \
python3-pip \
python3-venv \
curl \
unzip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Download and verify Ghidra
# Note: Set GHIDRA_SHA256 build arg for production builds
RUN curl -fsSL "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_${GHIDRA_VERSION}_build/ghidra_${GHIDRA_VERSION}_PUBLIC_${GHIDRA_BUILD_DATE}.zip" \
-o /tmp/ghidra.zip \
&& if [ -n "${GHIDRA_SHA256}" ]; then \
echo "${GHIDRA_SHA256} /tmp/ghidra.zip" | sha256sum -c -; \
fi \
&& unzip -q /tmp/ghidra.zip -d /opt \
&& rm /tmp/ghidra.zip \
&& ln -s /opt/ghidra_${GHIDRA_VERSION}_PUBLIC /opt/ghidra \
&& chmod +x /opt/ghidra/support/analyzeHeadless
# Install ghidriff in isolated virtual environment
RUN python3 -m venv /opt/venv \
&& /opt/venv/bin/pip install --no-cache-dir --upgrade pip \
&& /opt/venv/bin/pip install --no-cache-dir ghidriff
# Set environment variables
ENV GHIDRA_HOME=/opt/ghidra
ENV GHIDRA_INSTALL_DIR=/opt/ghidra
ENV JAVA_HOME=/opt/java/openjdk
ENV PATH="${GHIDRA_HOME}/support:/opt/venv/bin:${PATH}"
ENV MAXMEM=4G
# Create working directories with proper permissions
RUN mkdir -p /projects /scripts /output \
&& chmod 755 /projects /scripts /output
# Create non-root user for security
RUN groupadd -r ghidra && useradd -r -g ghidra ghidra \
&& chown -R ghidra:ghidra /projects /scripts /output
WORKDIR /projects
# Healthcheck - verify Ghidra is functional
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD analyzeHeadless /tmp HealthCheck -help > /dev/null 2>&1 || exit 1
# Switch to non-root user
USER ghidra
# Default entrypoint is analyzeHeadless
ENTRYPOINT ["analyzeHeadless"]
CMD ["--help"]
Reference in New Issue View Git Blame Copy Permalink