aarch64系统可运行的docker镜像
构建自己的vsftpd镜像,我是在windows系统下的docker desktop中构建运行于aarch64 GNU/Linux系统的ftp镜像。
系统环境:
Welcome to Debian GNU/Linux with Linux x.x.x
dockerfile
FROM ubuntu:latestUSER rootRUN apt-get update && apt-get clean
RUN apt-get install -y vsftpd
RUN apt-get cleanCOPY vsftpd.conf /etc/vsftpd/EXPOSE 20 21# 复制启动脚本
COPY entrypoint.sh /etc/vsftpd/entrypoint.sh
RUN chmod +x /etc/vsftpd/entrypoint.sh# 设置启动脚本为默认入口
ENTRYPOINT ["/etc/vsftpd/entrypoint.sh"]entrypoint.sh(注意如果你是在windows系统下编写的可能到系统上运行不了,所以可以在系统上编写此文件)
#!/bin/bash
if [ -z "$FTP_USER"] || [ -z "$FTP_PASSWORD"]; thenecho "require user info"exit 1
fiuseradd -m -s /bin/bash $FTP_USER
echo "$FTP_USER:$FTP_PASSWORD" | chpasswd/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
allow_writeable_chroot=YES
pasv_min_port=21100
pasv_max_port=21110
文件已经准备好,构建镜像命令:--platform 参数表示构建镜像的目标平台
使用docker buildx命令构建aarch64架构的镜像
docker buildx build --platform linux/arm64 -t test:0.1 --load .
buildx 是 Docker 官方提供的一个构建工具,它可以帮助用户快速、高效地构建 Docker 镜像,并支持多种平台的构建。使用 buildx,用户可以在单个命令中构建多种架构的镜像,例如 x86 和 ARM 架构,而无需手动操作多个构建命令。此外,buildx 还支持 Dockerfile 的多阶段构建和缓存,这可以大大提高镜像构建的效率和速度。Docker Desktop,则默认安装了 buildx
docker buildx version
普通构建失败,使用Dockerfile自己做的服务镜像,docker run时启动失败:
docker报错standard init linux.go:228 exec user process caused: exec format error
当前服务器的CPU架构和构建镜像时的CPU架构不兼容。比如做镜像是在arm机器下构建的,而docker run是在amd架构下执行的。排查:
查看当前服务器的CPU架构信息
# Linux信息
uname -a
# 或
lscpu
查看镜像架构:
docker inspect test:0.1
系统和镜像查看如下则无问题:
此镜像可运行支持账号密码。注意,挂载目录要和账号同一目录。
docker run -d --privileged=true -p 21:21 -p 20:20 -v /test:/home/ftpuser/ -e FTP_USER=ftpuser -e FTP_PASSWORD=123456 --name test test:1.0
查看容器挂载目录
docker inspect -f '{{ .Mounts }}' 容器id
centos系统可运行的docker镜像
(参考大佬的:https://github.com/fauria/docker-vsftpd )
构建好的镜像可以直接私聊我发送。上传不了资源。
dockerfile
FROM centos:7
ADD Centos-7.repo /etc/yum.repos.d/CentOS-Base.repoUSER root
ARG USER_ID=14
ARG GROUP_ID=50RUN yum -y update && yum clean all
RUN yum install -y \vsftpd \db4-utils \db4 \iproute && yum clean allRUN usermod -u ${USER_ID} ftp
RUN groupmod -g ${GROUP_ID} ftpENV FTP_USER=**String** \FTP_PASS=**Random** \PASV_ADDRESS=**IPv4** \PASV_ADDR_RESOLVE=NO \PASV_ENABLE=YES \PASV_MIN_PORT=21100 \PASV_MAX_PORT=21110 \XFERLOG_STD_FORMAT=NO \LOG_STDOUT=**Boolean** \FILE_OPEN_MODE=0666 \LOCAL_UMASK=077 \REVERSE_LOOKUP_ENABLE=YES \PASV_PROMISCUOUS=NO \PORT_PROMISCUOUS=NOCOPY vsftpd.conf /etc/vsftpd/
COPY vsftpd_virtual /etc/pam.d/
COPY run-vsftpd.sh /usr/sbin/RUN set -x; chmod +x /usr/sbin/run-vsftpd.sh \&& mkdir -p /home/vsftpd/ \&& chown -R ftp:ftp /home/vsftpd/VOLUME /home/vsftpd
VOLUME /var/log/vsftpdEXPOSE 20 21CMD ["/usr/sbin/run-vsftpd.sh"]
run-vsftpd.sh
#!/bin/bash# If no env var for FTP_USER has been specified, use 'admin':
if [ "$FTP_USER" = "**String**" ]; thenexport FTP_USER='admin'
fi# If no env var has been specified, generate a random password for FTP_USER:
if [ "$FTP_PASS" = "**Random**" ]; thenexport FTP_PASS=`cat /dev/urandom | tr -dc A-Z-a-z-0-9 | head -c${1:-16}`
fi# Do not log to STDOUT by default:
if [ "$LOG_STDOUT" = "**Boolean**" ]; thenexport LOG_STDOUT=''
elseexport LOG_STDOUT='Yes.'
fi# Create home dir and update vsftpd user db:
mkdir -p "/home/vsftpd/${FTP_USER}"
chown -R ftp:ftp /home/vsftpd/echo -e "${FTP_USER}\n${FTP_PASS}" > /etc/vsftpd/virtual_users.txt
/usr/bin/db_load -T -t hash -f /etc/vsftpd/virtual_users.txt /etc/vsftpd/virtual_users.db# Set passive mode parameters:
if [ "$PASV_ADDRESS" = "**IPv4**" ]; thenexport PASV_ADDRESS=$(/sbin/ip route|awk '/default/ { print $3 }')
fiecho "pasv_address=${PASV_ADDRESS}" >> /etc/vsftpd/vsftpd.conf
echo "pasv_max_port=${PASV_MAX_PORT}" >> /etc/vsftpd/vsftpd.conf
echo "pasv_min_port=${PASV_MIN_PORT}" >> /etc/vsftpd/vsftpd.conf
echo "pasv_addr_resolve=${PASV_ADDR_RESOLVE}" >> /etc/vsftpd/vsftpd.conf
echo "pasv_enable=${PASV_ENABLE}" >> /etc/vsftpd/vsftpd.conf
echo "file_open_mode=${FILE_OPEN_MODE}" >> /etc/vsftpd/vsftpd.conf
echo "local_umask=${LOCAL_UMASK}" >> /etc/vsftpd/vsftpd.conf
echo "xferlog_std_format=${XFERLOG_STD_FORMAT}" >> /etc/vsftpd/vsftpd.conf
echo "reverse_lookup_enable=${REVERSE_LOOKUP_ENABLE}" >> /etc/vsftpd/vsftpd.conf
echo "pasv_promiscuous=${PASV_PROMISCUOUS}" >> /etc/vsftpd/vsftpd.conf
echo "port_promiscuous=${PORT_PROMISCUOUS}" >> /etc/vsftpd/vsftpd.conf# Get log file path
export LOG_FILE=`grep xferlog_file /etc/vsftpd/vsftpd.conf|cut -d= -f2`# stdout server info:
if [ ! $LOG_STDOUT ]; then
cat << EOBSERVER SETTINGS---------------· FTP User: $FTP_USER· FTP Password: $FTP_PASS· Log file: $LOG_FILE· Redirect vsftpd log to STDOUT: No.
EOB
else/usr/bin/ln -sf /dev/stdout $LOG_FILE
fi# Run vsftpd:
&>/dev/null /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
vsftpd_virtual
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/virtual_users
account required pam_userdb.so db=/etc/vsftpd/virtual_users
session required pam_loginuid.sovsftpd.conf
# Run in the foreground to keep the container running:
background=NO# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO# Uncomment this to allow local users to log in.
local_enable=YES## Enable virtual users
guest_enable=YES## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES# Uncomment this to enable any form of FTP write command.
write_enable=YES## PAM file name
pam_service_name=vsftpd_virtual## Home Directory for virtual users
user_sub_token=$USER
local_root=/home/vsftpd/$USER# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES# Workaround chroot check.
# See https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# and http://serverfault.com/questions/362619/why-is-the-chroot-local-user-of-vsftpd-insecure
allow_writeable_chroot=YES## Hide ids from user
hide_ids=YES## Enable logging
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log## Enable active mode
port_enable=YES
connect_from_port_20=YES
ftp_data_port=20## Disable seccomp filter sanboxing
seccomp_sandbox=NO### Variables set at container runtime
Centos-7.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
![CTF-PWN: WEB_and_PWN [第一届“吾杯”网络安全技能大赛 Calculator] 赛后学习(不会)](https://i-blog.csdnimg.cn/direct/e9f940a13c254eebab59528307df6faa.png)
