Dockerized unshield

[DanteyPL]

Added dockerized version of unshield that can be run without cluttering disk with dependencies

Final image is using scratch as dockerized app base and it takes only 865kB as built image

Only small drawback - in help Syntax is showing Basename /app/unshield which is used in Dockerfile ENTRYPOINT

[twogood]

Thank you!

Maybe there could also be a GitHub Action to build a docker image and create an artifact?

[DanteyPL]

Yeah. That could be done pretty easily. And build artifact could be pushed to hub.docker.com or GitHub Packages.

Unfortunatelly i am not proficient with GitHub Actions, but looking at the docs it seems pretty easy.

https://docs.github.com/en/actions/tutorials/publish-packages/publish-docker-images#publishing-images-to-docker-hub-and-github-packages

I can try to write something, if you want.

[DanteyPL]

I've added missing openssl-dev package to building stage.
With libcrypto and statically linked libunshield, final image grown to 5.81MB. It is the smallest possible image, that could be created without statically linking all other libs to app.

[twogood]

I think that it should be possible to make a static build of unshield?

[DanteyPL]

Yes it is possible. In latest build i've used flag -DBUILD_STATIC=ON. It included only unshielded.so lib to binary. It made final image smaller by ~30 kB. (Image with dynamically linked 5.84MB).

ldd /usr/local/bin/unshield
        /lib/ld-musl-x86_64.so.1 (0x78bd930bc000)
        libz.so.1 => /usr/lib/libz.so.1 (0x78bd93093000)
        libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x78bd92bce000)
        libc.musl-x86_64.so.1 => /lib/ld-musl-x86_64.so.1 (0x78bd930bc000)

[twogood]

Sorry for the delay in feedback, but if the static build worked why do we need the libz and libcrypto libraries?

[DanteyPL]

libz.so for compression and decompression
libcrypto is from OpenSSL - required for cryptografic functions

[twogood]

libz.so for compression and decompression libcrypto is from OpenSSL - required for cryptografic functions

Yes, I only thought that the static linking would also link OpenSSL and zlib statically, not just libunshield... but I had never checked! :)

[DanteyPL]

Oh. I just assumed that you knew that static linking option from cmake only makes it static link of libunshield :)

[twogood]

@DanteyPL thank you for your patience, I think I want to use an official Docker image for building, so that it is less likely that something is inserted in the binary at build time. So maybe use https://hub.docker.com/_/gcc and install cmake if needed? Seems to be Debian-based so should be easy.