Docker镜像逆向工程-镜像分析
一、Docker 逆向工程介绍
现在越来越多的企业基于容器和云来构建自己的基础架构,管理的容器越来越多,时而会遇到一些容器镜像不知道是干嘛的?容器运行时参数是什么?容器跑的应用是什么?针对这些疑问今天就是学习如何剖析在线的容器及其镜像的构造和内容。
开源地址:https://github.com/wagoodman/dive
1.1 Dive基本功能
(1)按层显示Docker镜像内容:在左侧选择一个图层时,将显示该图层的内容以及右侧的所有先前图层。此外,您还可以使用箭头键全面浏览文件树。
(2)指出每一层的变化:文件树中指示已更改,修改,添加或删除的文件。可以对其进行调整以显示特定层的更改,或显示直到该层的汇总更改
(3)估计“图像效率”:左下方的窗格显示基本图层信息和实验指标,该指标将猜测图像所包含的浪费空间。这可能是由于跨层复制文件,跨层移动文件或没有完全删除文件。提供百分比“得分”和总浪费文件空间。
(4)快速的构建/分析周期:您可以构建一个Docker镜像并使用以下命令立即进行分析:dive build -t some-tag .。您只需要用docker build 相同的 dive build 命令替换命令即可。
1.2 支持多个镜像源和容器引擎
(1)使用该 --source 选项,您可以选择从何处获取容器图像:
◆ dive <your-image> --source <source>
or
◆ dive <source>://<your-image>
(2)source 选项支持:
◆ docker:Docker引擎(默认选项)
◆ docker-archive:来自磁盘的 Docker Tar 存档
◆ podman:Podman引擎(仅Linux)
二、Dive安装部署与使用
2.1 RHEL/Centos安装部署
# 下载安装包 [root@kvm ~]# curl -OL https://github.com/wagoodman/dive/releases/download/v0.9.2/dive_0.9.2_linux_amd64.rpm % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 665 100 665 0 0 920 0 --:--:-- --:--:-- --:--:-- 922 100 4636k 100 4636k 0 0 12987 0 0:06:05 0:06:05 --:--:-- 17824 # 安装rpm包 [root@kvm ~]# rpm -ivh dive_0.9.2_linux_amd64.rpm Preparing... ################################# [100%] package dive-0.9.2-1.x86_64 is already installed
2.2 keyBindings
按键绑定 描述
Ctrl + C 退出
Tab 在层和文件树视图之间切换
Ctrl + F 筛选
PageUp 向上滚动页面
PageDown 向下滚动页面
Ctrl + A 镜像视图:查看聚合图像修改
Ctrl + L 镜像视图:查看当前图层修改
Space 文件树视图:折叠/取消折叠目录
Ctrl + Space 文件树视图:折叠/展开所有目录
Ctrl + A 文件树视图:显示/隐藏添加的文件
Ctrl + R 文件树视图:显示/隐藏已删除的文件
Ctrl + M 文件树视图:显示/隐藏修改的文件
Ctrl + U 文件树视图:显示/隐藏未修改的文件
Ctrl + B 文件树视图:显示/隐藏文件属性
PageUp Filetree视图:向上滚动页面
PageDown Filetree视图:向下滚动页面
2.3 镜像分析
(1)docker inspect 查看镜像的 Metadata 信息
[root@kvm ~]# docker pull uhub.service.ucloud.cn/ucloud/fping:1.0
Trying to pull repository uhub.service.ucloud.cn/ucloud/fping ...
1.0: Pulling from uhub.service.ucloud.cn/ucloud/fping
e7c96db7181b: Pull complete
298eba6db46a: Pull complete
Digest: sha256:69eb1580cc30200565af65c196942c1c79c0f710155c8a422932ac89a391dfea
Status: Downloaded newer image for uhub.service.ucloud.cn/ucloud/fping:1.0
[root@kvm ~]# docker inspect uhub.service.ucloud.cn/ucloud/fping:1.0
[
{
"Id": "sha256:45bf625730ca39070c324c890efec1eb2da92daa463f9995d93927c73107df9d",
"RepoTags": [
"uhub.service.ucloud.cn/ucloud/fping:1.0"
],
"RepoDigests": [
"uhub.service.ucloud.cn/ucloud/fping@sha256:69eb1580cc30200565af65c196942c1c79c0f710155c8a422932ac89a391dfea"
],
"Parent": "",
"Comment": "",
"Created": "2019-06-14T06:37:00.7231998Z",
"Container": "5775bac23857c5d434c714fc79ade214084ccff9a39b5e9cdaf4b60ee2a6e2b7",
"ContainerConfig": {
"Hostname": "5775bac23857",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"ENTRYPOINT [\"sh\" \"-c\" \"fping --timeout=100 --retry=0 --interval=0 -q -s -g $IPRNG || true\"]"
],
"ArgsEscaped": true,
"Image": "sha256:c16d909dce9b44f1a91d1a19695e0dbae167a2b559d02873b3f756e7e0458394",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"sh",
"-c",
"fping --timeout=100 --retry=0 --interval=0 -q -s -g $IPRNG || true"
],
"OnBuild": null,
"Labels": {}
},
"DockerVersion": "18.09.2",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": null,
"ArgsEscaped": true,
"Image": "sha256:c16d909dce9b44f1a91d1a19695e0dbae167a2b559d02873b3f756e7e0458394",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"sh",
"-c",
"fping --timeout=100 --retry=0 --interval=0 -q -s -g $IPRNG || true"
],
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 5598325,
"VirtualSize": 5598325,
"GraphDriver": {
"Name": "overlay2",
"Data": {
"LowerDir": "/var/lib/docker/overlay2/d73ba513b79ce064451afe1cdd1ca0977fc07567c117f8c4ffa5bee8f6475736/diff",
"MergedDir": "/var/lib/docker/overlay2/172437f73104f05ed1a0744f90ceb1b7a3de91422f5f1270c2aa92f5abd5838c/merged",
"UpperDir": "/var/lib/docker/overlay2/172437f73104f05ed1a0744f90ceb1b7a3de91422f5f1270c2aa92f5abd5838c/diff",
"WorkDir": "/var/lib/docker/overlay2/172437f73104f05ed1a0744f90ceb1b7a3de91422f5f1270c2aa92f5abd5838c/work"
}
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81",
"sha256:ab4bcf82a1e5becfeb3091e67a694d7cf14a81f1a7918393271d3ac7051ec9d7"
]
}
}
](2)docker history 查看镜像构建层命令
[root@kvm ~]# docker history uhub.service.ucloud.cn/ucloud/fping:1.0 IMAGE CREATED CREATED BY SIZE COMMENT 45bf625730ca 2 years ago /bin/sh -c #(nop) ENTRYPOINT ["sh" "-c" "... 0 B <missing> 2 years ago /bin/sh -c apk update && apk add fping &... 65.2 kB <missing> 2 years ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0 B <missing> 2 years ago /bin/sh -c #(nop) ADD file:a86aea1f3a7d68f... 5.53 MB # 可以通过添加 --no-trunc 参数显示每层详细构建命令 [root@kvm ~]# docker history uhub.service.ucloud.cn/ucloud/fping:1.0 --no-trunc IMAGE CREATED CREATED BY SIZE COMMENT sha256:45bf625730ca39070c324c890efec1eb2da92daa463f9995d93927c73107df9d 2 years ago /bin/sh -c #(nop) ENTRYPOINT ["sh" "-c" "fping --timeout=100 --retry=0 --interval=0 -q -s -g $IPRNG || true"] 0 B <missing> 2 years ago /bin/sh -c apk update && apk add fping && rm -rf /var/cache/apk/* 65.2 kB <missing> 2 years ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0 B <missing> 2 years ago /bin/sh -c #(nop) ADD file:a86aea1f3a7d68f6ae03397b99ea77f2e9ee901c5c59e59f76f93adbb4035913 in / 5.53 MB
(3)dive结果展示
[root@kvm ~]# dive uhub.service.ucloud.cn/ucloud/fping:1.0 --source docker ┃ ● Layers ┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ │ Current Layer Contents ├───────────────────────────────────────────────────────────── Cmp Size Command Permission UID:GID Size Filetree 5.5 MB FROM 71d8bda23179c19 drwxr-xr-x 0:0 796 kB ├── bin 65 kB apk update && apk add fping && rm -rf /var/cache/apk/* -rwxrwxrwx 0:0 0 B │ ├── arch → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── ash → /bin/busybox │ Layer Details ├────────────────────────────────────────────────────────────────────── -rwxrwxrwx 0:0 0 B │ ├── base64 → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── bbconfig → /bin/busybox Tags: (unavailable) -rwxr-xr-x 0:0 796 kB │ ├── busybox Id: 71d8bda23179c19debd3549a0fd640a0a7927f9471ff43335ef88e1058ab350c -rwxrwxrwx 0:0 0 B │ ├── cat → /bin/busybox Digest: sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81 -rwxrwxrwx 0:0 0 B │ ├── chgrp → /bin/busybox Command: -rwxrwxrwx 0:0 0 B │ ├── chmod → /bin/busybox #(nop) ADD file:a86aea1f3a7d68f6ae03397b99ea77f2e9ee901c5c59e59f76f93adbb4035913 in / -rwxrwxrwx 0:0 0 B │ ├── chown → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── conspy → /bin/busybox │ Image Details ├────────────────────────────────────────────────────────────────────── -rwxrwxrwx 0:0 0 B │ ├── cp → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── date → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── dd → /bin/busybox Total Image size: 5.6 MB -rwxrwxrwx 0:0 0 B │ ├── df → /bin/busybox Potential wasted space: 43 kB -rwxrwxrwx 0:0 0 B │ ├── dmesg → /bin/busybox Image efficiency score: 99 % -rwxrwxrwx 0:0 0 B │ ├── dnsdomainname → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── dumpkmap → /bin/busybox Count Total Space Path -rwxrwxrwx 0:0 0 B │ ├── echo → /bin/busybox 2 23 kB /lib/apk/db/installed -rwxrwxrwx 0:0 0 B │ ├── ed → /bin/busybox 2 20 kB /lib/apk/db/scripts.tar -rwxrwxrwx 0:0 0 B │ ├── egrep → /bin/busybox 2 152 B /lib/apk/db/triggers -rwxrwxrwx 0:0 0 B │ ├── false → /bin/busybox 2 124 B /etc/apk/world -rwxrwxrwx 0:0 0 B │ ├── fatattr → /bin/busybox 2 0 B /var/cache/apk -rwxrwxrwx 0:0 0 B │ ├── fdflush → /bin/busybox 2 0 B /lib/apk/db/lock -rwxrwxrwx 0:0 0 B │ ├── fgrep → /bin/busybox 2 0 B /var/cache/misc -rwxrwxrwx 0:0 0 B │ ├── fsync → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── getopt → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── grep → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── gunzip → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── gzip → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── hostname → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── ionice → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── iostat → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── ipcalc → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── kbd_mode → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── kill → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── link → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── linux32 → /bin/busybox -rwxrwxrwx 0:0 0 B │ ├── linux64 → /bin/busybox ▏^C Quit ▏Tab Switch view ▏^F Filter ▏^L Show layer changes ▏^A Show aggregated changes ▏
作者:UStarGao
链接:https://www.starcto.com/docker/219.html
来源:STARCTO
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
UCloud云平台推荐
随便看看
- 2021-01-24Console配置线使用方法
- 2021-05-29MongoDB全量备份+oplog增量备份数据恢复方案
- 2021-08-17开源运维平台-Spug
- 2021-09-14开源安全扫描工具OpenSCAP介绍
- 2021-09-14Docker部署RabbitMQ集群并实现Haproxy代理
