# Ghidra-equipped acquisition worker. Self-contained: bundles JDK 21 + a pinned Ghidra # release so `docker compose up` just works (at the cost of a heavy, slow-to-build image). # # Override the Ghidra build without editing this file: # docker build --build-arg GHIDRA_URL=https://github.com/.../ghidra_X_PUBLIC_DATE.zip ... # # IMPORTANT: the extractor is a Python (.py) headless post-script, which Ghidra runs via its # bundled **Jython**. Ghidra 11.4+ / 12.x REMOVED Jython - there `.py` headless needs PyGhidra # (CPython), which this image doesn't initialise, and you'll get: # "Ghidra was not started with PyGhidra. Python is not available" # So pin a Jython-era release (<= 11.3.x). If this URL 404s, copy the exact filename from # https://github.com/NationalSecurityAgency/ghidra/releases (form: ghidra__PUBLIC_.zip). FROM eclipse-temurin:21-jdk-jammy ARG GHIDRA_URL=https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_11.2.1_build/ghidra_11.2.1_PUBLIC_20241105.zip # Runtime deps: python (the package), unzip/wget (fetch Ghidra), libarchive-tools (bsdtar: # unpacks ISO9660 + ZIP game archives). RUN apt-get update && apt-get install -y --no-install-recommends \ python3 python3-pip unzip wget ca-certificates libarchive-tools \ && rm -rf /var/lib/apt/lists/* # Fetch + unpack Ghidra into /opt/ghidra (strip the versioned top-level dir). RUN wget -q "$GHIDRA_URL" -O /tmp/ghidra.zip \ && unzip -q /tmp/ghidra.zip -d /opt \ && mv /opt/ghidra_* /opt/ghidra \ && rm /tmp/ghidra.zip RUN pip3 install --no-cache-dir --upgrade pip setuptools wheel ENV GHIDRA_HOME=/opt/ghidra ENV AMS_GHIDRA_SCRIPTS=/app/ghidra_scripts ENV AMS_UPLOAD_DIR=/data/uploads WORKDIR /app COPY pyproject.toml README.md ./ COPY ams ./ams COPY ghidra_scripts ./ghidra_scripts COPY snapshots ./snapshots RUN pip3 install --no-cache-dir ".[api,acquire,worker]" # Drain the 'acquire' queue. Shell form so $REDIS_URL expands at runtime. CMD rq worker --url "${REDIS_URL:-redis://redis:6379/0}" acquire