remove debian based docker image

.gitlab-ci.yml

@@ -28,17 +28,17 @@ test:py2.7:
   except:
   - tags
 
-test:py3.4:
-  stage: test
-  image: python:3.4
-  script:
-  - pip install tox
-  - tox -e py34
-  tags:
-  - docker
-  except:
-  - tags
-  - demo
+#test:py3.4:
+#  stage: test
+#  image: python:3.4
+#  script:
+#  - pip install tox
+#  - tox -e py34
+#  tags:
+#  - docker
+#  except:
+#  - tags
+#  - demo
 
 test:py3.6:
   stage: test
@@ -85,7 +85,8 @@ build:docker:latest:
   script:
   - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
   - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest -f docker/Dockerfile .
-  - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest-py3.6 -f docker/Dockerfile-py3.6 .
+  - docker tag $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest-py3.6
+#  - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest-py3.6 -f docker/Dockerfile-py3.6 .
   - cd docker/demo/docker-pg && docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:latest .
   - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest
   - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest-py3.6
@@ -100,7 +101,8 @@ build:docker:release:
   script:
   - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
   - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG -f docker/Dockerfile .
-  - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG-py3.6 -f docker/Dockerfile-py3.6 .
+  - docker tag $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG-py3.6
+#  - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG-py3.6 -f docker/Dockerfile-py3.6 .
   - cd docker/demo/docker-pg && docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$CI_COMMIT_TAG .
   - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG
   - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG-py3.6

contrib/gunicorn.d/burp-ui

@@ -7,7 +7,7 @@ CONFIG = {
         '--group=burpui',
         '--workers=5',
         '--timeout=300',
-        '--worker-class=gevent',
+        '--worker-class=eventlet',
         '--access-logfile=/var/log/gunicorn/burp-ui_access.log',
         '--error-logfile=/var/log/gunicorn/burp-ui_error.log',
         'burpui:create_app(conf="/etc/burp/burpui.cfg",logfile="/var/log/gunicorn/burp-ui_info.log")',

contrib/gunicorn/burpui_gunicorn.py

@@ -74,7 +74,7 @@ backlog = 2048
 #
 
 workers = 5
-worker_class = 'gevent'
+worker_class = 'eventlet'
 worker_connections = 1000
 timeout = 300
 keepalive = 2

docker/Dockerfile

@@ -1,20 +1,62 @@
-FROM debian:jessie
+FROM python:3.6-alpine
 MAINTAINER hi+burpui@ziirish.me
 
-RUN apt-get update \
- && DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales gunicorn cron netcat openssl \
- && update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
- && locale-gen en_US.UTF-8 \
- && dpkg-reconfigure -f noninteractive locales \
- && echo "Europe/Paris" >/etc/timezone \
- && dpkg-reconfigure -f noninteractive tzdata \
- && rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache supervisor logrotate librsync openssl tzdata nginx \
+	&& apk add --no-cache --virtual .fetch-deps \
+		tar \
+	\
+	&& wget -O burp.tar.gz https://github.com/grke/burp/archive/2.0.54.tar.gz \
+	&& wget -O uthash.tar.gz https://github.com/troydhanson/uthash/archive/v2.0.1.tar.gz \
+	&& mkdir -p /usr/src/burp /usr/src/uthash \
+	&& tar -xC /usr/src/burp --strip-components=1 -f burp.tar.gz \
+	&& tar -xC /usr/src/uthash --strip-components=1 -f uthash.tar.gz \
+	&& rm burp.tar.gz uthash.tar.gz \
+	\
+	&& apk add --no-cache --virtual .build-deps \
+		g++ \
+		libc-dev \
+		make \
+		openssl-dev \
+		zlib-dev \
+		librsync-dev \
+		pkgconfig \
+		yajl-dev \
+		autoconf \
+		automake \
+		libtool \
+	\
+# add build deps before removing fetch deps in case there's overlap
+	&& apk del .fetch-deps \
+	\
+	&& cd /usr/src/burp \
+	&& autoreconf -vif \
+	&& CPPFLAGS="-I../uthash/src" ./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc/burp \
+		--localstatedir=/var \
+	&& make -j$(getconf _NPROCESSORS_ONLN) \
+	&& make install \
+	&& make install-configs \
+	\
+	&& runDeps="$( \
+		scanelf --needed --nobanner --recursive /usr/local \
+			| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+			| sort -u \
+			| xargs -r apk info --installed \
+			| sort -u \
+	)" \
+	&& apk add --virtual .python-rundeps $runDeps \
+	&& apk del .build-deps \
+# needed for the bui-cli tool
+	&& ln -sf /usr/bin/nc /bin/nc \
+# do some cleanup
+	&& rm -rf /usr/src/burp /usr/src/uthash ~/.cache
 
 ADD . /burp-ui
 
-ADD docker/docker-release/assets/setup/ /app/setup/
-ADD docker/docker-release/assets/config/ /app/setup/config/
-ADD docker/docker-release/assets/init /app/init
+ADD docker/docker-alpine/assets/setup/ /app/setup/
+ADD docker/docker-alpine/assets/config/ /app/setup/config/
+ADD docker/docker-alpine/assets/init /app/init
 
 RUN chmod 755 /app/init
 RUN chmod 755 /app/setup/install

docker/Dockerfile-py3.6

@@ -1,71 +0,0 @@
-FROM python:3.6-alpine
-MAINTAINER hi+burpui@ziirish.me
-
-RUN apk add --no-cache supervisor logrotate librsync openssl tzdata nginx \
-	&& apk add --no-cache --virtual .fetch-deps \
-		tar \
-	\
-	&& wget -O burp.tar.gz https://github.com/grke/burp/archive/2.0.54.tar.gz \
-	&& wget -O uthash.tar.gz https://github.com/troydhanson/uthash/archive/v2.0.1.tar.gz \
-	&& mkdir -p /usr/src/burp /usr/src/uthash \
-	&& tar -xC /usr/src/burp --strip-components=1 -f burp.tar.gz \
-	&& tar -xC /usr/src/uthash --strip-components=1 -f uthash.tar.gz \
-	&& rm burp.tar.gz uthash.tar.gz \
-	\
-	&& apk add --no-cache --virtual .build-deps \
-		g++ \
-		libc-dev \
-		make \
-		openssl-dev \
-		zlib-dev \
-		librsync-dev \
-		pkgconfig \
-		yajl-dev \
-		autoconf \
-		automake \
-		libtool \
-	\
-# add build deps before removing fetch deps in case there's overlap
-	&& apk del .fetch-deps \
-	\
-	&& cd /usr/src/burp \
-	&& autoreconf -vif \
-	&& CPPFLAGS="-I../uthash/src" ./configure \
-		--prefix=/usr \
-		--sysconfdir=/etc/burp \
-		--localstatedir=/var \
-	&& make -j$(getconf _NPROCESSORS_ONLN) \
-	&& make install \
-	&& make install-configs \
-	\
-	&& runDeps="$( \
-		scanelf --needed --nobanner --recursive /usr/local \
-			| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
-			| sort -u \
-			| xargs -r apk info --installed \
-			| sort -u \
-	)" \
-	&& apk add --virtual .python-rundeps $runDeps \
-	&& apk del .build-deps \
-# needed for the bui-cli tool
-	&& ln -sf /usr/bin/nc /bin/nc \
-# do some cleanup
-	&& rm -rf /usr/src/burp /usr/src/uthash ~/.cache
-
-ADD . /burp-ui
-
-ADD docker/docker-alpine/assets/setup/ /app/setup/
-ADD docker/docker-alpine/assets/config/ /app/setup/config/
-ADD docker/docker-alpine/assets/init /app/init
-
-RUN chmod 755 /app/init
-RUN chmod 755 /app/setup/install
-RUN /app/setup/install
-
-EXPOSE 5000/tcp
-
-VOLUME ["/var/spool/burp"]
-VOLUME ["/etc/burp"]
-
-ENTRYPOINT ["/app/init"]
-CMD ["app:start"]

docker/README.rst

@@ -9,23 +9,19 @@ It is organized like this:
 - `demo/ <demo/>`_ contains the images used to build the demo.
 - `docker-alpine/ <docker-alpine/>`_ contains a small but complete image based
   on `alpine`_ and python 3.6.
-- `docker-release/ <docker-release/>`_ contains a complete image based on
-  `debian`_ and python 2.7.
 
 Usage
 -----
 
-Two Dockerfiles are provided in order to help you build those images.
+A Dockerfile is provided in order to help you build the release image.
 
-Here is how to build them:
+Here is how to build it:
 
 ::
 
     cd ..
-    # build the debian-based docker image:
-    docker build -t $USER/burp-ui:latest -f docker/Dockerfile .
-    # if you prefer the alpine-based docker image:
-    docker build -t $USER/burp-ui:alpine -f docker/Dockerfile-py3.6 .
+    # alpine-based docker image:
+    docker build -t $USER/burp-ui:alpine -f docker/Dockerfile .
 
 
 Alternatively, images are built by the CI and you can freely use them thanks to
@@ -40,4 +36,3 @@ the provided `docker-compose`_ config:
 .. _docker-compose: https://docs.docker.com/compose/
 .. _Burp-UI: https://git.ziirish.me/ziirish/burp-ui
 .. _alpine: https://alpinelinux.org/
-.. _debian: https://www.debian.org/

docker/docker-release/assets/config/burp-ui/burpui.cfg

@@ -1,186 +0,0 @@
-[Global]
-# On which port is the application listening
-port = 5000
-# On which address is the application listening
-# '::' is the default for all IPv6
-bind = ::
-# enable SSL
-ssl = false
-# ssl cert
-sslcert = /etc/burp/ssl_cert-server.pem
-# ssl key
-sslkey = /etc/burp/ssl_cert-server.key
-# burp server version 1 or 2
-version = 2
-# Handle multiple bui-servers or not
-# If set to 'false', you will need to declare at least one 'Agent' section (see
-# bellow)
-standalone = true
-# authentication plugin (mandatory)
-# list the misc/auth directory to see the available backends
-# to disable authentication you can set "auth: none"
-# you can also chain multiple backends. Example: "auth: ldap,basic"
-# the order will be respected unless you manually set a higher backend priority
-auth = basic
-# acl plugin
-# list misc/acl directory to see the available backends
-# default is no ACL
-acl = basic
-# You can change the prefix if you are behind a reverse-proxy under a custom
-# root path. For example: /burpui
-# You can also configure your reverse-proxy to announce the prefix through the
-# 'X-Script-Name' header. In this case, the bellow prefix will be ignored in
-# favour of the one announced by your reverse-proxy
-prefix = none
-
-[UI]
-# refresh interval of the pages in seconds
-refresh = 180
-# refresh interval of the live-monitoring page in seconds
-liverefresh = 5
-
-[Production]
-# storage backend (only used with gunicorn) for session and cache
-# may be either 'default' or 'redis'
-storage = redis
-# redis server to connect to
-redis = 127.0.0.1:6379
-
-[Security]
-## This section contains some security options. Make sure you understand the
-## security implications before changing these.
-# list of 'root' paths allowed when sourcing files in the configuration.
-# Set this to 'none' if you don't want any restrictions, keeping in mind this
-# can lead to accessing sensible files. Defaults to '/etc/burp'.
-# Note: you can have several paths separated by comas.
-# Example: /etc/burp,/etc/burp.d
-includes = /etc/burp
-# remember_cookie duration in days
-cookietime = 14
-# whether to use a secure cookie for https or not. If set to false, cookies
-# won't have the 'secure' flag.
-# This setting is only useful when HTTPS is detected
-scookie = true
-# application secret to secure cookies. If you don't set anything, the default
-# value is 'random' which will generate a new secret after every restart of your
-# application. You can also set it to 'none' although this is not recommended.
-# /!\ YOU CANNOT USE THE MAGIC 'random' VALUE WHEN USING GUNICORN /!\
-appsecret = random
-
-## burp1 backend specific options
-#[Burp1]
-## burp status address (can only be '127.0.0.1' or '::1')
-#bhost = ::1
-## burp status port
-#bport = 4972
-## burp binary
-#burpbin = /usr/sbin/burp
-## vss_strip binary
-#stripbin = /usr/sbin/vss_strip
-## burp client configuration file used for the restoration (Default: None)
-#bconfcli = /etc/burp/burp.conf
-## burp server configuration file used for the setting page
-#bconfsrv = /etc/burp/burp-server.conf
-## temporary directory to use for restoration
-#tmpdir = /tmp/bui
-
-## burp2 backend specific options
-[Burp2]
-## burp binary
-#burpbin = /usr/sbin/burp
-## vss_strip binary
-stripbin = /usr/bin/vss_strip
-## burp client configuration file used for the restoration (Default: None)
-#bconfcli = /etc/burp/burp.conf
-## burp server configuration file used for the setting page
-#bconfsrv = /etc/burp/burp-server.conf
-## temporary directory to use for restoration
-tmpdir = /tmp/bui
-
-## ldapauth specific options
-#[LDAP]
-## Backend priority. Higher is first
-#priority = 1
-## LDAP host
-#host = 127.0.0.1
-## LDAP port
-#port = 389
-## Encryption type to LDAP server (none, ssl or tls)
-## - try tls if unsure, otherwise ssl on port 636
-#encryption = ssl
-## specifies if the server certificate must be validated, values can be:
-##  - none (certificates are ignored)
-##  - optional (not required, but validated if provided)
-##  - required (required and validated)
-#validate = none
-## SSL or TLS version to use, can be one of the following:
-##  - SSLv2
-##  - SSLv3
-##  - SSLv23
-##  - TLSv1
-##  - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher)
-#version = TLSv1
-## the file containing the certificates of the certification authorities
-#cafile = none
-## Attribute to use when searching the LDAP repository
-##searchattr = sAMAccountName
-#searchattr = uid
-## LDAP filter to find users in the LDAP repository
-##  - {0} will be replaced by the search attribute
-##  - {1} will be replaced by the login name
-##filter = (&({0}={1})(burpui=1))
-##filter = (&({0}={1})(|(userAccountControl=512)(userAccountControl=66048)))
-## LDAP base
-#base = ou=users,dc=example,dc=com
-## Binddn to list existing users
-#binddn = cn=admin,dc=example,dc=com
-## Bindpw to list existing users
-#bindpw = Sup3rS3cr3tPa$$w0rd
-
-## basicauth specific options
-## Note: in case you leave this section commented, the default login/password
-## is admin/admin
-## Please DO NOT touch the following line
-## @salted@
-#[BASIC]
-## Backend priority. Higher is first
-#priority = 2
-#admin = password
-#user1 = otherpassword
-
-## basicacl specific options
-## Note: in case you leave this section commented, the user 'admin' will have
-## access to all clients whereas other users will only see the client that have
-## the same name
-#[BASIC:ACL]
-## Please note the double-quote around the username on the admin line are
-## mandatory!
-#admin = user1,user2
-## You can also overwrite the default behavior by specifying which clients a
-## user can access
-#user3 = '["client4", "client5"]'
-## In case you are not in a standalone mode, you can also specify which clients
-## a user can access on a specific Agent
-#user4 = '{"agent1": ["client6", "client7"], "agent2": ["client8"]}'
-
-## If you set standalone to 'false', add at least one section like this per
-## bui-agent
-#[Agent:agent1]
-## bui-agent address
-#host = 192.168.1.1
-## bui-agent port
-#port = 10000
-## bui-agent password
-#password = azerty
-## enable SSL
-#ssl = true
-
-#[Agent:agent2]
-## bui-agent address
-#host = 192.168.2.1
-## bui-agent port
-#port = 10000
-## bui-agent password
-#password = ytreza
-## enable SSL
-#ssl = true

docker/docker-release/assets/config/burp/burp-server.conf

@@ -1,175 +0,0 @@
-# This is an example config file for the burp server.
-
-mode = server
-
-# The default addresses to listen on depend upon compile time options.
-# They may be overridden here.
-address = 0.0.0.0
-port = 4971
-# Think carefully before changing the status port address, as it can be used
-# to view the contents of backups.
-status_address = 0.0.0.0
-# If you do not wish to run a status server at all, comment status_port out.
-status_port = 4972
-
-directory = /srv/backup
-dedup_group = global
-clientconfdir = /etc/burp/clientconfdir
-# Choose the protocol to use.
-# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
-# with a pseudo mirrored storage on the server and optional rsync). 2 forces
-# protocol2 mode (inline deduplication with variable length blocks).
-# Like many other settings, this can be set per client in the clientconfdir
-# files.
-protocol = 1
-pidfile = /tmp/burp.server.pid
-hardlinked_archive = 1
-working_dir_recovery_method = resume
-max_children = 5
-max_status_children = 10
-umask = 0022
-syslog = 1
-stdout = 0
-# The following options can restrict what the client can do.
-# Restore clients can override all of these expect for force_backup.
-client_can_delete = 1
-# Set client_can_force_backup to 0 to only allow timed backups.
-client_can_force_backup = 1
-client_can_list = 1
-# Set client_can_restore to 0 if you want restores to only be initialised by
-# the server.
-client_can_restore = 1
-client_can_verify = 1
-# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
-# ratelimit = 1.5
-# Network timeout defaults to 7200 seconds (2 hours).
-network_timeout = 1800
-
-# Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
-compression = gzip5
-
-# When the client version does not match the server version, log a warning.
-# Set to 0 to turn it off.
-version_warn = 1
-
-# More configuration files can be read, using syntax like the following
-# (without the leading '# ').
-# . path/to/more/conf
-
-# Location of autoupgrade files to serve to clients. Leave it commented out
-# to not autoupgrade clients.
-# autoupgrade_dir = /etc/burp/autoupgrade/server
-
-# You can have as many 'keep' lines as you like.
-# For example, if running backups daily, setting 7, 4, 6 will keep
-# 7 daily backups, 4 weekly, and 6 four-weekly backups.
-keep = 7
-keep = 4
-keep = 6
-
-# Run as different user/group.
-user = burpui
-group = burpui
-
-# CA options.
-# If you want your server to be a certificate authority and generate its own
-# certificates, uncomment the following lines. If the directory specified in
-# ca_conf does not exist, the server will create, populate it, and the paths
-# indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
-# overwritten. See docs/burp_ca.txt for more information.
-ca_conf = /etc/burp/CA.cnf
-ca_name = burpCA
-ca_server_name = burpserver
-ca_burp_ca = /usr/sbin/burp_ca
-
-# Check for revoked certificates in the certificate revocation list.
-# Turn this off if you use the old ssl_extra_checks_script server script.
-ca_crl_check = 1
-
-# SSL certificate authority - same file on both server and client
-ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
-
-# Server SSL certificate
-ssl_cert = /etc/burp/ssl_cert-server.pem
-
-# Server SSL key
-ssl_key = /etc/burp/ssl_cert-server.key
-
-# Server SSL ciphers
-#ssl_ciphers =
-
-# Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
-#ssl_compression = zlib5
-
-# SSL key password, for loading a certificate with encryption.
-#ssl_key_password = password
-
-# Server DH file.
-ssl_dhfile = /etc/burp/dhfile.pem
-
-timer_script = /usr/share/burp/scripts/timer_script
-# Ensure that 20 hours elapse between backups
-# Available units:
-# s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
-timer_arg = 1h
-timer_arg = Mon,Tue,Wed,Thu,Fri,05,06,07,08,09,10,11,12,13,14,15,16,17,18,19,20,21
-timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23
-# Allow backups to start in the evenings and nights during weekdays
-# Allow more hours at the weekend.
-# Note that, if you specify no timebands, the default timer script will never
-# allow backups.
-
-# Uncomment the notify_success_* lines for email notifications of backups that
-# succeeded.
-# In the subject line, the following are substituted:
-# %b - "backup"/"restore"/"verify"
-# %c - client name
-# %w - number of warnings, if any
-#notify_success_script = /usr/share/burp/scripts/notify_script
-#notify_success_arg = sendmail -t
-#notify_success_arg = To: youremail@example.com
-#notify_success_arg = From: burp
-#notify_success_arg = Subject: %b succeeded: %c %w
-# Uncomment the following to have success notifications only if there were
-# warnings.
-#notify_success_warnings_only = 1
-# Uncomment the following to have success notifications only if there were
-# new or changed files.
-#notify_success_changes_only = 1
-
-# Uncomment the following for email notifications of backups that failed.
-#notify_failure_script = /usr/share/burp/scripts/notify_script
-#notify_failure_arg = sendmail -t
-#notify_failure_arg = To: youremail@example.com
-#notify_failure_arg = From: burp
-#notify_failure_arg = Subject: %b failed: %c %w
-
-# The server can run scripts on each connection after authentication and before
-# disconnecting.
-#server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script
-#server_script_pre_arg = /etc/burp/crl
-#server_script_pre_arg = /etc/burp/burp-server.conf
-#server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local
-# Set server_script_pre_notify to 1 to have notifications on server_script_pre
-# returning non-zero. Most people will want to leave this off - it could
-# result in a lot of emails because clients normally connect once every 20
-# minutes. Requires notify_failure_script to be set above.
-#server_script_pre_notify = 0
-#server_script_post =
-#server_script_post_arg =
-#server_script_post_arg =
-#server_script_post_run_on_fail=0
-# As for server_script_pre_notify, but for post.
-#server_script_post_notify = 0
-
-# Clients that are able to list and restore files belonging to any other
-# client. If this is too permissive, you may set a restore_client for
-# individual original clients in the individual clientconfdir files.
-# restore_client = someclient
-# restore_client = someotherclient
-restore_client = agent
-
-# Whether or not the server process should cache the tree when a monitor client
-# is browsing a backup. Advantage: speed. Disadvantage: more memory is used.
-monitor_browse_cache = 1
-

docker/docker-release/assets/config/burp/burp.conf

@@ -1,125 +0,0 @@
-# This is an example config file for the burp client.
-
-mode = client
-port = 4971
-status_port = 4972
-server = 127.0.0.1
-password = abcdefgh
-cname = agent
-# Choose the protocol to use.
-# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
-# with a pseudo mirrored storage on the server and optional rsync). 2 forces
-# protocol2 mode (inline deduplication with variable length blocks).
-protocol = 1
-pidfile = /tmp/burp.client.pid
-syslog = 1
-stdout = 0
-progress_counter = 1
-# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
-# ratelimit = 1.5
-# Network timeout defaults to 7200 seconds (2 hours).
-network_timeout = 72000
-# The directory to which autoupgrade files will be downloaded.
-# To never autoupgrade, leave it commented out.
-# autoupgrade_dir=/opt/burp2/etc/autoupgrade/client
-# OS path component for the autoupgrade directory on the server.
-# autoupgrade_os=test_os
-# Wait a random number of seconds between 0 and the given number before
-# contacting the server on a timed backup.
-# randomise = 1200
-
-# Set server_can_restore to 0 if you do not want the server to be able to
-# initiate a restore.
-server_can_restore = 0
-
-# Set an encryption password if you do not trust the server with your data.
-# Note that this will mean that network deltas will not be possible. Each time
-# a file changes, the whole file will be transferred on the next backup.
-# encryption_password = My^$pAsswIrD%@
-
-# More configuration files can be read, using syntax like the following
-# (without the leading '# ').
-# . path/to/more/conf
-
-# Run as different user/group.
-# user=graham
-# group=nogroup
-
-cross_filesystem=/home
-cross_all_filesystems=0
-
-# Uncomment the following lines to automatically generate a certificate signing
-# request and send it to the server.
-ca_burp_ca = /usr/sbin/burp_ca
-ca_csr_dir = /etc/burp/CA-client
-
-# SSL certificate authority - same file on both server and client
-ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
-
-# Client SSL certificate
-ssl_cert = /etc/burp/ssl_cert-client.pem
-
-# Client SSL key
-ssl_key = /etc/burp/ssl_cert-client.key
-
-# Client SSL ciphers
-#ssl_ciphers = 
-
-# Client SSL compression. Default is zlib5. Set to zlib0 to turn it off.
-#ssl_compression = zlib5
-
-# SSL key password
-ssl_key_password = password
-
-# Common name in the certificate that the server gives us
-ssl_peer_cn = burpserver
-
-# Example syntax for pre/post scripts
-#backup_script_pre=/path/to/a/script
-#backup_script_post=/path/to/a/script
-#restore_script_pre=/path/to/a/script
-#restore_script_post=/path/to/a/script
-
-# The following options specify exactly what to backup.
-# The server will override them if there is at least one 'include=' line on
-# the server side.
-include = /etc
-include = /home
-#exclude = /home/graham/testdir/librsync-0.9.7/testsuite
-#include = /home/graham/testdir/librsync-0.9.7/testsuite/deep
-#include = /home/graham/xdir
-#exclude = /home/graham/testdir/libr
-# Exclude file names ending in '.vdi' or '.vmdk' (case insensitive)
-#exclude_ext = vdi
-#exclude_ext = vmd
-# Exlude file path matching a regular expression
-# (note that 'include_regex' is not yet implemented)
-#exclude_regex = \.cache
-# Exclude various temporary file systems. You may want to add devfs, devpts,
-# proc, ramfs, etc.
-exclude_fs = sysfs
-exclude_fs = tmpfs
-# Exclude files based on size. Defaults are 0, which means no limit.
-#min_file_size = 0 Mb
-#max_file_size = 0 Mb
-# The content of directories containing a filesystem entry named like this
-# will not be backed up.
-nobackup = .nobackup
-# By default, burp backups up the fifos themselves, rather than reading from
-# them. These two options let you choose a particular fifo to read, or read
-# from all fifos.
-#read_fifo=/path/to/a/fifo
-#read_all_fifos=0
-# The same for block device nodes.
-#read_blockdev=/path/to/a/blockdev
-#read_all_blockdevs=0
-# Exclude files from compression by extension.
-exclude_comp=bz2
-exclude_comp=gz
-# When backing up, whether to enable O_NOATIME when opening files and
-# directories. The default is atime=0, which enables O_NOATIME.
-#atime=1
-# When enabled, this causes problems in the phase1 scan (such as an 'include'
-# being missing) to be treated as fatal errors. The default is 0.
-#scan_problem_raises_error=1
-

docker/docker-release/assets/config/gunicorn.d/burp-ui

@@ -1,13 +0,0 @@
-CONFIG = {
-    'args': (
-        '--bind=0.0.0.0:5000',
-        '--user=burpui',
-        '--group=burpui',
-        '--workers=5',
-#        '--preload',
-        '--worker-class=gevent',
-        '--access-logfile=/var/log/gunicorn/burp-ui_access.log',
-        '--error-logfile=/var/log/gunicorn/burp-ui_error.log',
-        'burpui:create_app("@BURPUI_CONFIG@",logfile="/var/log/gunicorn/burp-ui_info.log",verbose=@BURPUI_VERBOSE@)',
-    ),
-}

docker/docker-release/assets/init

@@ -1,158 +0,0 @@
-#!/bin/bash
-set -e
-
-trap appStop SIGINT SIGTERM
-
-appStart () {
-
-  BURPUI_CONFIG=${BURPUI_CONFIG:-/etc/burp/burpui.cfg}
-  BURPUI_CLIENT_NAME=${BURPUI_CLIENT_NAME:-bui}
-  BURPUI_VERBOSE=${BURPUI_VERBOSE:-0}
-  BURPUI_UID=${BURPUI_UID:-5337}
-  BURPUI_GID=${BURPUI_GID:-5337}
-  BURPUI_PLUGINS=${BURPUI_PLUGINS:-none}
-  BURP_CLIENT_CONFIG=${BURP_CLIENT_CONFIG:-/tmp/burp.conf}
-  BURP_SERVER_CONFIG=${BURP_SERVER_CONFIG:-/etc/burp/burp-server.conf}
-  BURP_SERVER_ADDR=${BURP_SERVER_ADDR:-auto}
-  REDIS_SERVER=${REDIS_SERVER:-redis:6379}
-  DATABASE_URL=${DATABASE_URL:-sqlite:////var/lib/burpui/store.db}
-  TIMEZONE=${TIMEZONE:-Europe/Paris}
-
-  [ -e /usr/share/zoneinfo/$TIMEZONE ] && {
-    cp /usr/share/zoneinfo/$TIMEZONE /etc/localtime
-    echo "$TIMEZONE" >/etc/timezone
-  }
-
-  # Create burp-ui User
-  getent group | grep -q burpui || groupadd -g $BURPUI_GID burpui
-  getent passwd | grep -q burpui || useradd -r -m -d /var/lib/burpui -c 'Burp-UI daemon user' -u $BURPUI_UID -g $BURPUI_GID burpui
-  chown -R burpui: /var/log/gunicorn
-
-  [ -e /etc/burp/this_is_a_decoy_file_to_know_if_we_can_chown ] && {
-    chown -R burpui: /etc/burp
-    rm /etc/burp/this_is_a_decoy_file_to_know_if_we_can_chown
-  }
-
-  [ "$BURP_SERVER_ADDR" == "auto" ] && {
-    BURP_SERVER_ADDR=$(ip route sh | grep default | awk '{print $3;}')
-  }
-
-  [ -e "$BURPUI_CONFIG" ] || {
-    cp /usr/local/share/burpui/etc/burpui.sample.cfg $BURPUI_CONFIG
-    chown burpui: $BURPUI_CONFIG
-  }
-
-  # wait for redis to be up
-  sleep 3
-
-  LOGFILE=$(mktemp)
-  bui-manage -c $BURPUI_CONFIG setup_burp -b $BURP_CLIENT_CONFIG \
-    -s $BURP_SERVER_CONFIG -h $BURP_SERVER_ADDR -c $BURPUI_CLIENT_NAME \
-    -r $REDIS_SERVER -d $DATABASE_URL -p $BURPUI_PLUGINS 2>&1 | tee $LOGFILE
-
-  CELERY="True"
-  grep -q "Unable to contact the redis server" $LOGFILE && CELERY=""
-  rm $LOGFILE
-
-  [ "$DATABASE_URL" != "none" ] && {
-    su -l burpui -c "/usr/local/bin/bui-manage -c $BURPUI_CONFIG db upgrade"
-  }
-
-  # You can change log verbosity at runtime
-  [ -e /etc/gunicorn.d/burp-ui.example ] || cp -a /etc/gunicorn.d/burp-ui /etc/gunicorn.d/burp-ui.example
-  perl -pe "s#\@BURPUI_CONFIG\@#$BURPUI_CONFIG#" /etc/gunicorn.d/burp-ui.example >/etc/gunicorn.d/burp-ui
-  perl -i -pe "s#\@BURPUI_VERBOSE\@#$BURPUI_VERBOSE#" /etc/gunicorn.d/burp-ui
-
-  ssl_cert_ca=$(grep -E "^\s*ssl_cert_ca\s*=" $BURP_CLIENT_CONFIG | cut -d= -f2 | sed -e "s/\s*//g")
-  ssl_cert=$(grep -E "^\s*ssl_cert\s*=" $BURP_CLIENT_CONFIG | cut -d= -f2 | sed -e "s/\s*//g")
-  ssl_key=$(grep -E "^\s*ssl_key\s*=" $BURP_CLIENT_CONFIG | cut -d= -f2 | sed -e "s/\s*//g")
-
-  [ -z "$ssl_cert_ca" ] && {
-    echo "Unable to locate ssl_cert_ca in $BURP_CLIENT_CONFIG"
-    exit 1
-  }
-  [ -z "$ssl_cert" ] && {
-    echo "Unable to locate ssl_cert in $BURP_CLIENT_CONFIG"
-    exit 1
-  }
-  [ -z "$ssl_key" ] && {
-    echo "Unable to locate ssl_key in $BURP_CLIENT_CONFIG"
-    exit 1
-  }
-
-  [ ! -e "$ssl_cert_ca" -a ! -e "$ssl_cert" -a ! -e "$ssl_key" ] && {
-    # pre-generate burp certs because of https://github.com/grke/burp/issues/512
-    TMPFILE=$(mktemp)
-    /usr/sbin/burp -c $BURP_CLIENT_CONFIG -a l 2>&1 >$TMPFILE
-    for file in $(grep "Could not find ssl" $TMPFILE | cut -d' ' -f8 | sed "s/:$//")
-    do
-      chgrp burpui $file
-      chmod g+rw $file
-    done
-    rm $TMPFILE
-  }
-
-  # start supervisord
-  /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
-
-  echo "Starting crond..."
-  supervisorctl start cron >/dev/null
-
-  echo "Starting burp..."
-  supervisorctl start burp >/dev/null
-
-  [ -n "$CELERY" ] && {
-    echo "Starting bui-celery..."
-    supervisorctl start bui-celery >/dev/null
-  }
-
-  echo "Starting gunicorn..."
-  /etc/init.d/gunicorn restart >/dev/null
-
-  # wait a bit for the logs to be populated
-  sleep 2
-
-  # watch the access logs
-  tail -F /var/log/gunicorn/burp-ui_info.log
-}
-
-appStop() {
-  echo ""
-  echo "Stopping gunicorn..."
-  /etc/init.d/gunicorn stop >/dev/null
-  echo "Stopping burp..."
-  supervisorctl stop burp >/dev/null
-  echo "Stopping crond..."
-  supervisorctl stop cron >/dev/null
-  echo "Stopping supervisord..."
-  kill -15 $(cat /var/run/supervisord.pid)
-  exit
-}
-
-appHelp () {
-  echo "Available options:"
-  echo " app:start          - Starts the burp-ui server (default)"
-  echo " app:help           - Displays the help"
-  echo " [command]          - Execute the specified linux command eg. bash."
-}
-
-case "$1" in
-  app:start)
-    appStart
-    ;;
-  *)
-    if [ -x $1 ]; then
-      $1
-    else
-      prog=$(which $1)
-      if [ -n "${prog}" ] ; then
-        shift 1
-        su -l burpui -c "$prog $@"
-      else
-        appHelp
-      fi
-    fi
-    ;;
-esac
-
-exit 0

docker/docker-release/assets/setup/install

@@ -1,115 +0,0 @@
-#!/bin/bash
-# Build: @build@
-set -e
-
-SETUP_DIR="/app/setup"
-CONFIG_DIR="${SETUP_DIR}/config"
-
-apt-get update
-DEBIAN_FRONTEND=noninteractive apt-get install -y wget python2.7-dev git python-pip libffi-dev libmysqlclient-dev libpq-dev libpq5
-
-echo "deb http://ziirish.info/repos/debian/jessie zi-stable main" >/etc/apt/sources.list.d/ziirish.list
-wget https://ziirish.info/repos/debian.gpg -O- | apt-key add -
-apt-get update
-
-DEBIAN_FRONTEND=noninteractive apt-get remove -y python-cffi
-DEBIAN_FRONTEND=noninteractive apt-get install -y libssl-dev burp-client
-
-# Install burp-ui
-pip install --upgrade pip
-cd /burp-ui
-git submodule update --init
-pip install -r requirements.txt
-python setup.py sdist
-pip install ujson
-pip install gevent
-pip install redis
-pip install mysqlclient
-pip install psycopg2
-pip install flask-limiter
-pip install Flask-Session
-pip install Flask-SQLAlchemy
-pip install Flask-Migrate
-pip install sqlalchemy-utils
-pip install celery
-pip install dist/*.tar.gz
-
-cffi=$(grep cffi requirements.txt)
-cd
-rm -rf /burp-ui
-
-mkdir -p /var/log/gunicorn
-
-# configure supervisord log rotation
-cat > /etc/logrotate.d/supervisord <<EOF
-/var/log/supervisor/*.log {
-  weekly
-  missingok
-  rotate 52
-  compress
-  delaycompress
-  notifempty
-  copytruncate
-}
-EOF
-
-# configure gunicorn log rotation
-cat > /etc/logrotate.d/gunicorn <<EOF
-/var/log/gunicorn/*.log {
-  daily
-  missingok
-  rotate 14
-  compress
-  delaycompress
-  notifempty
-  copytruncate
-}
-EOF
-
-# configure supervisord to start crond
-cat > /etc/supervisor/conf.d/cron.conf <<EOF
-[program:cron]
-priority=20
-directory=/tmp
-command=/usr/sbin/cron -f
-user=root
-autostart=false
-autorestart=true
-stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/var/log/supervisor/%(program_name)s.log
-EOF
-
-# configure celery worker                                                       
-cat > /etc/supervisor/conf.d/bui-celery.conf <<EOF
-[program:bui-celery]
-priority=20
-directory=/tmp
-command=/usr/local/bin/bui-celery --beat -s /var/lib/burpui/celerybeat-schedule
-user=burpui
-autostart=false
-autorestart=true
-stdout_logfile=/var/log/supervisor/%(program_name)s.log
-stderr_logfile=/var/log/supervisor/%(program_name)s.log
-EOF
-
-cp ${CONFIG_DIR}/gunicorn.d/burp-ui /etc/gunicorn.d/burp-ui
-
-# this is used in case nothing is monted on /etc/burp
-mkdir -p /etc/burp/clientconfdir
-cp ${CONFIG_DIR}/burp-ui/burpui.cfg /etc/burp/burpui.cfg
-
-cat ${CONFIG_DIR}/burp/burp.conf >/etc/burp/burp.conf
-cat ${CONFIG_DIR}/burp/burp-server.conf >/etc/burp/burp-server.conf
-rm -rf /etc/burp/clientconfdir/*
-echo "password = abcdefgh" >/etc/burp/clientconfdir/agent
-
-touch /etc/burp/this_is_a_decoy_file_to_know_if_we_can_chown
-
-# cleanup
-apt-get remove -y python2.7-dev git python-pip libffi-dev libssl-dev wget libpq-dev
-apt-get clean
-apt-get autoclean
-apt-get -y autoremove
-# cffi breaks after the cleanup
-/usr/local/bin/pip install $cffi
-rm -rf /var/lib/apt/lists/*

setup.py

@@ -275,8 +275,8 @@ setup(
     extras_require={
         'ldap_authentication': ['ldap3'],
         'extra': ['ujson'],
-        'gunicorn': ['gevent', 'gunicorn'],
-        'gunicorn-extra': ['redis', 'Flask-Session==0.3.0'],
+        'gunicorn': ['eventlet', 'gunicorn'],
+        'gunicorn-extra': ['redis', 'Flask-Session==0.3.1'],
         'agent': ['gevent'],
         'ci': test_requires,
         'dev': dev_requires,