Add docker image for signature generation with sigem

.gitignore

@@ -8,6 +8,9 @@ Cargo.lock
 # Best practice for something like this, the python scripts are not meant to be "deployed" from this repo state.
 poetry.lock
 
+binaryninja/
+*.dat
+
 # These are backup files generated by rustfmt
 **/*.rs.bk
 

docker/Dockerfile

@@ -0,0 +1,21 @@
+FROM rust:1.77 AS builder
+# The binaryninja-api commit to use, remember sigem is pulled from here.
+ARG COMMIT=30a0fbb5839b08dc58efe602a5cd19c90fbd4c50
+# Copy the binja install. This won't be included in the final image.
+COPY ./binaryninja /binaryninja
+ENV BINARYNINJADIR=/binaryninja
+# Clone the binaryninja-api repo where `sigem` lives.
+RUN apt-get update && apt-get install -y git libclang-dev
+RUN git clone https://github.com/Vector35/binaryninja-api /binaryninja-api \
+    && cd /binaryninja-api \
+    && git checkout $COMMIT
+# Install sigem
+RUN cargo install --path /binaryninja-api/plugins/warp/ --bin sigem
+
+FROM ubuntu:24.10 AS runner
+# Copy sigem binary over
+COPY --from=builder /usr/local/cargo/bin/sigem /usr/local/bin/sigem
+# Copy in the entrypoint (what sets up the environment)
+COPY ./entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

docker/docker-compose.yml

@@ -0,0 +1,18 @@
+services:
+  sigem:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      BN_LICENSE_FILE: /run/secrets/license
+    volumes:
+      - ./binaryninja:/binaryninja:ro
+      - ./signatures:/signatures
+      - ./data:/data:ro
+    secrets:
+      - license
+    command: [ "/data/a.out", "/signatures/a" ]
+
+secrets:
+  license:
+    file: license.dat

docker/entrypoint.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+mkdir -p ~/.binaryninja
+cp "$BN_LICENSE_FILE" ~/.binaryninja/license.dat
+exec sigem "$@"