Alkemist by RunSafe
ALKEMIST:PORTAL

alkemist logo

+

center logo for this page's deployment type

=

shield with heart in the middle
You're only a few steps away from deploying Alkemist:Source into your Docker environment!
1 of 7
Down Arrow Mirrored

Select Docker Base OS

First, select the operating system your build image uses, then select the version of that OS. All instructions throughout the rest of the page will be tailored to those choices.

2 of 7
Down Arrow

Open Your Dockerfile

The steps that follow this one will all use this sample Dockerfile as their base. The second tab is the hello_world.c used by the COPY command on line 7.

3 of 7
Down Arrow Mirrored

Add Alkemist:Source Stage

The first modification to your Dockerfile will be to add Alkemist:Source''s Load-time Function Randomization (LFR) image as a stage before the stage doing the build. The Alkemist:Source image contains two ONBUILD commands which handle license verification and other pre-build steps.

4 of 7
Down Arrow

Copy Alkemist:Source Files

After pulling in the Alkemist:Source stage you will copy Alkemist:Source out of that stage and into yours. First, set the LFR_ROOT_PATH environment variable to a location in your image that will contain Alkemist:Source during the build. This location will be removed at the end so pick somewhere that does not contain anything else.

Next, copy the files that comprise Alkemist:Source from the Alkemist:Source stage and into yours with COPY --from=lfr-files /usr/src/lfr ${LFR_ROOT_PATH}.

5 of 7
Down Arrow Mirrored

Add lfr-helper.sh and lfr-cleanup.sh

Now that your Docker image contains the files necessary for Alkemist:Source to run, prepend your build commands (make, gcc, g++, etc) with lfr-helper.sh to automatically integrate Alkemist:Source into your existing build process.

Also include a call to lfr-cleanup.sh after your build is completed to make sure that files which were only needed by Alkemist:Source for the build are not included in your final image.

The command shown will build the given hello_world.c into an Alkemist:Source-protected program called hello_world, but you can add lfr-helper.sh to any build command, simple or complex.

6 of 7
Down Arrow

Build Image with Alkemist:Source

Alkemist:Source expects your license key to be provided as an ALKEMIST_LICENSE_KEY build argument. The preferred way to do this is to specify your key as a build argument from the command line along with the current date, as shown.

The date is added in the Docker deployment method to avoid caching license information which will become stale in future builds. This will not invalidate the caching of your layers, only the final two ONBUILD commands within the Alkemist:Source image.

7 of 7
Alkemist Logo

Verify Alkemist:Source Protection

Each tab shows a different way to confirm that Alkemist:Source has been applied to a given binary. The examples are for the hello_world binary built in the previous step.