As encoding becomes a regular part of your development cycle, you may start to wonder how you can automate the process and make it part of your continuous delivery model. The following article was contributed by Hendrik Prinsloo of Clevva who uses ionCube as part of their CI process.
How to introduce code obfuscation in your continuous delivery model
Please note: This article is about a potential way of making code obfuscation part of your continuous delivery model; it is not about whether the concept is viable or not.
What?
As a release manager or developer I would like to have the source code encoded when a new version is released without having to do it manually.
Why?
We used to have a machine in our office dedicated to run the ionCube software. Whenever a new version was released, someone had to manually execute a step-by-step sequence to create an encoded version thereof. The ionCube software allows you to do it very easily. However, if you have to do this frequently, the repetitive nature of it would drive you insane.
It was during this insanity that we decided to automate it. The idea is very simple: move it to a cloud server and trigger it remotely. This extended into adopting it in our deployment pipeline, making it completely automated.
How?
The developer pushes a tag (or a branch) to the remote repository. Bitbucket’s pipelines catches the new tag (or updated branch) and executes a script. This script connects to the remote machine via ssh and executes the ionCube Encoder.
Pros
- Guaranteed compatibility of source code against the version of PHP
- Reverse engineering attempts require more effort
- Mitigate license manipulation/abuse
Cons
- Setup time
- Adds some time to your CD (depends on the size of your project)
Hello World
Step-by-step walkthrough to help you get started. You should be able to adapt this into your CI/CD flow regardless of what technology you are using.
Preparation
- Sign up for the ionCube Encoder trial and copy the download link (it will be emailed to your inbox)
- Set up public key authentication to the remote server
Let’s go
1. Copy git repo on local machine
me@local:/my-working-dir
git clone git@github.com:HendrikPrinsZA/ssh-ioncube.git &&
cd ssh-ioncube
2. Copy git repo on remote machine
administrator@devops.example.com:/var/www/html (ssh)
git clone git@github.com:HendrikPrinsZA/ssh-ioncube.git && cd
ssh-ioncube
3. Install ionCube PHP Encoder on remote machine
administrator@devops.example.com:/home/administrator (ssh)
wget
http://downloads3.ioncube.com/eval_download_packages/ioncube_encoder/linux_i686/en/ioncube_encoder_evaluation.tar.gz
tar -zxvf ioncube_encoder_evaluation.tar.gz
4. Trigger encoding from local machine
me@local:/my-working-dir/ssh-ioncube
./local.sh –host=”devops.example.com” \
–user=”administrator” \
–exec=”/var/www/html/ssh-ioncube/remote.sh” \
–source=”/var/www/html/ssh-ioncube/raw” \
–target=”/var/www/html/ssh-ioncube/encoded” \
–dir=”example-app” \–encoder=”/home/administrator/ioncube_encoder_evaluation/ioncube_e
ncoder.sh” \
–verbose
