-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathDockerfile.release
190 lines (150 loc) · 5.04 KB
/
Dockerfile.release
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# Baseline image.
FROM --platform=linux/amd64 ubuntu:20.04@sha256:703218c0465075f4425e58fac086e09e1de5c340b12976ab9eb8ad26615c3715 as baseline
# Extra step to silence deps that don't obey simple "apt install -yq"
# instructions.
RUN DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
apt update -yq && \
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
apt install -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
tzdata
# Install dependencies. Make sure "naggy" apps don't break our automated builds
# by prompting us via interactive menus, even if we've hinted that we don't
# want any via "apt install -y". Also, always for an "apt update".
RUN apt update -yq && \
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
apt install -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
automake \
build-essential \
cmake \
g++ \
gcc \
git \
libtool \
libssl-dev \
make \
python3 \
python3-dev \
sudo \
vim \
acl
################################################################################
# mm m mmmm mmmmmmm mmmmmm
# #"m # m" "m # #
# # #m # # # # #mmmmm
# # # # # # # #
# # ## #mm# # #mmmmm
# This could save/reduce image size via the use of various optimizations, such
# as loading the build artfacts via an external Makefile, Docker mounts, etc.
# As it stands, I'm currently migrating my build infra to an RPI build farm, so
# time doesn't permit at the moment.
# -Matthew
# TODO: optimize.
################################################################################
################################################################################
#
# Build wolfSSL.
#
################################################################################
RUN git clone https://github.com/wolfSSL/wolfssl.git
RUN cd wolfssl && \
./autogen.sh && \
./configure --enable-certgen --enable-certreq --enable-certext --enable-pkcs7 --enable-cryptocb --enable-aescfb && \
make -j$(nproc) check && \
sudo make install && \
sudo ldconfig
################################################################################
#
# Build wolfTPM.
RUN git clone --depth 1 --branch v2.5.0 https://github.com/wolfSSL/wolftpm.git
RUN cd wolftpm && \
./autogen.sh && \
./configure -enable-swtpm --enable-debug --disable-shared --enable-wolfcrypt --disable-examples && \
make -j$(nproc)
# (no need of make install in our case)
################################################################################
#
# Build ibmswtpm.
#
################################################################################
RUN git clone https://github.com/kgoldman/ibmswtpm2.git && \
cd ibmswtpm2/src && \
make -j$(nproc) install
################################################################################
#
# Build eltt2
#
################################################################################
RUN git clone https://github.com/Infineon/eltt2.git && \
cd eltt2 && \
make
################################################################################
#
# Build tpm2-tss/abrmd/tools
#
################################################################################
# Part 1: bring in the required packages
# NB: the apt update statments here could be optimised
# Each of these RUN statements corresponds to the tss, abrmd and tools respectively
RUN apt update -yq && \
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
apt -y install \
autoconf-archive \
libcmocka0 \
libcmocka-dev \
procps \
iproute2 \
build-essential \
git \
pkg-config \
gcc \
libtool \
automake \
libssl-dev \
uthash-dev \
autoconf \
doxygen \
libjson-c-dev \
libini-config-dev \
libcurl4-openssl-dev
RUN apt update -yq && \
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
apt -y install \
libglib2.0-dev
RUN apt update -yq && \
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
apt -y install \
autoconf automake libtool pkg-config gcc \
libssl-dev libcurl4-gnutls-dev uuid-dev python-yaml
# Part 2: create a tss user for abrmd
RUN useradd --system --user-group tss
# Part 3: setup the working directory
RUN mkdir tpm2
# Part 4: buld tpm2-tss
WORKDIR /tpm2
RUN git clone https://github.com/tpm2-software/tpm2-tss.git && \
git clone https://github.com/tpm2-software/tpm2-abrmd.git && \
git clone https://github.com/tpm2-software/tpm2-tools.git
WORKDIR /tpm2/tpm2-tss
RUN ./bootstrap && \
./configure --with-udevrulesprefix && \
make -j$(nproc) && \
make install
RUN ldconfig
# Part 5: buld tpm2-abrmd
WORKDIR /tpm2/tpm2-abrmd
RUN ./bootstrap && \
./configure --with-dbuspolicydir=/etc/dbus-1/system.d && \
make -j$(nproc) && \
make install
RUN ldconfig
# Part 6: buld tpm2-tools
WORKDIR /tpm2/tpm2-tools
RUN ./bootstrap && \
./configure && \
make -j$(nproc) && \
make install
RUN ldconfig