-
Notifications
You must be signed in to change notification settings - Fork 159
/
Dockerfile
88 lines (78 loc) · 3 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# syntax=docker/dockerfile-upstream:1.5.0-rc2-labs
# Copyright (c) 2023 Zededa, Inc.
# SPDX-License-Identifier: Apache-2.0
FROM lfedge/eve-dom0-ztools:b8eaeec19d373228a4a842374e5de0d50f050853 as dom0
FROM lfedge/eve-alpine:82df60e43ab9f8c935584b8c7b4d0a4b0271d608 as build
ENV BUILD_PKGS="gcc g++ autoconf automake libtool make openssl-dev libtasn1-dev \
json-glib-dev gnutls bash expect gawk socat libseccomp-dev gmp-dev \
musl-utils autoconf-archive git json-c json-c-dev libcurl curl-dev \
patch go protobuf-dev"
ENV PKGS="libseccomp libcurl libstdc++ libprotobuf"
RUN eve-alpine-deploy.sh
# build libtpms, it is needed by swtpm
WORKDIR /libtpms
ADD https://github.com/stefanberger/libtpms.git#v0.9.6 /libtpms
RUN ./autogen.sh --prefix=/usr --with-tpm2
RUN make -j$(nproc)
RUN make -j$(nproc) install
RUN cp /usr/lib/libtpms.so.* /out/usr/lib/
RUN strip --strip-unneeded /out/usr/lib/libtpms.so.*
# build swtpm
WORKDIR /swtpm
ADD https://github.com/stefanberger/swtpm.git#v0.9.0 /swtpm
RUN ./autogen.sh --prefix=/out/usr
RUN make -j$(nproc)
RUN make -j$(nproc) install
RUN cp /out/usr/lib/swtpm/* /out/usr/lib/
RUN strip --strip-unneeded /out/usr/lib/swtpm/*.so*
# build tpm2-tss, it is needed by tpm2-tools
WORKDIR /tpm2-tss
ADD --keep-git-dir=true https://github.com/tpm2-software/tpm2-tss.git#4.0.1 /tpm2-tss
RUN ./bootstrap && \
./configure --disable-dependency-tracking && \
make -j$(nproc) && \
make install
RUN cp /usr/local/lib/libtss2* /out/usr/lib/
RUN strip --strip-unneeded /out/usr/lib/libtss2*.so*
# build tpm2-tools, it is needed by ptpm
WORKDIR /tpm2-tools
ADD --keep-git-dir=true https://github.com/tpm2-software/tpm2-tools.git#5.5 /tpm2-tools
COPY patch/patch-tpm2-tools.diff .
RUN patch -p1 < patch-tpm2-tools.diff
RUN ./bootstrap && \
./configure && \
make -j$(nproc)
RUN cp lib/.libs/libcommon.so* /out/usr/lib/
RUN cp tools/.libs/tpm2 /out/usr/bin/
RUN strip --strip-unneeded /out/usr/lib/*.so*
# Build vtpm
WORKDIR /vtpm-build
COPY swtpm-vtpm/src/ /vtpm-build/.
COPY swtpm-vtpm/ /vtpm-build/.
ARG GOPKGVERSION
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
# hadolint ignore=SC2046
RUN echo "Running go vet" && go vet ./... && echo "Running go fmt" && \
ERR=$(gofmt -e -l -s $(find . -name \*.go | grep -v /vendor/)) && \
if [ -n "$ERR" ] ; then echo "go fmt Failed - ERR: $ERR"; exit 1 ; fi
RUN GO111MODULE=on CGO_ENABLED=0 go build -ldflags "-s -w -X=main.Version=${GOPKGVERSION}" \
-mod=vendor -o /out/usr/bin/vtpm .
# Build ptpm
WORKDIR /ptpm-build
COPY Makefile /ptpm-build/
COPY src/ /ptpm-build/src
COPY proto/ /ptpm-build/proto
RUN make -j$(nproc) && cp ptpm /out/usr/bin/
RUN strip --strip-unneeded /out/usr/bin/ptpm
# remove static libraries and libtool libraries
RUN find /out/usr/lib/ -name '*.la' -delete
RUN find /out/usr/lib/ -name '*.a' -delete
FROM scratch
COPY --from=build /out/ /
COPY init.sh /usr/bin/
COPY --from=dom0 /etc/group /etc/group
COPY --from=dom0 /etc/passwd /etc/passwd
RUN mkdir /home && chown vtpm:vtpm /home
WORKDIR /home
ENTRYPOINT []
CMD ["/usr/bin/init.sh"]