2
0

Dockerfile 3.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
  1. ARG DOCKER_BASE_IMAGE=ubuntu:22.04
  2. FROM $DOCKER_BASE_IMAGE
  3. USER root
  4. # Set timezone to UTC
  5. RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
  6. ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat-traditional binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
  7. ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
  8. ARG DEPS_UDP_PROXY="wget libevent-dev"
  9. ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
  10. ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
  11. RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
  12. && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
  13. && apt clean -y && rm -rf /var/lib/apt/lists/*
  14. # Add 'docker' user
  15. ARG USER=docker
  16. ARG UID=1000
  17. ARG GID=1000
  18. RUN groupadd -f -g ${GID} docker && ( getent passwd ${UID} || useradd -ms /bin/bash ${USER} -u ${UID} -g ${GID} )
  19. # Add github.com as an SSH known host
  20. RUN ssh -o StrictHostKeyChecking=no -T git@github.com; cat ~/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
  21. # install ccache
  22. RUN mkdir -p /opt/ccache/bin && for prog in gcc g++ cc c++ cpp arm-none-eabi-c++ arm-none-eabi-cpp arm-none-eabi-gcc arm-none-eabi-g++; do ln -s /usr/bin/ccache /opt/ccache/bin/$(basename $prog); done
  23. ENV PATH /opt/ccache/bin:$PATH
  24. # install liboqs
  25. RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git && cd liboqs && git checkout db08f12b5a96aa6582a82aac7f65cf8a4d8b231f \
  26. && mkdir build && cd build && cmake -DOQS_DIST_BUILD=ON -DOQS_USE_CPUFEATURE_INSTRUCTIONS=OFF -DOQS_USE_OPENSSL=0 .. && make -j8 all && make install && cd ../.. && rm -rf liboqs
  27. RUN mkdir /opt/sources
  28. # install liblms
  29. RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \
  30. && sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a
  31. # Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
  32. RUN mkdir /var/empty
  33. RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
  34. # Install udp/tcp-proxy
  35. RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
  36. # Install libbacktrace
  37. RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install
  38. # Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
  39. RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump
  40. # Allow non-root to use gdb on processes (will need SYS_PTRACE capability when running the container)
  41. RUN setcap 'CAP_SYS_PTRACE+eip' /usr/bin/gdb
  42. # Add in Jenkins userID
  43. RUN for i in $(seq 1001 1010); do ( getent passwd ${i} || useradd -ms /bin/bash jenkins${i} -u ${i} -g ${GID} ); done
  44. USER ${UID}:${GID}