From 993fc58be2dd9a477c06a5a2345be2e680e1eff6 Mon Sep 17 00:00:00 2001 From: Pramod Raghavendra Jayathirth Date: Mon, 4 Mar 2019 06:46:29 -0800 Subject: Updating the docker file to support latest tss Issue-ID: AAF-778 Change-Id: I1dce78d4f2a6ab53432652b51989e9dcba5755c5 Signed-off-by: Pramod Raghavendra Jayathirth --- bin/base/build_base_images.sh | 9 ----- bin/base/openssldockerfile | 81 ------------------------------------- bin/base/xenialdockerfile | 55 +++++++++++++++---------- bin/distcenter/distcenterdockerfile | 2 +- 4 files changed, 34 insertions(+), 113 deletions(-) delete mode 100644 bin/base/openssldockerfile diff --git a/bin/base/build_base_images.sh b/bin/base/build_base_images.sh index b6f8783..9f8aae3 100755 --- a/bin/base/build_base_images.sh +++ b/bin/base/build_base_images.sh @@ -12,7 +12,6 @@ PROJECT="aaf" IMAGE="aaf-base" DOCKER_REPOSITORY="nexus3.onap.org:10003" IMAGE_NAME_XENIAL="${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/${IMAGE}-xenial" -IMAGE_NAME_OPENSSL_110="${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/${IMAGE}-openssl_1.1.0" TIMESTAMP=$(date +"%Y%m%dT%H%M%S") if [ $HTTP_PROXY ]; then @@ -26,8 +25,6 @@ echo $BUILD_ARGS function build_image { echo "Start build docker image: ${IMAGE_NAME_XENIAL}:latest" docker build ${BUILD_ARGS} -t ${IMAGE_NAME_XENIAL}:latest -f xenialdockerfile . - echo "Start build docker image: ${IMAGE_NAME_OPENSSL_110}:latest" - docker build ${BUILD_ARGS} -t ${IMAGE_NAME_OPENSSL_110}:latest -f openssldockerfile . } function push_image { @@ -36,12 +33,6 @@ function push_image { echo "Start push ${IMAGE_NAME_XENIAL}:${VERSION}-SNAPSHOT-latest" docker tag ${IMAGE_NAME_XENIAL}:latest ${IMAGE_NAME_XENIAL}:${VERSION}-SNAPSHOT-latest docker push ${IMAGE_NAME_XENIAL}:${VERSION}-SNAPSHOT-latest - echo "Start push ${IMAGE_NAME_OPENSSL_110}:latest" - docker push ${IMAGE_NAME_OPENSSL_110}:latest - echo "Start push ${IMAGE_NAME_OPENSSL_110}:${VERSION}-SNAPSHOT-latest" - docker tag ${IMAGE_NAME_OPENSSL_110}:latest ${IMAGE_NAME_OPENSSL_110}:${VERSION}-SNAPSHOT-latest - docker push ${IMAGE_NAME_OPENSSL_110}:${VERSION}-SNAPSHOT-latest - } build_image diff --git a/bin/base/openssldockerfile b/bin/base/openssldockerfile deleted file mode 100644 index 6c323c4..0000000 --- a/bin/base/openssldockerfile +++ /dev/null @@ -1,81 +0,0 @@ -FROM ubuntu:xenial - -RUN apt-get -y update && \ - apt-get -y install \ - autoconf \ - autoconf-archive \ - libglib2.0-dev \ - libdbus-1-dev \ - automake \ - libtool \ - autotools-dev \ - libcppunit-dev \ - p11-kit \ - libcurl4-gnutls-dev \ - libcmocka0 \ - libcmocka-dev \ - build-essential \ - git \ - pkg-config \ - vim \ - gcc \ - g++ \ - m4 \ - curl \ - wget \ - liburiparser-dev \ - libssl-dev \ - pandoc \ - opensc \ - default-jdk - -RUN apt-get -y install libgcrypt20-dev - -RUN git clone https://github.com/tpm2-software/tpm2-tss.git -RUN git clone https://github.com/tpm2-software/tpm2-abrmd.git -RUN git clone https://github.com/tpm2-software/tpm2-tools.git - -RUN cd tpm2-tss && \ - git checkout 1.2.0 && \ - ./bootstrap && \ - ./configure && \ - make && \ - make install -RUN rm -rf tpm2-tss - -RUN cd tpm2-abrmd && \ - git checkout 1.1.1 && \ - useradd --system --user-group tss && \ - ./bootstrap && \ - ./configure --with-dbuspolicydir=/etc/dbus-1/system.d \ - --with-udevrulesdir=/etc/udev/rules.d/ \ - --with-systemdsystemunitdir=/lib/systemd/system && \ - make && \ - make install -RUN rm -rf tpm2-abrmd - -RUN cd tpm2-tools && \ - git checkout 2.1.0 && \ - ./bootstrap && \ - ./configure && \ - make && \ - make install -RUN rm -rf tpm2-tools - -RUN echo "/usr/local/lib" > /etc/ld.so.conf.d/tpm2.conf && \ - ldconfig - -RUN wget https://www.openssl.org/source/openssl-1.1.0.tar.gz -RUN gzip -d openssl-1.1.0.tar.gz -RUN tar -xvf openssl-1.1.0.tar -RUN cd openssl-1.1.0 && \ - ./config && \ - make && \ - make install -RUN rm -rf openssl-1.1.0 -RUN rm -rf openssl-1.1.0.tar -RUN rm -rf openssl-1.1.0.tar.gz - -RUN echo "/usr/local/lib" > /etc/ld.so.conf.d/openssl.conf && \ - ldconfig -RUN openssl version -v diff --git a/bin/base/xenialdockerfile b/bin/base/xenialdockerfile index 7915444..ec9d310 100644 --- a/bin/base/xenialdockerfile +++ b/bin/base/xenialdockerfile @@ -24,39 +24,44 @@ RUN apt-get -y update && \ curl \ wget \ liburiparser-dev \ - libssl-dev \ pandoc \ - softhsm2 \ opensc \ default-jdk +RUN wget https://www.openssl.org/source/openssl-1.1.0.tar.gz && \ + gzip -d openssl-1.1.0.tar.gz && \ + tar -xvf openssl-1.1.0.tar && \ + cd openssl-1.1.0 && \ + ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl && \ + make && \ + make install RUN apt-get -y install libgcrypt20-dev -RUN git clone https://github.com/tpm2-software/tpm2-tss.git -RUN git clone https://github.com/tpm2-software/tpm2-abrmd.git -RUN git clone https://github.com/tpm2-software/tpm2-tools.git +RUN apt-get -y install valgrind +RUN wget https://github.com/tpm2-software/tpm2-tss/releases/download/2.0.0/tpm2-tss-2.0.0.tar.gz +RUN tar -xvf tpm2-tss-2.0.0.tar.gz +RUN wget https://github.com/tpm2-software/tpm2-abrmd/releases/download/2.0.0/tpm2-abrmd-2.0.0.tar.gz +RUN tar -xvf tpm2-abrmd-2.0.0.tar.gz +RUN wget https://github.com/tpm2-software/tpm2-tools/releases/download/3.1.0/tpm2-tools-3.1.0.tar.gz +RUN tar -xvf tpm2-tools-3.1.0.tar.gz -RUN cd tpm2-tss && \ - git checkout 1.2.0 && \ - ./bootstrap && \ +RUN cd tpm2-tss-2.0.0 && \ ./configure && \ make && \ make install +RUN cp /tpm2-tss-2.0.0/src/util/tpm2b.h /usr/local/include/tss2/ -RUN cd tpm2-abrmd && \ - git checkout 1.1.1 && \ +RUN cd tpm2-abrmd-2.0.0 && \ useradd --system --user-group tss && \ - ./bootstrap && \ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d \ --with-udevrulesdir=/etc/udev/rules.d/ \ --with-systemdsystemunitdir=/lib/systemd/system && \ make && \ make install -RUN cd tpm2-tools && \ - git checkout 2.1.0 && \ - ./bootstrap && \ - ./configure && \ +RUN cd tpm2-tools-3.1.0 && \ + export PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig && \ + ./configure --disable-hardening && \ make && \ make install @@ -69,8 +74,9 @@ RUN git clone https://gerrit.onap.org/r/aaf/sshsm # Build SoftHSMv2 RUN cd sshsm && \ cd SoftHSMv2 && \ + export LD_LIBRARY_PATH=/usr/local/ssl/lib && \ sh autogen.sh && \ - ./configure --disable-gost && \ + ./configure --disable-gost --with-openssl=/usr/local/ssl && \ make && \ make install @@ -81,11 +87,10 @@ RUN cd sshsm && \ chmod 755 bootstrap && \ sleep 2 && \ ./bootstrap && \ - ./configure && \ + ./configure LDFLAGS="-L/usr/local/ssl/lib" && \ make && \ make install && \ - ldconfig && \ - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib + ldconfig RUN cd sshsm && \ cd tpm-util && \ @@ -97,10 +102,16 @@ RUN cd tpm-util && \ mkdir bin RUN cp /sshsm/tpm-util/import/ossl_tpm_import /tpm-util/bin/ -RUN rm -rf tpm2-tss -RUN rm -rf tpm2-abrmd -RUN rm -rf tpm2-tools +RUN rm -rf tpm2-tss-2.0.0 +RUN rm -rf tpm2-tss-2.0.0.tar.gz +RUN rm -rf tpm2-abrmd-2.0.0 +RUN rm -rf tpm2-abrmd-2.0.0.tar.gz +RUN rm -rf tpm2-tools-3.1.0 +RUN rm -rf tpm2-tools-3.1.0.tar.gz RUN rm -rf sshsm +RUN rm -rf openssl-1.1.0 +RUN rm -rf openssl-1.1.0.tar +RUN rm -rf openssl-1.1.0.tar.gz RUN mkdir -p /sshsm/bin COPY ./import.sh /sshsm/bin diff --git a/bin/distcenter/distcenterdockerfile b/bin/distcenter/distcenterdockerfile index d643878..c0879ef 100644 --- a/bin/distcenter/distcenterdockerfile +++ b/bin/distcenter/distcenterdockerfile @@ -1,4 +1,4 @@ -FROM nexus3.onap.org:10001/onap/aaf/aaf-base-openssl_1.1.0:latest +FROM nexus3.onap.org:10001/onap/aaf/aaf-base-xenial:latest RUN git clone https://gerrit.onap.org/r/aaf/sshsm RUN cd sshsm && \ -- cgit 1.2.3-korg