├── .github └── workflows │ ├── main.yml │ ├── manual.yml │ └── publish.yml ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── alpine-3.15.docker.m4 ├── alpine-3.19.docker.m4 ├── arch-linux.docker.m4 ├── fedora-32-ossl3.docker.m4 ├── fedora-32.docker.m4 ├── fedora-32.ppc64le.docker.m4 ├── fedora-34-libressl.docker.m4 ├── fedora-34.docker.m4 ├── fedora-41.docker.m4 ├── modules ├── autoconf.m4 ├── curl-7.80.0.m4 ├── ibmtpm1637.m4 ├── ibmtpm1682.m4 ├── junit.m4 ├── libressl.m4 ├── mbedtls31.m4 ├── mbedtls36.m4 ├── ossl3.m4 ├── pip3-withoutupgrade.m4 ├── pip3.m4 ├── python3.7.2.m4 ├── rust.m4 ├── swtpm.m4 ├── ubuntu_20.04_base_deps.m4 └── uthash.m4 ├── opensuse-leap-15.2.docker.m4 ├── opensuse-leap-ossl3.docker.m4 ├── opensuse-leap.docker.m4 ├── patches └── python.patch ├── ubuntu-18.04.docker.m4 ├── ubuntu-20.04-ossl3.docker.m4 ├── ubuntu-20.04.arm32v7.docker.m4 ├── ubuntu-20.04.arm64v8.docker.m4 ├── ubuntu-20.04.docker.m4 ├── ubuntu-22.04-mbedtls-3.1.docker.m4 ├── ubuntu-22.04-mbedtls-3.6.docker.m4 ├── ubuntu-22.04.docker.m4 └── ubuntu-24.04.docker.m4 /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Build Docker Images for both pull_request and push operations 3 | # 4 | name: Build Status 5 | on: 6 | [ pull_request, workflow_dispatch] 7 | 8 | permissions: 9 | contents: read 10 | 11 | jobs: 12 | publish-image: 13 | name: Build Docker Images 14 | runs-on: ubuntu-latest 15 | strategy: 16 | fail-fast: false 17 | matrix: 18 | distro: [ 19 | "fedora-32", "fedora-34", 20 | "opensuse-leap-15.2", "opensuse-leap", "opensuse-leap-ossl3", 21 | "fedora-32.ppc64le", 22 | "alpine-3.15", "arch-linux", 23 | "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1", "ubuntu-24.04" 24 | ] 25 | steps: 26 | - 27 | name: Check out the repo 28 | uses: actions/checkout@v4 29 | - 30 | name: Check Diff for Changes 31 | # TODO replace get-diff-action, as it is no longer maintained since 2023-11-24 32 | uses: technote-space/get-diff-action@v6 33 | with: 34 | FILES: | 35 | ${{ matrix.distro }}.docker.m4 36 | PATTERNS: | 37 | modules/* 38 | - 39 | name: Build the Dockerfiles 40 | run: make -j $(nproc) 41 | if: env.GIT_DIFF 42 | - 43 | name: Set up QEMU 44 | uses: docker/setup-qemu-action@v3 45 | if: env.GIT_DIFF 46 | - 47 | name: Set up Docker Buildx 48 | uses: docker/setup-buildx-action@v3 49 | if: env.GIT_DIFF 50 | - 51 | name: Build Docker Images 52 | uses: docker/build-push-action@v6 53 | with: 54 | push: false 55 | context: . 56 | file: ./${{ matrix.distro }}.docker 57 | if: env.GIT_DIFF 58 | -------------------------------------------------------------------------------- /.github/workflows/manual.yml: -------------------------------------------------------------------------------- 1 | name: Manual Publish 2 | on: 3 | workflow_dispatch: 4 | inputs: 5 | distro: 6 | description: 'The distro to build and publish' 7 | type: string 8 | required: true 9 | 10 | permissions: 11 | contents: read 12 | packages: write 13 | 14 | jobs: 15 | publish-image: 16 | name: Manual Publish Docker Images 17 | runs-on: ubuntu-latest 18 | if: "github.repository_owner == 'tpm2-software'" 19 | steps: 20 | - 21 | name: Check out the repo 22 | uses: actions/checkout@v4 23 | - 24 | name: Build the Dockerfiles 25 | run: make -j $(nproc) 26 | - 27 | name: Set up QEMU 28 | uses: docker/setup-qemu-action@v3 29 | - 30 | name: Set up Docker Buildx 31 | uses: docker/setup-buildx-action@v3 32 | - 33 | name: Login to GitHub Container Registry 34 | uses: docker/login-action@v3 35 | with: 36 | registry: ghcr.io 37 | username: USERNAME 38 | password: ${{ secrets.GITHUB_TOKEN }} 39 | - 40 | name: Push to GitHub Packages 41 | uses: docker/build-push-action@v6 42 | with: 43 | push: true 44 | context: . 45 | file: ./${{ inputs.distro }}.docker 46 | tags: ghcr.io/${{ github.repository_owner }}/${{ inputs.distro }}:latest 47 | 48 | -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- 1 | # 2 | # We only publish docker files on a push AND if the tpm2-software is the org. 3 | # This way forks don't try to build AND publish 4 | # 5 | name: Publish 6 | on: 7 | push 8 | 9 | permissions: 10 | contents: read 11 | packages: write 12 | jobs: 13 | publish-image: 14 | name: Publish Docker Images 15 | runs-on: ubuntu-latest 16 | strategy: 17 | fail-fast: false 18 | matrix: 19 | distro: [ 20 | "fedora-32", "fedora-34", 21 | "opensuse-leap-15.2", "opensuse-leap", "opensuse-leap-ossl3", 22 | "fedora-32.ppc64le", 23 | "alpine-3.15", "arch-linux", 24 | "ubuntu-22.04", "ubuntu-22.04-mbedtls-3.1", "ubuntu-24.04" 25 | ] 26 | if: "github.repository_owner == 'tpm2-software'" 27 | steps: 28 | - 29 | name: Check out the repo 30 | uses: actions/checkout@v4 31 | - 32 | name: Check Diff for Changes 33 | # TODO replace get-diff-action, as it is no longer maintained since 2023-11-24 34 | uses: technote-space/get-diff-action@v6 35 | with: 36 | FILES: | 37 | ${{ matrix.distro }}.docker.m4 38 | PATTERNS: | 39 | modules/* 40 | - 41 | name: Build the Dockerfiles 42 | run: make -j $(nproc) 43 | if: env.GIT_DIFF 44 | - 45 | name: Set up QEMU 46 | uses: docker/setup-qemu-action@v3 47 | if: env.GIT_DIFF 48 | - 49 | name: Set up Docker Buildx 50 | uses: docker/setup-buildx-action@v3 51 | if: env.GIT_DIFF 52 | - 53 | name: Login to GitHub Container Registry 54 | uses: docker/login-action@v3 55 | with: 56 | registry: ghcr.io 57 | username: ${{ github.repository_owner }} 58 | password: ${{ secrets.GITHUB_TOKEN }} 59 | if: env.GIT_DIFF 60 | - 61 | name: Push to GitHub Packages 62 | uses: docker/build-push-action@v6 63 | with: 64 | push: true 65 | context: . 66 | file: ./${{ matrix.distro }}.docker 67 | tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.distro }}:latest 68 | if: env.GIT_DIFF 69 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.docker 2 | *.swp 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 2-Clause License 2 | 3 | Copyright (c) 2019, Linux TPM2 & TSS2 Software 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 20 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 23 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 25 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | 2 | TARGET_SUFFIX := .docker 3 | SOURCE_SUFFIX := $(TARGET_SUFFIX).m4 4 | 5 | SOURCES := $(wildcard *$(SOURCE_SUFFIX)) 6 | TARGETS := $(patsubst %$(SOURCE_SUFFIX),%$(TARGET_SUFFIX),$(SOURCES)) 7 | MODULES := $(wildcard modules/*.m4) 8 | 9 | .PHONY: all 10 | all: $(TARGETS) 11 | 12 | .PHONY: clean 13 | clean: 14 | @rm -f $(TARGETS) 15 | 16 | .PHONY: debug 17 | debug: 18 | @echo "SOURCES: $(SOURCES)" 19 | @echo "TARGETS: $(TARGETS)" 20 | @echo "MODULES: $(MODULES)" 21 | 22 | %$(TARGET_SUFFIX) : %$(SOURCE_SUFFIX) $(MODULES) 23 | m4 -s -Imodules $< > $@ 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # tpm2-software-container 2 | 3 | This repository contains metadata and scripts used to generate the container 4 | images used for continuous integration (CI) by the various tpm2-software 5 | projects. 6 | 7 | ## Local build 8 | 9 | To build the container image locally invoke [Docker](https://www.docker.com/) or 10 | [Podman](https://podman.io/) with the build command generated using `make` from 11 | within the `tpm2-software-container` directory. For example: 12 | 13 | ```sh 14 | make 15 | 16 | # Build Ubuntu 20.04 image using Docker 17 | docker build -f ./ubuntu-20.04.docker 18 | 19 | # Build Fedora 32 image using Podman, squashing all intermediate layers together 20 | podman build --squash -f ./fedora-32.docker 21 | ``` 22 | 23 | The final output of the build will be an IMAGE ID which can be used to run the container image, for example: 24 | 25 | ```sh 26 | docker run -it /bin/bash 27 | ``` 28 | 29 | or to run the [tpm2-tools](https://github.com/tpm2-software/tpm2-tools) CI sequence locally: 30 | 31 | ```sh 32 | docker run --rm --env-file /path/to/tpm2-tools/.ci/docker.env -v /path/to/tpm2-tools:/workspace/tpm2-tools /bin/bash -c '/workspace/tpm2-tools/.ci/docker.run' 33 | ``` 34 | 35 | or to run the [tpm2-tss](https://github.com/tpm2-software/tpm2-tss) CI sequence locally 36 | 37 | ```sh 38 | docker run --rm --env-file /path/to/tpm2-tss/.ci/docker.env -v /path/to/tpm2-tss:/workspace/tpm2-tss /bin/bash -c '/workspace/tpm2-tss/.ci/docker.run' 39 | ``` 40 | 41 | ## Auto builds 42 | 43 | The repository is monitored by Github Actions and repository changes are built 44 | and submitted to Github Container Registry. The containers are listed on 45 | [tpm2software/packages](https://github.com/orgs/tpm2-software/packages). 46 | 47 | For example, to download and run a container based on Fedora 32 from the registry: 48 | 49 | ```sh 50 | # With Docker 51 | docker run -it --rm ghcr.io/tpm2-software/fedora-32 /bin/bash 52 | 53 | # With Podman 54 | podman run -it --rm ghcr.io/tpm2-software/fedora-32 /bin/bash 55 | ``` 56 | -------------------------------------------------------------------------------- /alpine-3.15.docker.m4: -------------------------------------------------------------------------------- 1 | # Alpine 3.15 Dockerfile 2 | FROM alpine:3.15 3 | 4 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 5 | 6 | RUN apk update && \ 7 | apk upgrade && \ 8 | apk add \ 9 | autoconf-archive \ 10 | bash \ 11 | cmocka-dev \ 12 | net-tools \ 13 | make \ 14 | git \ 15 | gcc \ 16 | g++ \ 17 | m4 \ 18 | libtool \ 19 | automake \ 20 | autoconf \ 21 | wget \ 22 | doxygen \ 23 | dbus-dev \ 24 | glib-dev \ 25 | clang \ 26 | clang-analyzer \ 27 | clang-extra-tools \ 28 | json-c-dev \ 29 | iproute2 \ 30 | coreutils \ 31 | uthash-dev \ 32 | curl-dev \ 33 | python3-dev \ 34 | py3-yaml \ 35 | perl-utils \ 36 | openssl \ 37 | openssl-dev \ 38 | acl \ 39 | xxd \ 40 | grep \ 41 | dbus \ 42 | vim \ 43 | dbus-x11 \ 44 | procps \ 45 | libtasn1-dev \ 46 | json-glib-dev \ 47 | gnutls-dev \ 48 | expect \ 49 | socat \ 50 | libseccomp-dev \ 51 | gawk \ 52 | gzip \ 53 | yaml-dev \ 54 | nss-tools \ 55 | opensc \ 56 | openjdk17-jdk \ 57 | openjdk17-jre \ 58 | libusb-dev \ 59 | libftdi1-dev 60 | 61 | include(`autoconf.m4') 62 | include(`ibmtpm1637.m4') 63 | include(`swtpm.m4') 64 | 65 | WORKDIR / 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /alpine-3.19.docker.m4: -------------------------------------------------------------------------------- 1 | # Alpine 3.19 Dockerfile 2 | FROM alpine:3.19 3 | 4 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 5 | 6 | RUN apk update && \ 7 | apk upgrade && \ 8 | apk add \ 9 | autoconf-archive \ 10 | bash \ 11 | cmocka-dev \ 12 | net-tools \ 13 | make \ 14 | git \ 15 | gcc \ 16 | g++ \ 17 | m4 \ 18 | libtool \ 19 | automake \ 20 | autoconf \ 21 | wget \ 22 | doxygen \ 23 | dbus-dev \ 24 | glib-dev \ 25 | clang \ 26 | clang-analyzer \ 27 | clang-extra-tools \ 28 | json-c-dev \ 29 | iproute2 \ 30 | coreutils \ 31 | uthash-dev \ 32 | curl-dev \ 33 | python3-dev \ 34 | py3-yaml \ 35 | perl-utils \ 36 | openssl \ 37 | openssl-dev \ 38 | acl \ 39 | xxd \ 40 | grep \ 41 | dbus \ 42 | vim \ 43 | dbus-x11 \ 44 | procps \ 45 | libtasn1-dev \ 46 | json-glib-dev \ 47 | gnutls-dev \ 48 | expect \ 49 | socat \ 50 | libseccomp-dev \ 51 | gawk \ 52 | gzip \ 53 | yaml-dev \ 54 | nss-tools \ 55 | opensc \ 56 | openjdk17-jdk \ 57 | openjdk17-jre \ 58 | libusb-dev \ 59 | libftdi1-dev 60 | 61 | include(`autoconf.m4') 62 | include(`ibmtpm1637.m4') 63 | include(`swtpm.m4') 64 | 65 | WORKDIR / 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /arch-linux.docker.m4: -------------------------------------------------------------------------------- 1 | # Alpine 3.19 Dockerfile 2 | FROM archlinux:latest 3 | 4 | LABEL org.opencontainers.image.source=https://github.com/tpm2-software/tpm2-software-container 5 | 6 | RUN pacman -Sy --noconfirm archlinux-keyring 7 | RUN pacman -Syu --noconfirm 8 | RUN pacman -S --noconfirm base base-devel 9 | RUN pacman -Scc --noconfirm 10 | RUN pacman -Sy --noconfirm \ 11 | autoconf-archive \ 12 | cmocka \ 13 | procps \ 14 | iproute2 \ 15 | git \ 16 | pkg-config \ 17 | gcc \ 18 | libtool \ 19 | automake \ 20 | openssl \ 21 | uthash \ 22 | autoconf \ 23 | doxygen \ 24 | json-c \ 25 | curl \ 26 | util-linux \ 27 | libltdl \ 28 | libusb \ 29 | libftdi \ 30 | swtpm \ 31 | pkgfile \ 32 | glib2 \ 33 | glib2-devel \ 34 | python-yaml \ 35 | xxd \ 36 | expect \ 37 | perl \ 38 | pandoc \ 39 | lcov 40 | RUN ln -s /usr/bin/core_perl/shasum /usr/bin/ 41 | 42 | WORKDIR / 43 | 44 | -------------------------------------------------------------------------------- /fedora-32-ossl3.docker.m4: -------------------------------------------------------------------------------- 1 | include(`fedora-32.docker.m4') 2 | 3 | # Install openssl3 4 | RUN dnf remove -y libssl-devel libcurl4-openssl-devel 5 | RUN dnf -y install \ 6 | perl-IPC-Cmd \ 7 | perl-Pod-Html 8 | include(`ossl3.m4') 9 | 10 | WORKDIR / 11 | -------------------------------------------------------------------------------- /fedora-32.docker.m4: -------------------------------------------------------------------------------- 1 | FROM fedora:32 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | # can return 100 if packages need update 6 | RUN dnf check-update; \ 7 | rc=$?; \ 8 | if [ $rc -ne 100 ] && [ $rc -ne 0 ]; then \ 9 | echo "dnf check-update failed: $rc"; \ 10 | exit $rc; \ 11 | fi 12 | 13 | RUN dnf -y install \ 14 | libcmocka \ 15 | libcmocka-devel \ 16 | net-tools \ 17 | git \ 18 | pkg-config \ 19 | gcc \ 20 | m4 \ 21 | libtool \ 22 | automake \ 23 | libgcrypt-devel \ 24 | openssl-devel \ 25 | gnulib \ 26 | glib2-devel \ 27 | wget \ 28 | doxygen \ 29 | dbus-libs \ 30 | dbus-devel \ 31 | clang \ 32 | clang-analyzer \ 33 | clang-tools-extra \ 34 | pandoc \ 35 | lcov \ 36 | libcurl-devel \ 37 | dbus-x11 \ 38 | vim \ 39 | python3-pip \ 40 | libsq3-devel \ 41 | iproute \ 42 | procps \ 43 | libasan \ 44 | libubsan \ 45 | perl-Digest-SHA \ 46 | libtasn1-devel \ 47 | socat \ 48 | libseccomp-devel \ 49 | expect \ 50 | gawk \ 51 | json-c-devel \ 52 | libyaml-devel \ 53 | nss-tools \ 54 | expect \ 55 | opensc \ 56 | java-latest-openjdk-1:13.0.2.8-1.rolling.fc32 \ 57 | java-latest-openjdk-devel-1:13.0.2.8-1.rolling.fc32 \ 58 | gnutls-utils \ 59 | libuuid-devel \ 60 | python3-devel \ 61 | openssl-pkcs11 \ 62 | acl \ 63 | json-glib-devel \ 64 | libusb-devel \ 65 | libftdi-devel \ 66 | gmp-devel 67 | 68 | include(`pip3.m4') 69 | include(`autoconf.m4') 70 | include(`ibmtpm1637.m4') 71 | include(`swtpm.m4') 72 | include(`uthash.m4') 73 | include(`junit.m4') 74 | 75 | # make install goes into /usr/local/lib/pkgconfig which is non-standard 76 | # Set this so ./configure can find things and we don't have to worry about prefix changes 77 | # to build instructions 78 | ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig 79 | 80 | WORKDIR / 81 | -------------------------------------------------------------------------------- /fedora-32.ppc64le.docker.m4: -------------------------------------------------------------------------------- 1 | FROM ppc64le/fedora:32 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | # can return 100 if packages need update 6 | RUN dnf check-update; \ 7 | rc=$?; \ 8 | if [ $rc -ne 100 ] && [ $rc -ne 0 ]; then \ 9 | echo "dnf check-update failed: $rc"; \ 10 | exit $rc; \ 11 | fi 12 | 13 | RUN dnf -y install \ 14 | libcmocka \ 15 | libcmocka-devel \ 16 | net-tools \ 17 | git \ 18 | pkg-config \ 19 | gcc \ 20 | m4 \ 21 | libtool \ 22 | automake \ 23 | libgcrypt-devel \ 24 | openssl-devel \ 25 | gnulib \ 26 | glib2-devel \ 27 | wget \ 28 | doxygen \ 29 | dbus-libs \ 30 | dbus-devel \ 31 | clang \ 32 | clang-analyzer \ 33 | clang-tools-extra \ 34 | pandoc \ 35 | lcov \ 36 | libcurl-devel \ 37 | dbus-x11 \ 38 | vim \ 39 | python3-pip \ 40 | libsq3-devel \ 41 | iproute \ 42 | procps \ 43 | libasan \ 44 | libubsan \ 45 | perl-Digest-SHA \ 46 | libtasn1-devel \ 47 | socat \ 48 | libseccomp-devel \ 49 | expect \ 50 | gawk \ 51 | json-c-devel \ 52 | libyaml-devel \ 53 | nss-tools \ 54 | expect \ 55 | opensc \ 56 | java-latest-openjdk-1:13.0.2.8-1.rolling.fc32 \ 57 | java-latest-openjdk-devel-1:13.0.2.8-1.rolling.fc32 \ 58 | gnutls-utils \ 59 | libuuid-devel \ 60 | python3-devel \ 61 | openssl-pkcs11 \ 62 | autoconf-archive \ 63 | acl \ 64 | json-glib-devel \ 65 | libusb-devel \ 66 | libftdi-devel \ 67 | gmp-devel 68 | 69 | # The last python cryptography version that allows no rust 70 | # per https://github.com/pyca/cryptography/blob/75be92de8e3bce9adcec42ef3967bed0d4500902/CHANGELOG.rst#3500---2021-09-29 71 | ARG PYCRYPTO_VERSION="3.4.8" 72 | ENV CRYPTOGRAPHY_DONT_BUILD_RUST=1 73 | # bcrypt now needs rust to, avoid it 74 | # https://pypi.org/project/bcrypt/4.0.1/ 75 | ARG PYBCRYPT_VERSION="3.2.2" 76 | include(`pip3.m4') 77 | include(`ibmtpm1637.m4') 78 | 79 | ENV LIBTPMS_AUTOGEN_EXTRA="--libdir=/usr/lib64" 80 | include(`swtpm.m4') 81 | 82 | include(`uthash.m4') 83 | include(`junit.m4') 84 | 85 | # make install goes into /usr/local/lib/pkgconfig which is non-standard 86 | # Set this so ./configure can find things and we don't have to worry about prefix changes 87 | # to build instructions 88 | ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig 89 | 90 | WORKDIR / 91 | -------------------------------------------------------------------------------- /fedora-34-libressl.docker.m4: -------------------------------------------------------------------------------- 1 | FROM fedora:34 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | # can return 100 if packages need update 6 | RUN dnf check-update; \ 7 | rc=$?; \ 8 | if [ $rc -ne 100 ] && [ $rc -ne 0 ]; then \ 9 | echo "dnf check-update failed: $rc"; \ 10 | exit $rc; \ 11 | fi 12 | 13 | RUN dnf -y install \ 14 | libcmocka \ 15 | libcmocka-devel \ 16 | net-tools \ 17 | git \ 18 | pkg-config \ 19 | gcc \ 20 | m4 \ 21 | libtool \ 22 | automake \ 23 | gnulib \ 24 | glib2-devel \ 25 | wget \ 26 | doxygen \ 27 | dbus-libs \ 28 | dbus-devel \ 29 | clang \ 30 | clang-analyzer \ 31 | clang-tools-extra \ 32 | pandoc \ 33 | lcov \ 34 | libcurl-devel \ 35 | dbus-x11 \ 36 | vim \ 37 | python3-pip \ 38 | libsq3-devel \ 39 | iproute \ 40 | procps \ 41 | libasan \ 42 | libubsan \ 43 | perl-Digest-SHA \ 44 | libtasn1-devel \ 45 | socat \ 46 | libseccomp-devel \ 47 | expect \ 48 | gawk \ 49 | json-c-devel \ 50 | libyaml-devel \ 51 | nss-tools \ 52 | expect \ 53 | opensc \ 54 | java-latest-openjdk \ 55 | java-latest-openjdk-devel \ 56 | gnutls-utils \ 57 | libuuid-devel \ 58 | python3-devel \ 59 | openssl-pkcs11 \ 60 | acl \ 61 | json-glib-devel \ 62 | libusb-devel \ 63 | libftdi-devel 64 | 65 | # make install goes into /usr/local/lib/pkgconfig which is non-standard 66 | # Set this so ./configure can find things and we don't have to worry about prefix changes 67 | # to build instructions 68 | ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig 69 | 70 | include(`libressl.m4') 71 | include(`pip3.m4') 72 | include(`autoconf.m4') 73 | include(`swtpm.m4') 74 | include(`uthash.m4') 75 | include(`junit.m4') 76 | 77 | WORKDIR / 78 | -------------------------------------------------------------------------------- /fedora-34.docker.m4: -------------------------------------------------------------------------------- 1 | FROM fedora:34 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | # can return 100 if packages need update 6 | RUN dnf check-update; \ 7 | rc=$?; \ 8 | if [ $rc -ne 100 ] && [ $rc -ne 0 ]; then \ 9 | echo "dnf check-update failed: $rc"; \ 10 | exit $rc; \ 11 | fi 12 | 13 | RUN dnf -y install \ 14 | libcmocka \ 15 | libcmocka-devel \ 16 | net-tools \ 17 | git \ 18 | pkg-config \ 19 | gcc \ 20 | m4 \ 21 | libtool \ 22 | automake \ 23 | libgcrypt-devel \ 24 | openssl \ 25 | openssl-devel \ 26 | gnulib \ 27 | glib2-devel \ 28 | wget \ 29 | doxygen \ 30 | dbus-libs \ 31 | dbus-devel \ 32 | clang \ 33 | clang-analyzer \ 34 | clang-tools-extra \ 35 | pandoc \ 36 | lcov \ 37 | libcurl-devel \ 38 | dbus-x11 \ 39 | vim \ 40 | python3-pip \ 41 | libsq3-devel \ 42 | iproute \ 43 | procps \ 44 | libasan \ 45 | libubsan \ 46 | perl-Digest-SHA \ 47 | libtasn1-devel \ 48 | socat \ 49 | libseccomp-devel \ 50 | expect \ 51 | gawk \ 52 | json-c-devel \ 53 | libyaml-devel \ 54 | nss-tools \ 55 | expect \ 56 | opensc \ 57 | java-latest-openjdk \ 58 | java-latest-openjdk-devel \ 59 | gnutls-utils \ 60 | libuuid-devel \ 61 | python3-devel \ 62 | openssl-pkcs11 \ 63 | acl \ 64 | json-glib-devel \ 65 | libusb-devel \ 66 | libftdi-devel \ 67 | python3-devel \ 68 | gmp-devel 69 | 70 | include(`pip3.m4') 71 | include(`autoconf.m4') 72 | include(`ibmtpm1637.m4') 73 | include(`swtpm.m4') 74 | include(`uthash.m4') 75 | include(`junit.m4') 76 | 77 | # make install goes into /usr/local/lib/pkgconfig which is non-standard 78 | # Set this so ./configure can find things and we don't have to worry about prefix changes 79 | # to build instructions 80 | ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig 81 | 82 | WORKDIR / 83 | -------------------------------------------------------------------------------- /fedora-41.docker.m4: -------------------------------------------------------------------------------- 1 | FROM fedora:41 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | # can return 100 if packages need update 6 | RUN dnf check-update; \ 7 | rc=$?; \ 8 | if [ $rc -ne 100 ] && [ $rc -ne 0 ]; then \ 9 | echo "dnf check-update failed: $rc"; \ 10 | exit $rc; \ 11 | fi 12 | 13 | RUN dnf -y install \ 14 | libcmocka \ 15 | libcmocka-devel \ 16 | net-tools \ 17 | git \ 18 | pkg-config \ 19 | gcc \ 20 | m4 \ 21 | libtool \ 22 | automake \ 23 | libgcrypt-devel \ 24 | openssl-devel \ 25 | gnulib \ 26 | glib2-devel \ 27 | wget \ 28 | doxygen \ 29 | dbus-libs \ 30 | dbus-devel \ 31 | clang \ 32 | clang-analyzer \ 33 | clang-tools-extra \ 34 | pandoc \ 35 | lcov \ 36 | libcurl-devel \ 37 | dbus-x11 \ 38 | vim \ 39 | python3-pip \ 40 | libsq3-devel \ 41 | iproute \ 42 | procps \ 43 | libasan \ 44 | libubsan \ 45 | perl-Digest-SHA \ 46 | libtasn1-devel \ 47 | socat \ 48 | libseccomp-devel \ 49 | expect \ 50 | gawk \ 51 | json-c-devel \ 52 | libyaml-devel \ 53 | nss-tools \ 54 | expect \ 55 | opensc \ 56 | java-latest-openjdk \ 57 | java-latest-openjdk-devel \ 58 | gnutls-utils \ 59 | libuuid-devel \ 60 | python3-devel \ 61 | openssl-pkcs11 \ 62 | acl \ 63 | json-glib-devel \ 64 | libusb-devel \ 65 | libftdi-devel 66 | 67 | include(`pip3.m4') 68 | include(`autoconf.m4') 69 | include(`ibmtpm1637.m4') 70 | include(`swtpm.m4') 71 | include(`uthash.m4') 72 | include(`junit.m4') 73 | 74 | # make install goes into /usr/local/lib/pkgconfig which is non-standard 75 | # Set this so ./configure can find things and we don't have to worry about prefix changes 76 | # to build instructions 77 | ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig 78 | 79 | WORKDIR / 80 | -------------------------------------------------------------------------------- /modules/autoconf.m4: -------------------------------------------------------------------------------- 1 | ARG autoconf_archive=autoconf-archive-2018.03.13 2 | RUN cd /tmp \ 3 | && wget --quiet --show-progress --progress=dot:giga "http://mirror.kumi.systems/gnu/autoconf-archive/$autoconf_archive.tar.xz" \ 4 | && tar -xf $autoconf_archive.tar.xz \ 5 | && rm $autoconf_archive.tar.xz \ 6 | && cd $autoconf_archive \ 7 | && ./configure --prefix=/usr \ 8 | && make -j $(nproc) && make install \ 9 | && rm -fr /tmp/$autoconf_archive.tar.xz /tmp/$autoconf_archive 10 | 11 | -------------------------------------------------------------------------------- /modules/curl-7.80.0.m4: -------------------------------------------------------------------------------- 1 | ## CURL 2 | ENV CURL_VERSION=7.80.0 3 | WORKDIR /tmp/ 4 | RUN wget --no-verbose https://curl.se/download/curl-$CURL_VERSION.tar.gz 5 | RUN tar -zxf curl-$CURL_VERSION.tar.gz 6 | WORKDIR /tmp/curl-$CURL_VERSION 7 | RUN autoreconf -fi \ 8 | && ./configure --prefix=/usr --with-openssl \ 9 | && make -j install 10 | -------------------------------------------------------------------------------- /modules/ibmtpm1637.m4: -------------------------------------------------------------------------------- 1 | ARG ibmtpm_name=ibmtpm1637 2 | RUN cd /tmp \ 3 | && wget $WGET_EXTRA_FLAGS -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \ 4 | && sha256sum $ibmtpm_name.tar.gz | grep ^dd3a4c3f7724243bc9ebcd5c39bbf87b82c696d1c1241cb8e5883534f6e2e327 \ 5 | && mkdir -p $ibmtpm_name \ 6 | && tar xv --no-same-owner -f $ibmtpm_name.tar.gz -C $ibmtpm_name \ 7 | && rm $ibmtpm_name.tar.gz \ 8 | && cd $ibmtpm_name/src \ 9 | && sed -i 's/-DTPM_NUVOTON/-DTPM_NUVOTON $(CFLAGS)/' makefile \ 10 | && CFLAGS="-DNV_MEMORY_SIZE=32768 -DMIN_EVICT_OBJECTS=7" make -j$(nproc) \ 11 | && cp tpm_server /usr/local/bin \ 12 | && rm -fr /tmp/$ibmtpm_name 13 | -------------------------------------------------------------------------------- /modules/ibmtpm1682.m4: -------------------------------------------------------------------------------- 1 | ARG ibmtpm_name=ibmtpm1682 2 | RUN cd /tmp \ 3 | && wget $WGET_EXTRA_FLAGS -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \ 4 | && sha1sum $ibmtpm_name.tar.gz | grep ^651800d0b87cfad55b004fbdace4e41dce800a61 \ 5 | && mkdir -p $ibmtpm_name \ 6 | && tar xv --no-same-owner -f $ibmtpm_name.tar.gz -C $ibmtpm_name \ 7 | && rm $ibmtpm_name.tar.gz \ 8 | && cd $ibmtpm_name/src \ 9 | && sed -i 's/0x300000ff/0x310000ff/' TpmToOsslMath.h \ 10 | && sed -i 's/-DTPM_NUVOTON/-DTPM_NUVOTON $(CFLAGS)/' makefile \ 11 | && CFLAGS="-DNV_MEMORY_SIZE=32768 -DMIN_EVICT_OBJECTS=7" make -j$(nproc) \ 12 | && cp tpm_server /usr/local/bin \ 13 | && rm -fr /tmp/$ibmtpm_name 14 | -------------------------------------------------------------------------------- /modules/junit.m4: -------------------------------------------------------------------------------- 1 | ARG jver="4.13" 2 | ARG hver="2.2" 3 | RUN mkdir -p /java \ 4 | && wget $WGET_EXTRA_FLAGS -L -O /java/junit.jar "https://search.maven.org/remotecontent?filepath=junit/junit/4.13/junit-${jver}.jar" \ 5 | && wget $WGET_EXTRA_FLAGS -L -O /java/hamcrest.jar "https://search.maven.org/remotecontent?filepath=org/hamcrest/hamcrest/${hver}/hamcrest-${hver}.jar" 6 | 7 | ENV CLASSPATH=/java/hamcrest.jar:/java/junit.jar 8 | -------------------------------------------------------------------------------- /modules/libressl.m4: -------------------------------------------------------------------------------- 1 | ## LibreSSL 2.3.4 2 | ENV LIBRE_VERSION=3.5.3 3 | 4 | RUN curl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRE_VERSION.tar.gz \ 5 | -o libressl-$LIBRE_VERSION.tar.gz 6 | 7 | RUN tar -xavf libressl-$LIBRE_VERSION.tar.gz --one-top-level=/tmp/ 8 | WORKDIR /tmp/libressl-$LIBRE_VERSION 9 | RUN ./configure \ 10 | && make -j \ 11 | && make install \ 12 | && ldconfig 13 | -------------------------------------------------------------------------------- /modules/mbedtls31.m4: -------------------------------------------------------------------------------- 1 | 2 | ## MBEDTLS 3.1 3 | ENV MBEDTLS_VERSION=v3.1.0 4 | RUN wget --no-verbose https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/$MBEDTLS_VERSION.tar.gz 5 | RUN tar -zxf $MBEDTLS_VERSION.tar.gz --one-top-level=/tmp/ 6 | RUN ls /tmp 7 | WORKDIR /tmp/mbedtls-3.1.0 8 | RUN make -j \ 9 | && make -j \ 10 | && make install \ 11 | && ldconfig 12 | -------------------------------------------------------------------------------- /modules/mbedtls36.m4: -------------------------------------------------------------------------------- 1 | 2 | ## MBEDTLS 3.6 3 | ENV MBEDTLS_VERSION=v3.6.2 4 | RUN wget --no-verbose https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/$MBEDTLS_VERSION.tar.gz 5 | RUN tar -zxf $MBEDTLS_VERSION.tar.gz --one-top-level=/tmp/ 6 | RUN ls /tmp 7 | WORKDIR /tmp/mbedtls-3.6.2 8 | RUN make -j \ 9 | && make -j \ 10 | && make install \ 11 | && ldconfig 12 | -------------------------------------------------------------------------------- /modules/ossl3.m4: -------------------------------------------------------------------------------- 1 | ## OpenSSL 3 2 | ENV OSSL_VERSION=3.0.0 3 | RUN realpath $(ldconfig -p \ 4 | | grep libcrypto.so.1| \ 5 | sed 's/.* \//\//')| \ 6 | sed 's/^\/usr\///'| \ 7 | sed 's/\/libcrypto.*//' > /tmp/libdir 8 | RUN wget --no-verbose https://www.openssl.org/source/openssl-$OSSL_VERSION.tar.gz 9 | RUN tar -zxf openssl-$OSSL_VERSION.tar.gz --one-top-level=/tmp/ 10 | WORKDIR /tmp/openssl-$OSSL_VERSION 11 | RUN ./config --prefix=/usr no-deprecated \ 12 | && make -j \ 13 | && make LIBDIR=$(cat /tmp/libdir) install \ 14 | && ldconfig 15 | -------------------------------------------------------------------------------- /modules/pip3-withoutupgrade.m4: -------------------------------------------------------------------------------- 1 | # 2 | # upgrade pip first so packages are not reinstalled using a version other than what may have been specified 3 | # 4 | ENV PIP_BREAK_SYSTEM_PACKAGES=1 5 | # install everything in one shot so we don't get a newer version of a package we specified. Ie if a module has dep on cryptogtraphy 6 | # and we install it in different phases pip will upgrade cryptography 7 | RUN pkgs="cryptography==$PYCRYPTO_VERSION pyyaml cpp-coveralls pyasn1 pyasn1_modules python-pkcs11 \ 8 | bcrypt==$PYBCRYPT_VERSION setuptools"; \ 9 | pkgs=$(echo "$pkgs" | sed -E 's/==\s+/ /g'); \ 10 | python3 -m pip install $pkgs --break-system-packages 11 | -------------------------------------------------------------------------------- /modules/pip3.m4: -------------------------------------------------------------------------------- 1 | # 2 | # upgrade pip first so packages are not reinstalled using a version other than what may have been specified 3 | # 4 | RUN python3 -m pip install --upgrade pip 5 | # install everything in one shot so we don't get a newer version of a package we specified. Ie if a module has dep on cryptogtraphy 6 | # and we install it in different phases pip will upgrade cryptography 7 | RUN pkgs="cryptography==$PYCRYPTO_VERSION pyyaml cpp-coveralls pyasn1 pyasn1_modules \ 8 | bcrypt==$PYBCRYPT_VERSION setuptools==62.0.0"; \ 9 | echo $pkgs; \ 10 | pkgs=$(echo "$pkgs" | sed -E 's/==\s+/ /g'); \ 11 | python3 -m pip install $pkgs; \ 12 | python3 -m pip install python-pkcs11 13 | -------------------------------------------------------------------------------- /modules/python3.7.2.m4: -------------------------------------------------------------------------------- 1 | ARG pyver="3.7.2" 2 | RUN cd /tmp \ 3 | && wget --quiet --show-progress --progress=dot:giga "https://github.com/python/cpython/archive/v${pyver}.tar.gz" \ 4 | && tar -xf v${pyver}.tar.gz \ 5 | && cd cpython-${pyver}/ \ 6 | && ./configure \ 7 | && make -j$(nproc) \ 8 | && make altinstall \ 9 | && rm -fr /tmp/v${pyver}.tar.gz /tmp/cpython-${pyver} 10 | 11 | RUN update-alternatives --install "/usr/bin/python3" "python3" "$(which python3.7)" 100 12 | RUN update-alternatives --install "/usr/bin/pip3" "pip3" "$(which pip3.7)" 100 13 | -------------------------------------------------------------------------------- /modules/rust.m4: -------------------------------------------------------------------------------- 1 | # installs rust from source 2 | 3 | RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y 4 | # $HOME doesn't expand, see https://github.com/moby/moby/issues/28971 5 | ENV PATH="/root/.cargo/bin:${PATH}" 6 | -------------------------------------------------------------------------------- /modules/swtpm.m4: -------------------------------------------------------------------------------- 1 | RUN git -C /tmp clone --depth=1 https://github.com/stefanberger/libtpms.git \ 2 | && cd /tmp/libtpms \ 3 | && ./autogen.sh --prefix=/usr $LIBTPMS_AUTOGEN_EXTRA --with-openssl --with-tpm2 \ 4 | && make -j$(nproc) \ 5 | && make install \ 6 | && rm -fr /tmp/libtpms \ 7 | && git -C /tmp clone --depth=1 https://github.com/stefanberger/swtpm.git \ 8 | && cd /tmp/swtpm \ 9 | && ./autogen.sh --prefix=/usr \ 10 | && make -j$(nproc) $SWTPM_MAKE_EXTRA \ 11 | && make install \ 12 | && rm -fr /tmp/swtpm 13 | -------------------------------------------------------------------------------- /modules/ubuntu_20.04_base_deps.m4: -------------------------------------------------------------------------------- 1 | ENV DEBIAN_FRONTEND=noninteractive 2 | RUN apt-get update && \ 3 | apt-get install -y \ 4 | autoconf-archive \ 5 | curl \ 6 | libcmocka0 \ 7 | libcmocka-dev \ 8 | net-tools \ 9 | build-essential \ 10 | git \ 11 | pkg-config \ 12 | gcc \ 13 | g++ \ 14 | m4 \ 15 | libtool \ 16 | automake \ 17 | libgcrypt20-dev \ 18 | libssl-dev \ 19 | autoconf \ 20 | gnulib \ 21 | wget \ 22 | doxygen \ 23 | libdbus-1-dev \ 24 | libglib2.0-dev \ 25 | clang-10 \ 26 | clang-tools-10 \ 27 | pandoc \ 28 | lcov \ 29 | libcurl4-openssl-dev \ 30 | dbus-x11 \ 31 | vim-common \ 32 | libsqlite3-dev \ 33 | iproute2 \ 34 | libtasn1-6-dev \ 35 | socat \ 36 | libseccomp-dev \ 37 | expect \ 38 | gawk \ 39 | libjson-c-dev \ 40 | libengine-pkcs11-openssl \ 41 | default-jre \ 42 | default-jdk \ 43 | sqlite3 \ 44 | libnss3-tools \ 45 | python3 \ 46 | python3-pip \ 47 | libyaml-dev \ 48 | libmbedtls-dev \ 49 | uuid-dev \ 50 | opensc \ 51 | gnutls-bin \ 52 | rustc \ 53 | acl \ 54 | libjson-glib-dev \ 55 | libusb-1.0-0-dev \ 56 | libftdi-dev 57 | -------------------------------------------------------------------------------- /modules/uthash.m4: -------------------------------------------------------------------------------- 1 | ARG uthash="2.1.0" 2 | RUN cd /tmp \ 3 | && wget $WGET_EXTRA_FLAGS -L "https://github.com/troydhanson/uthash/archive/v${uthash}.tar.gz" \ 4 | && tar -xf v${uthash}.tar.gz \ 5 | && cp uthash-${uthash}/src/*.h /usr/include/ \ 6 | && rm -fr /tmp/v${uthash}.tar.gz /tmp/uthash-${uthash} 7 | -------------------------------------------------------------------------------- /opensuse-leap-15.2.docker.m4: -------------------------------------------------------------------------------- 1 | FROM opensuse/leap:15.2 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | RUN zypper ref 6 | RUN zypper -n in \ 7 | curl \ 8 | libcmocka-devel \ 9 | net-tools \ 10 | git \ 11 | pkg-config \ 12 | gcc \ 13 | m4 \ 14 | libtool \ 15 | automake \ 16 | libgcrypt-devel \ 17 | openssl-devel \ 18 | glib2-devel \ 19 | wget \ 20 | doxygen \ 21 | clang \ 22 | pandoc \ 23 | lcov \ 24 | libcurl-devel \ 25 | vim \ 26 | clang7-checker \ 27 | sqlite3-devel \ 28 | dbus-1-devel \ 29 | dbus-1-x11 \ 30 | xz \ 31 | gzip \ 32 | which \ 33 | gcc-c++ \ 34 | iproute \ 35 | libtasn1-devel \ 36 | socat \ 37 | libseccomp-devel \ 38 | expect \ 39 | gawk \ 40 | net-tools-deprecated \ 41 | libjson-c-devel \ 42 | libuuid-devel \ 43 | libyaml-devel \ 44 | mozilla-nss-tools \ 45 | opensc \ 46 | java-11-openjdk-devel \ 47 | java-11-openjdk \ 48 | libffi-devel \ 49 | patch \ 50 | sqlite3 \ 51 | openssl-engine-libp11 \ 52 | gnutls \ 53 | acl \ 54 | json-glib-devel \ 55 | python \ 56 | python-pip \ 57 | libusb-devel \ 58 | libftdi1-devel \ 59 | gmp-devel 60 | 61 | include(`autoconf.m4') 62 | include(`python3.7.2.m4') 63 | 64 | include(`rust.m4') 65 | 66 | # Some other packages bring in python and python3, which at this time is too old, so we want 67 | # python3 to be the 3.7 version just installed. 68 | RUN update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.7 0 69 | 70 | # Python2 since OpenSuse default 71 | RUN python -m pip install --upgrade pip 72 | RUN python -m pip install pyyaml 73 | 74 | include(`pip3.m4') 75 | 76 | # Fix Automake AM_PYTHON_PATH missing python3.7 interpreter 77 | COPY patches/python.patch /tmp/python.patch 78 | RUN stat /usr/share/aclocal-1.15/python.m4 79 | RUN patch -d / -p1 < /tmp/python.patch 80 | RUN rm /tmp/python.patch 81 | 82 | include(`ibmtpm1637.m4') 83 | 84 | ENV LIBTPMS_AUTOGEN_EXTRA="--libdir=/usr/lib64" 85 | ENV SWTPM_MAKE_EXTRA="CFLAGS=\"-I/usr/include/libseccomp/\"" 86 | include(`swtpm.m4') 87 | 88 | include(`uthash.m4') 89 | include(`junit.m4') 90 | 91 | WORKDIR / 92 | -------------------------------------------------------------------------------- /opensuse-leap-ossl3.docker.m4: -------------------------------------------------------------------------------- 1 | include(`opensuse-leap.docker.m4') 2 | 3 | # Install openssl3 4 | RUN zypper remove -y libopenssl-devel 5 | include(`ossl3.m4') 6 | 7 | WORKDIR / 8 | -------------------------------------------------------------------------------- /opensuse-leap.docker.m4: -------------------------------------------------------------------------------- 1 | FROM opensuse/leap 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | RUN zypper ref 6 | RUN zypper -n in \ 7 | curl \ 8 | libcmocka-devel \ 9 | net-tools \ 10 | git \ 11 | pkg-config \ 12 | gcc \ 13 | m4 \ 14 | libtool \ 15 | automake \ 16 | libgcrypt-devel \ 17 | openssl-devel \ 18 | glib2-devel \ 19 | wget \ 20 | doxygen \ 21 | clang \ 22 | pandoc \ 23 | lcov \ 24 | libcurl-devel \ 25 | vim \ 26 | clang7-checker \ 27 | sqlite3-devel \ 28 | dbus-1-devel \ 29 | dbus-1-x11 \ 30 | xz \ 31 | gzip \ 32 | which \ 33 | gcc-c++ \ 34 | iproute \ 35 | libtasn1-devel \ 36 | socat \ 37 | libseccomp-devel \ 38 | expect \ 39 | gawk \ 40 | net-tools-deprecated \ 41 | libjson-c-devel \ 42 | libuuid-devel \ 43 | libyaml-devel \ 44 | mozilla-nss-tools \ 45 | opensc \ 46 | java-11-openjdk-devel \ 47 | java-11-openjdk \ 48 | libffi-devel \ 49 | patch \ 50 | sqlite3 \ 51 | openssl-engine-libp11 \ 52 | acl \ 53 | json-glib-devel \ 54 | libusb-devel \ 55 | libftdi1-devel \ 56 | libnettle-devel \ 57 | p11-kit-devel \ 58 | openssh-common \ 59 | gmp-devel 60 | 61 | include(`autoconf.m4') 62 | include(`python3.7.2.m4') 63 | 64 | include(`rust.m4') 65 | 66 | # Some other packages bring in python and python3, which at this time is too old, so we want 67 | # python3 to be the 3.7 version just installed. 68 | RUN update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.7 0 69 | 70 | include(`pip3.m4') 71 | 72 | # Fix Automake AM_PYTHON_PATH missing python3.7 interpreter 73 | COPY patches/python.patch /tmp/python.patch 74 | RUN stat /usr/share/aclocal-1.15/python.m4 75 | RUN patch -d / -p1 < /tmp/python.patch 76 | RUN rm /tmp/python.patch 77 | 78 | include(`ibmtpm1682.m4') 79 | 80 | ENV LIBTPMS_AUTOGEN_EXTRA="--libdir=/usr/lib64" 81 | ENV SWTPM_MAKE_EXTRA="CFLAGS=\"-I/usr/include/libseccomp/\"" 82 | include(`swtpm.m4') 83 | 84 | include(`uthash.m4') 85 | include(`junit.m4') 86 | 87 | # Install GnuTLS-3.8.3 from source 88 | RUN wget --no-verbose https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.3.tar.xz 89 | RUN tar -xf gnutls-3.8.3.tar.xz --one-top-level=/tmp/ 90 | WORKDIR /tmp/gnutls-3.8.3 91 | RUN ./configure --with-included-unistring --disable-doc --disable-tests \ 92 | && make -j \ 93 | && make install \ 94 | && ldconfig 95 | 96 | WORKDIR / 97 | -------------------------------------------------------------------------------- /patches/python.patch: -------------------------------------------------------------------------------- 1 | --- a/usr/share/aclocal-1.15/python.m4 2 | +++ b/usr/share/aclocal-1.15/python.m4 3 | @@ -38,7 +38,7 @@ 4 | dnl supported. (2.0 was released on October 16, 2000). 5 | dnl FIXME: Remove the need to hard-code Python versions here. 6 | m4_define_default([_AM_PYTHON_INTERPRETER_LIST], 7 | -[python python2 python3 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl 8 | +[python python2 python3 python3.7 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl 9 | python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) 10 | 11 | AC_ARG_VAR([PYTHON], [the Python interpreter]) 12 | -------------------------------------------------------------------------------- /ubuntu-18.04.docker.m4: -------------------------------------------------------------------------------- 1 | # Ubuntu 18.04 docker file 2 | # 3 | FROM ubuntu:18.04 4 | 5 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 6 | 7 | ENV DEBIAN_FRONTEND=noninteractive 8 | RUN apt-get update && \ 9 | apt-get install -y \ 10 | autoconf-archive \ 11 | curl \ 12 | libcmocka0 \ 13 | libcmocka-dev \ 14 | net-tools \ 15 | build-essential \ 16 | git \ 17 | pkg-config \ 18 | gcc \ 19 | g++ \ 20 | m4 \ 21 | libtool \ 22 | automake \ 23 | libgcrypt20-dev \ 24 | libssl-dev \ 25 | autoconf \ 26 | gnulib \ 27 | wget \ 28 | doxygen \ 29 | libdbus-1-dev \ 30 | libglib2.0-dev \ 31 | clang-9 \ 32 | clang-tools-9 \ 33 | pandoc \ 34 | lcov \ 35 | libcurl4-openssl-dev \ 36 | dbus-x11 \ 37 | vim-common \ 38 | libsqlite3-dev \ 39 | iproute2 \ 40 | libtasn1-6-dev \ 41 | socat \ 42 | libseccomp-dev \ 43 | expect \ 44 | gawk \ 45 | libjson-c-dev \ 46 | libengine-pkcs11-openssl \ 47 | default-jre \ 48 | default-jdk \ 49 | sqlite3 \ 50 | libnss3-tools \ 51 | libyaml-dev \ 52 | uuid-dev \ 53 | opensc \ 54 | gnutls-bin \ 55 | rustc \ 56 | acl \ 57 | libjson-glib-dev \ 58 | libusb-1.0-0-dev \ 59 | libftdi-dev 60 | 61 | RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-9 100 62 | RUN update-alternatives --install /usr/bin/scan-build scan-build /usr/bin/scan-build-9 100 63 | 64 | include(`autoconf.m4') 65 | include(`ibmtpm1637.m4') 66 | include(`python3.7.2.m4') 67 | include(`pip3.m4') 68 | 69 | include(`swtpm.m4') 70 | include(`uthash.m4') 71 | include(`junit.m4') 72 | 73 | WORKDIR / 74 | -------------------------------------------------------------------------------- /ubuntu-20.04-ossl3.docker.m4: -------------------------------------------------------------------------------- 1 | include(`ubuntu-20.04.docker.m4') 2 | 3 | # Install openssl3 4 | RUN apt-get remove -y libssl-dev 5 | include(`ossl3.m4') 6 | 7 | WORKDIR / 8 | -------------------------------------------------------------------------------- /ubuntu-20.04.arm32v7.docker.m4: -------------------------------------------------------------------------------- 1 | FROM arm32v7/ubuntu:20.04 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | include(`ubuntu_20.04_base_deps.m4') 6 | 7 | # The last python cryptography version that allows no rust 8 | # per https://github.com/pyca/cryptography/blob/75be92de8e3bce9adcec42ef3967bed0d4500902/CHANGELOG.rst#3500---2021-09-29 9 | ARG PYCRYPTO_VERSION="3.4.8" 10 | ENV CRYPTOGRAPHY_DONT_BUILD_RUST=1 11 | # bcrypt now needs rust to, avoid it 12 | # https://pypi.org/project/bcrypt/4.0.1/ 13 | ARG PYBCRYPT_VERSION="3.2.2" 14 | include(`pip3.m4') 15 | 16 | RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-10 100 17 | RUN update-alternatives --install /usr/bin/scan-build scan-build /usr/bin/scan-build-10 100 18 | 19 | include(`autoconf.m4') 20 | 21 | ARG WGET_EXTRA_FLAGS="--no-check-certificate" 22 | include(`ibmtpm1637.m4') 23 | include(`swtpm.m4') 24 | include(`uthash.m4') 25 | include(`junit.m4') 26 | 27 | WORKDIR / 28 | -------------------------------------------------------------------------------- /ubuntu-20.04.arm64v8.docker.m4: -------------------------------------------------------------------------------- 1 | FROM arm64v8/ubuntu:20.04 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | include(`ubuntu_20.04_base_deps.m4') 6 | include(`pip3.m4') 7 | 8 | RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-10 100 9 | RUN update-alternatives --install /usr/bin/scan-build scan-build /usr/bin/scan-build-10 100 10 | 11 | include(`autoconf.m4') 12 | include(`ibmtpm1637.m4') 13 | include(`swtpm.m4') 14 | include(`uthash.m4') 15 | include(`junit.m4') 16 | 17 | WORKDIR / 18 | -------------------------------------------------------------------------------- /ubuntu-20.04.docker.m4: -------------------------------------------------------------------------------- 1 | # Ubuntu 20.04 Dockerfile 2 | FROM ubuntu:20.04 3 | 4 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 5 | 6 | include(`ubuntu_20.04_base_deps.m4') 7 | 8 | include(`pip3.m4') 9 | 10 | RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-10 100 11 | RUN update-alternatives --install /usr/bin/scan-build scan-build /usr/bin/scan-build-10 100 12 | 13 | include(`autoconf.m4') 14 | include(`ibmtpm1637.m4') 15 | include(`swtpm.m4') 16 | include(`uthash.m4') 17 | include(`junit.m4') 18 | 19 | WORKDIR / 20 | -------------------------------------------------------------------------------- /ubuntu-22.04-mbedtls-3.1.docker.m4: -------------------------------------------------------------------------------- 1 | FROM ubuntu:jammy 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | ENV DEBIAN_FRONTEND=noninteractive 6 | RUN apt-get update && \ 7 | apt-get install -y \ 8 | autoconf-archive \ 9 | curl \ 10 | libcmocka0 \ 11 | libcmocka-dev \ 12 | net-tools \ 13 | build-essential \ 14 | git \ 15 | pkg-config \ 16 | gcc \ 17 | g++ \ 18 | m4 \ 19 | libtool \ 20 | automake \ 21 | libgcrypt20-dev \ 22 | libssl-dev \ 23 | autoconf \ 24 | gnulib \ 25 | wget \ 26 | doxygen \ 27 | libdbus-1-dev \ 28 | libglib2.0-dev \ 29 | clang \ 30 | clang-tools \ 31 | pandoc \ 32 | lcov \ 33 | libcurl4-openssl-dev \ 34 | dbus-x11 \ 35 | vim-common \ 36 | libsqlite3-dev \ 37 | iproute2 \ 38 | libtasn1-6-dev \ 39 | socat \ 40 | libseccomp-dev \ 41 | expect \ 42 | gawk \ 43 | libjson-c-dev \ 44 | libengine-pkcs11-openssl \ 45 | default-jre \ 46 | default-jdk \ 47 | sqlite3 \ 48 | libnss3-tools \ 49 | python3 \ 50 | python3-pip \ 51 | libyaml-dev \ 52 | uuid-dev \ 53 | opensc \ 54 | gnutls-bin \ 55 | rustc \ 56 | acl \ 57 | libjson-glib-dev \ 58 | libusb-1.0-0-dev \ 59 | libftdi-dev \ 60 | libgmp-dev 61 | 62 | include(`pip3.m4') 63 | 64 | include(`autoconf.m4') 65 | include(`swtpm.m4') 66 | include(`uthash.m4') 67 | include(`junit.m4') 68 | include(`mbedtls31.m4') 69 | 70 | WORKDIR / 71 | -------------------------------------------------------------------------------- /ubuntu-22.04-mbedtls-3.6.docker.m4: -------------------------------------------------------------------------------- 1 | FROM ubuntu:jammy 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | ENV DEBIAN_FRONTEND=noninteractive 6 | RUN apt-get update && \ 7 | apt-get install -y \ 8 | autoconf-archive \ 9 | curl \ 10 | libcmocka0 \ 11 | libcmocka-dev \ 12 | net-tools \ 13 | build-essential \ 14 | git \ 15 | pkg-config \ 16 | gcc \ 17 | g++ \ 18 | m4 \ 19 | libtool \ 20 | automake \ 21 | libgcrypt20-dev \ 22 | libssl-dev \ 23 | autoconf \ 24 | gnulib \ 25 | wget \ 26 | doxygen \ 27 | libdbus-1-dev \ 28 | libglib2.0-dev \ 29 | clang \ 30 | clang-tools \ 31 | pandoc \ 32 | lcov \ 33 | libcurl4-openssl-dev \ 34 | dbus-x11 \ 35 | vim-common \ 36 | libsqlite3-dev \ 37 | iproute2 \ 38 | libtasn1-6-dev \ 39 | socat \ 40 | libseccomp-dev \ 41 | expect \ 42 | gawk \ 43 | libjson-c-dev \ 44 | libengine-pkcs11-openssl \ 45 | default-jre \ 46 | default-jdk \ 47 | sqlite3 \ 48 | libnss3-tools \ 49 | python3 \ 50 | python3-pip \ 51 | libyaml-dev \ 52 | uuid-dev \ 53 | opensc \ 54 | gnutls-bin \ 55 | rustc \ 56 | acl \ 57 | libjson-glib-dev \ 58 | libusb-1.0-0-dev \ 59 | libftdi-dev 60 | 61 | include(`pip3.m4') 62 | 63 | include(`autoconf.m4') 64 | include(`swtpm.m4') 65 | include(`uthash.m4') 66 | include(`junit.m4') 67 | include(`mbedtls36.m4') 68 | 69 | WORKDIR / 70 | -------------------------------------------------------------------------------- /ubuntu-22.04.docker.m4: -------------------------------------------------------------------------------- 1 | FROM ubuntu:jammy 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | ENV DEBIAN_FRONTEND=noninteractive 6 | RUN apt-get update && \ 7 | apt-get install -y \ 8 | autoconf-archive \ 9 | curl \ 10 | libcmocka0 \ 11 | libcmocka-dev \ 12 | net-tools \ 13 | build-essential \ 14 | git \ 15 | pkg-config \ 16 | gcc \ 17 | g++ \ 18 | m4 \ 19 | libtool \ 20 | automake \ 21 | libgcrypt20-dev \ 22 | libssl-dev \ 23 | autoconf \ 24 | gnulib \ 25 | wget \ 26 | doxygen \ 27 | libdbus-1-dev \ 28 | libglib2.0-dev \ 29 | clang \ 30 | clang-tools \ 31 | pandoc \ 32 | lcov \ 33 | libcurl4-openssl-dev \ 34 | dbus-x11 \ 35 | vim-common \ 36 | libsqlite3-dev \ 37 | iproute2 \ 38 | libtasn1-6-dev \ 39 | socat \ 40 | libseccomp-dev \ 41 | expect \ 42 | gawk \ 43 | libjson-c-dev \ 44 | libengine-pkcs11-openssl \ 45 | default-jre \ 46 | default-jdk \ 47 | sqlite3 \ 48 | libnss3-tools \ 49 | python3 \ 50 | python3-pip \ 51 | libyaml-dev \ 52 | libmbedtls-dev \ 53 | uuid-dev \ 54 | opensc \ 55 | gnutls-bin \ 56 | rustc \ 57 | acl \ 58 | libjson-glib-dev \ 59 | libusb-1.0-0-dev \ 60 | libftdi-dev \ 61 | uthash-dev 62 | 63 | include(`pip3.m4') 64 | 65 | ARG ibmtpm_name=ibmtpm1682 66 | RUN cd /tmp \ 67 | && wget $WGET_EXTRA_FLAGS -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \ 68 | && sha256sum $ibmtpm_name.tar.gz | grep ^3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f \ 69 | && mkdir -p $ibmtpm_name \ 70 | && tar xv --no-same-owner -f $ibmtpm_name.tar.gz -C $ibmtpm_name \ 71 | && rm $ibmtpm_name.tar.gz \ 72 | && cd $ibmtpm_name/src \ 73 | && sed -i 's/-DTPM_NUVOTON/-DTPM_NUVOTON $(CFLAGS)/' makefile \ 74 | && CFLAGS="-DNV_MEMORY_SIZE=32768 -DMIN_EVICT_OBJECTS=7" make -j$(nproc) \ 75 | && cp tpm_server /usr/local/bin \ 76 | && rm -fr /tmp/$ibmtpm_name 77 | 78 | include(`autoconf.m4') 79 | include(`junit.m4') 80 | 81 | WORKDIR / 82 | -------------------------------------------------------------------------------- /ubuntu-24.04.docker.m4: -------------------------------------------------------------------------------- 1 | FROM ubuntu:noble 2 | 3 | LABEL org.opencontainers.image.source https://github.com/tpm2-software/tpm2-software-container 4 | 5 | ENV DEBIAN_FRONTEND=noninteractive 6 | ENV PIP_REQUIRE_VIRTUALENV=0 7 | ENV PIP_BREAK_SYSTEM_PACKAGES=1 8 | RUN apt-get update && \ 9 | apt-get install -y \ 10 | autoconf-archive \ 11 | curl \ 12 | libcmocka0 \ 13 | libcmocka-dev \ 14 | net-tools \ 15 | build-essential \ 16 | git \ 17 | pkg-config \ 18 | gcc \ 19 | g++ \ 20 | m4 \ 21 | libtool \ 22 | automake \ 23 | libgcrypt20-dev \ 24 | libssl-dev \ 25 | autoconf \ 26 | gnulib \ 27 | wget \ 28 | doxygen \ 29 | libdbus-1-dev \ 30 | libglib2.0-dev \ 31 | clang \ 32 | clang-tools \ 33 | pandoc \ 34 | lcov \ 35 | libcurl4-openssl-dev \ 36 | dbus-x11 \ 37 | vim-common \ 38 | libsqlite3-dev \ 39 | iproute2 \ 40 | libtasn1-6-dev \ 41 | socat \ 42 | libseccomp-dev \ 43 | expect \ 44 | gawk \ 45 | libjson-c-dev \ 46 | libengine-pkcs11-openssl \ 47 | default-jre \ 48 | default-jdk \ 49 | sqlite3 \ 50 | libnss3-tools \ 51 | python3 \ 52 | python3-pip \ 53 | libyaml-dev \ 54 | libmbedtls-dev \ 55 | uuid-dev \ 56 | opensc \ 57 | gnutls-bin \ 58 | rustc \ 59 | acl \ 60 | libjson-glib-dev \ 61 | libusb-1.0-0-dev \ 62 | libftdi-dev \ 63 | uthash-dev 64 | 65 | include(`pip3-withoutupgrade.m4') 66 | 67 | ARG ibmtpm_name=ibmtpm1682 68 | RUN cd /tmp \ 69 | && wget $WGET_EXTRA_FLAGS -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \ 70 | && sha256sum $ibmtpm_name.tar.gz | grep ^3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f \ 71 | && mkdir -p $ibmtpm_name \ 72 | && tar xv --no-same-owner -f $ibmtpm_name.tar.gz -C $ibmtpm_name \ 73 | && rm $ibmtpm_name.tar.gz \ 74 | && cd $ibmtpm_name/src \ 75 | && sed -i 's/-DTPM_NUVOTON/-DTPM_NUVOTON $(CFLAGS)/' makefile \ 76 | && CFLAGS="-DNV_MEMORY_SIZE=32768 -DMIN_EVICT_OBJECTS=7" make -j$(nproc) \ 77 | && cp tpm_server /usr/local/bin \ 78 | && rm -fr /tmp/$ibmtpm_name 79 | 80 | include(`autoconf.m4') 81 | include(`junit.m4') 82 | 83 | WORKDIR / 84 | --------------------------------------------------------------------------------