1# Dockerfile 2# 3# Purpose 4# ------- 5# Defines a Docker container suitable to build and run all tests (all.sh), 6# except for those that use a proprietary toolchain. 7# 8# WARNING: this Dockerfile is no longer maintained! See 9# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start 10# for the set of Docker images we use on the CI. 11 12# Copyright The Mbed TLS Contributors 13# SPDX-License-Identifier: Apache-2.0 14# 15# Licensed under the Apache License, Version 2.0 (the "License"); you may 16# not use this file except in compliance with the License. 17# You may obtain a copy of the License at 18# 19# http://www.apache.org/licenses/LICENSE-2.0 20# 21# Unless required by applicable law or agreed to in writing, software 22# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 23# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 24# See the License for the specific language governing permissions and 25# limitations under the License. 26ARG MAKEFLAGS_PARALLEL="" 27ARG MY_REGISTRY= 28 29FROM ${MY_REGISTRY}ubuntu:bionic 30 31 32ENV DEBIAN_FRONTEND noninteractive 33 34RUN apt-get update \ 35 && apt-get -y install software-properties-common \ 36 && rm -rf /var/lib/apt/lists 37 38RUN add-apt-repository -y ppa:team-gcc-arm-embedded/ppa 39 40RUN apt-get update \ 41 && apt-get -y install \ 42 # mbedtls build/test dependencies 43 build-essential \ 44 clang \ 45 cmake \ 46 doxygen \ 47 gcc-arm-none-eabi \ 48 gcc-mingw-w64-i686 \ 49 gcc-multilib \ 50 g++-multilib \ 51 gdb \ 52 git \ 53 graphviz \ 54 lsof \ 55 python \ 56 python3-pip \ 57 python3 \ 58 pylint3 \ 59 valgrind \ 60 wget \ 61 # libnettle build dependencies 62 libgmp-dev \ 63 m4 \ 64 pkg-config \ 65 && rm -rf /var/lib/apt/lists/* 66 67# Jinja2 is required for driver dispatch code generation. 68RUN python3 -m pip install \ 69 jinja2==2.10.1 types-jinja2 70 71# Build a static, legacy openssl from sources with sslv3 enabled 72# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) 73# Note: openssl-1.0.2 and earlier has known build issues with parallel make. 74RUN cd /tmp \ 75 && wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz -qO- | tar xz \ 76 && cd openssl-1.0.1j \ 77 && ./config --openssldir=/usr/local/openssl-1.0.1j no-shared \ 78 && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \ 79 && make install_sw \ 80 && rm -rf /tmp/openssl* 81ENV OPENSSL_LEGACY=/usr/local/openssl-1.0.1j/bin/openssl 82 83# Build OPENSSL as 1.0.2g 84RUN cd /tmp \ 85 && wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz -qO- | tar xz \ 86 && cd openssl-1.0.2g \ 87 && ./config --openssldir=/usr/local/openssl-1.0.2g no-shared \ 88 && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \ 89 && make install_sw \ 90 && rm -rf /tmp/openssl* 91ENV OPENSSL=/usr/local/openssl-1.0.2g/bin/openssl 92 93# Build a new openssl binary for ARIA/CHACHA20 support 94# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) 95RUN cd /tmp \ 96 && wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz -qO- | tar xz \ 97 && cd openssl-1.1.1a \ 98 && ./config --prefix=/usr/local/openssl-1.1.1a -Wl,--enable-new-dtags,-rpath,'${LIBRPATH}' no-shared \ 99 && make ${MAKEFLAGS_PARALLEL} \ 100 && make install_sw \ 101 && rm -rf /tmp/openssl* 102ENV OPENSSL_NEXT=/usr/local/openssl-1.1.1a/bin/openssl 103 104# Build libnettle 2.7.1 (needed by legacy gnutls) 105RUN cd /tmp \ 106 && wget https://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz -qO- | tar xz \ 107 && cd nettle-2.7.1 \ 108 && ./configure --disable-documentation \ 109 && make ${MAKEFLAGS_PARALLEL} \ 110 && make install \ 111 && /sbin/ldconfig \ 112 && rm -rf /tmp/nettle* 113 114# Build legacy gnutls (3.3.8) 115RUN cd /tmp \ 116 && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.3/gnutls-3.3.8.tar.xz -qO- | tar xJ \ 117 && cd gnutls-3.3.8 \ 118 && ./configure --prefix=/usr/local/gnutls-3.3.8 --exec_prefix=/usr/local/gnutls-3.3.8 --disable-shared --disable-guile --disable-doc \ 119 && make ${MAKEFLAGS_PARALLEL} \ 120 && make install \ 121 && rm -rf /tmp/gnutls* 122ENV GNUTLS_LEGACY_CLI=/usr/local/gnutls-3.3.8/bin/gnutls-cli 123ENV GNUTLS_LEGACY_SERV=/usr/local/gnutls-3.3.8/bin/gnutls-serv 124 125# Build libnettle 3.1 (needed by gnutls) 126RUN cd /tmp \ 127 && wget https://ftp.gnu.org/gnu/nettle/nettle-3.1.tar.gz -qO- | tar xz \ 128 && cd nettle-3.1 \ 129 && ./configure --disable-documentation \ 130 && make ${MAKEFLAGS_PARALLEL} \ 131 && make install \ 132 && /sbin/ldconfig \ 133 && rm -rf /tmp/nettle* 134 135# Build gnutls (3.4.10) 136RUN cd /tmp \ 137 && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.4/gnutls-3.4.10.tar.xz -qO- | tar xJ \ 138 && cd gnutls-3.4.10 \ 139 && ./configure --prefix=/usr/local/gnutls-3.4.10 --exec_prefix=/usr/local/gnutls-3.4.10 \ 140 --with-included-libtasn1 --without-p11-kit \ 141 --disable-shared --disable-guile --disable-doc \ 142 && make ${MAKEFLAGS_PARALLEL} \ 143 && make install \ 144 && rm -rf /tmp/gnutls* 145ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli 146ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv 147 148# Build libnettle 3.7.3 (needed by gnutls next) 149RUN cd /tmp \ 150 && wget https://ftp.gnu.org/gnu/nettle/nettle-3.7.3.tar.gz -qO- | tar xz \ 151 && cd nettle-3.7.3 \ 152 && ./configure --disable-documentation \ 153 && make ${MAKEFLAGS_PARALLEL} \ 154 && make install \ 155 && /sbin/ldconfig \ 156 && rm -rf /tmp/nettle* 157 158# Build gnutls next (3.7.2) 159RUN cd /tmp \ 160 && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz -qO- | tar xJ \ 161 && cd gnutls-3.7.2 \ 162 && ./configure --prefix=/usr/local/gnutls-3.7.2 --exec_prefix=/usr/local/gnutls-3.7.2 \ 163 --with-included-libtasn1 --with-included-unistring --without-p11-kit \ 164 --disable-shared --disable-guile --disable-doc \ 165 && make ${MAKEFLAGS_PARALLEL} \ 166 && make install \ 167 && rm -rf /tmp/gnutls* 168 169ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.7.2/bin/gnutls-cli 170ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.7.2/bin/gnutls-serv 171
