-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
65 lines (45 loc) · 2.31 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Multi-stage build: First the full builder image:
# liboqs build type variant; maximum portability of image; no openssl dependency:
ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_OPENSSL=OFF"
# make build arguments: Adding -j here speeds up build but may tax hardware
ARG MAKE_DEFINES="-j 2"
FROM alpine:3.11 as intermediate
# Take in all global args
ARG LIBOQS_BUILD_DEFINES
ARG MAKE_DEFINES
LABEL version="2"
ENV DEBIAN_FRONTEND noninteractive
RUN apk update && apk upgrade
# Get all software packages required for builing all components:
RUN apk add build-base linux-headers cmake ninja git
# get all sources
WORKDIR /opt
RUN git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs && \
git clone --depth 1 --branch main https://github.com/open-quantum-safe/pyoqs-sdk.git
# build liboqs
WORKDIR /opt/liboqs
RUN mkdir build && cd build && cmake -GNinja .. ${LIBOQS_BUILD_DEFINES} && ninja install
WORKDIR /opt
RUN git clone --depth 1 --branch OQS-OpenSSL_1_1_1-stable https://github.com/open-quantum-safe/openssl.git && cd liboqs && mkdir build-openssl && cd build-openssl && cmake -G"Ninja" .. ${LIBOQS_BUILD_DEFINES} -DCMAKE_INSTALL_PREFIX=/opt/openssl/oqs && ninja install
RUN apk add automake autoconf && cd /opt/openssl && LDFLAGS="-Wl,-rpath -Wl,/usr/local/lib64" ./Configure shared linux-x86_64 -lm && make ${MAKE_DEFINES} && make install_sw
# Get LetsEncrypt root
RUN wget https://letsencrypt.org/certs/isrgrootx1.pem
## second stage: Only create minimal image without build tooling and intermediate build results generated above:
FROM alpine:3.11
# Get all software packages required for running all components:
RUN apk update && apk upgrade && apk add python3
# Only retain the binary contents in the final image
COPY --from=intermediate /usr/local /usr/local
COPY --from=intermediate /opt/pyoqs-sdk /opt/pyoqs-sdk
ENV PYTHONPATH=/opt/pyoqs-sdk
# Install pyoqs-sdk
RUN cd /opt/pyoqs-sdk && python3 setup.py install
# Enable a normal user
RUN addgroup -g 1000 -S oqs && adduser --uid 1000 -S oqs -G oqs
USER oqs
WORKDIR /home/oqs
COPY minitest.py /home/oqs/minitest.py
COPY --from=intermediate /opt/isrgrootx1.pem /home/oqs/isrgrootx1.pem
# ensure oqs libs are found. Unset if interested in using stock openssl:
ENV LD_LIBRARY_PATH=/usr/local/lib64
CMD ["python3", "minitest.py"]