diff --git a/epiphany/Dockerfile b/epiphany/Dockerfile index 353a6ac1..0c1acce5 100755 --- a/epiphany/Dockerfile +++ b/epiphany/Dockerfile @@ -1,8 +1,11 @@ # define the liboqs tag to be used -ARG LIBOQS_TAG=main +ARG LIBOQS_TAG=0.11.0 + +# define the openssl tag to be used +ARG OPENSSL_TAG=openssl-3.3.2 # define the oqsprovider tag to be used -ARG OQSPROVIDER_TAG=main +ARG OQSPROVIDER_TAG=0.7.0 # Default location where all binaries wind up: ARG OSSLGIODIR=/opt/ossl-gio @@ -10,6 +13,7 @@ ARG OSSLGIODIR=/opt/ossl-gio # 2-step build: First create binaries FROM ubuntu as intermediate ARG LIBOQS_TAG +ARG OPENSSL_TAG ARG OQSPROVIDER_TAG ARG OSSLGIODIR ENV DEBIAN_FRONTEND noninteractive @@ -20,7 +24,10 @@ RUN apt update && apt upgrade -y && apt install -y build-essential clang meson g WORKDIR /opt -RUN git clone --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs.git && git clone --depth 1 --branch master https://github.com/openssl/openssl ossl-src && git clone https://gitlab.gnome.org/GNOME/glib-networking.git && git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git +RUN git clone --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs.git && \ + git clone --depth 1 --branch ${OPENSSL_TAG} https://github.com/openssl/openssl ossl-src && \ + git clone https://gitlab.gnome.org/GNOME/glib-networking.git && \ + git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git # make sure the liboqs library is distributable: RUN cd liboqs && mkdir build && cd build && cmake -GNinja -DOQS_DIST_BUILD=ON -DCMAKE_INSTALL_PREFIX=/opt/liboqs .. && ninja && ninja install && cd ../.. @@ -29,6 +36,10 @@ RUN cd liboqs && mkdir build && cd build && cmake -GNinja -DOQS_DIST_BUILD=ON -D RUN cd oqs-provider && cmake -GNinja -DOQS_DIST_BUILD=ON -Dliboqs_DIR=/opt/liboqs -S . -B _build && cd _build && ninja && ninja install && cd ../.. RUN cd ossl-src && ./config no-shared -lm && make -j 2 && make install_sw && cd .. +RUN if [ -d /usr/lib/x86_64-linux-gnu ]; then ln -s /usr/lib/x86_64-linux-gnu /usr/lib/aarch64-linux-gnu; fi && \ + if [ -d /usr/lib/aarch64-linux-gnu ]; then ln -s /usr/lib/aarch64-linux-gnu /usr/lib/x86_64-linux-gnu; fi +RUN if [ -d /usr/local/lib64 ]; then ln -s /usr/local/lib64 /usr/local/lib; fi && \ + if [ -d /usr/local/lib ]; then ln -s /usr/local/lib /usr/local/lib64; fi # build glib-networking such as to use (OQS-)OpenSSL and not GnuTLS: RUN cd glib-networking && git checkout 2.72.2 && mkdir build && cd build && PKG_CONFIG_PATH=${OSSLGIODIR}/lib/pkgconfig CPATH=${OSSLGIODIR}/include LIBRARY_PATH=${OSSLGIODIR}/lib meson --prefix=${OSSLGIODIR} -Dopenssl=enabled -Dgnutls=disabled .. && CPATH=${OSSLGIODIR}/include ninja && ninja install @@ -42,16 +53,17 @@ FROM ubuntu ARG OSSLGIODIR ENV DEBIAN_FRONTEND noninteractive -RUN apt update && apt upgrade -y && apt install -y epiphany-browser +RUN apt update && apt upgrade -y && apt install -y dbus-x11 epiphany-browser COPY --from=intermediate ${OSSLGIODIR} ${OSSLGIODIR} COPY --from=intermediate /usr/local /usr/local # Move oqsprovider in place; for some unknown reason, GIO needs two locations for finding providers -RUN rm -rf /usr/local/lib64/ossl-modules/ && ln -s /usr/lib/x86_64-linux-gnu/ossl-modules /usr/local/lib64/ossl-modules +RUN if [ -d /usr/lib/x86_64-linux-gnu ]; then rm -rf /usr/local/lib64/ossl-modules/ && ln -s /usr/lib/x86_64-linux-gnu/ossl-modules /usr/local/lib64/ossl-modules; fi && \ + if [ -d /usr/lib/aarch64-linux-gnu ]; then rm -rf /usr/local/lib/ossl-modules/ && ln -s /usr/lib/aarch64-linux-gnu/ossl-modules /usr/local/lib/ossl-modules; fi COPY --from=intermediate /usr/lib/x86_64-linux-gnu/ossl-modules /usr/local/lib64/ossl-modules # Run everything under a limited user account: -RUN groupadd -g 1000 oqs && useradd -u 1000 -d /home/oqs -g oqs oqs +RUN groupadd -g 1001 oqs && useradd -u 1001 -d /home/oqs -g oqs oqs COPY openssl-client.cnf /home/oqs/openssl-client.cnf COPY startepiphany.sh /home/oqs/startepiphany.sh RUN chown -R oqs.oqs /home/oqs