Skip to content

Commit

Permalink
fix: use patched openssl to fix SEGV bug when using kms pkcs11 module (
Browse files Browse the repository at this point in the history 
…#59)

* Revert "fix: temporarily use debian stable, as openssl in testing breaks aws kms pkcs11 module support"

This reverts commit 3ef1d2e.

* fix: use patched openssl to fix SEGV bug when using kms pkcs11 module
  • Loading branch information
@nkraetzschmar
nkraetzschmar authored Feb 1, 2024
1 parent 488dac4 commit e8eecd6
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,27 @@
FROM debian:stable AS mv_data
FROM debian:testing AS mv_data
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends build-essential ca-certificates git
RUN git clone --depth=1 https://github.com/gardenlinux/mv_data
RUN make -C mv_data install

FROM debian:stable AS aws-kms-pkcs11
FROM debian:testing AS aws-kms-pkcs11
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends build-essential awscli ca-certificates cmake git libcurl4-openssl-dev libengine-pkcs11-openssl libjson-c-dev libssl-dev libp11-kit-dev libp11-dev zlib1g-dev
RUN git clone --depth=1 --recurse-submodules -b 1.11.25 https://github.com/aws/aws-sdk-cpp
RUN mkdir aws-sdk-cpp/.build && cd aws-sdk-cpp/.build && cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DBUILD_ONLY="kms;acm-pca" .. && make -j "$(nproc)" install
RUN git clone --depth=1 -b v0.0.10 https://github.com/gardenlinux/aws-kms-pkcs11
RUN cd aws-kms-pkcs11 && make -j "$(nproc)" AWS_SDK_STATIC=y install
RUN cp "/usr/lib/$(uname -m)-linux-gnu/pkcs11/aws_kms_pkcs11.so" /aws_kms_pkcs11.so

FROM debian:stable
FROM debian:testing

LABEL org.opencontainers.image.source="https://github.com/gardenlinux/builder"
LABEL org.opencontainers.image.description="Builder for Garden Linux"

COPY pkg.list /pkg.list
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $(cat /pkg.list) && rm /pkg.list
RUN cd /tmp \
&& curl -sSL "https://github.com/gardenlinux/package-openssl/releases/download/3.1.4-2gardenlinux0/openssl_3.1.4-2gardenlinux0_$(dpkg --print-architecture).deb" > openssl.deb \
&& dpkg -i openssl.deb \
&& rm openssl.deb
COPY --from=mv_data /usr/bin/mv_data /usr/bin/mv_data
COPY --from=aws-kms-pkcs11 /aws_kms_pkcs11.so /aws_kms_pkcs11.so
RUN mv /aws_kms_pkcs11.so "/usr/lib/$(uname -m)-linux-gnu/pkcs11/aws_kms_pkcs11.so"
Expand Down

0 comments on commit e8eecd6

Please sign in to comment.