1# Dockerfile 2# 3# Purpose 4# ------- 5# Defines a Docker container suitable to build and run all tests (all.sh), 6# except for those that use a proprietary toolchain. 7 8# Copyright The Mbed TLS Contributors 9# SPDX-License-Identifier: Apache-2.0 10# 11# Licensed under the Apache License, Version 2.0 (the "License"); you may 12# not use this file except in compliance with the License. 13# You may obtain a copy of the License at 14# 15# http://www.apache.org/licenses/LICENSE-2.0 16# 17# Unless required by applicable law or agreed to in writing, software 18# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 19# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20# See the License for the specific language governing permissions and 21# limitations under the License. 22ARG MAKEFLAGS_PARALLEL="" 23ARG MY_REGISTRY= 24 25FROM ${MY_REGISTRY}ubuntu:bionic 26 27 28ENV DEBIAN_FRONTEND noninteractive 29 30RUN apt-get update \ 31 && apt-get -y install software-properties-common \ 32 && rm -rf /var/lib/apt/lists 33 34RUN add-apt-repository -y ppa:team-gcc-arm-embedded/ppa 35 36RUN apt-get update \ 37 && apt-get -y install \ 38 # mbedtls build/test dependencies 39 build-essential \ 40 clang \ 41 cmake \ 42 doxygen \ 43 gcc-arm-none-eabi \ 44 gcc-mingw-w64-i686 \ 45 gcc-multilib \ 46 g++-multilib \ 47 gdb \ 48 git \ 49 graphviz \ 50 lsof \ 51 python \ 52 python3-pip \ 53 python3 \ 54 pylint3 \ 55 valgrind \ 56 wget \ 57 # libnettle build dependencies 58 libgmp-dev \ 59 m4 \ 60 pkg-config \ 61 && rm -rf /var/lib/apt/lists/* 62 63# Jinja2 is required for driver dispatch code generation. 64RUN python3 -m pip install \ 65 jinja2==2.10.1 types-jinja2 66 67# Build a static, legacy openssl from sources with sslv3 enabled 68# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) 69# Note: openssl-1.0.2 and earlier has known build issues with parallel make. 70RUN cd /tmp \ 71 && wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz -qO- | tar xz \ 72 && cd openssl-1.0.1j \ 73 && ./config --openssldir=/usr/local/openssl-1.0.1j no-shared \ 74 && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \ 75 && make install_sw \ 76 && rm -rf /tmp/openssl* 77ENV OPENSSL_LEGACY=/usr/local/openssl-1.0.1j/bin/openssl 78 79# Build OPENSSL as 1.0.2g 80RUN cd /tmp \ 81 && wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz -qO- | tar xz \ 82 && cd openssl-1.0.2g \ 83 && ./config --openssldir=/usr/local/openssl-1.0.2g no-shared \ 84 && (make ${MAKEFLAGS_PARALLEL} || make -j 1) \ 85 && make install_sw \ 86 && rm -rf /tmp/openssl* 87ENV OPENSSL=/usr/local/openssl-1.0.2g/bin/openssl 88 89# Build a new openssl binary for ARIA/CHACHA20 support 90# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh) 91RUN cd /tmp \ 92 && wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz -qO- | tar xz \ 93 && cd openssl-1.1.1a \ 94 && ./config --prefix=/usr/local/openssl-1.1.1a -Wl,--enable-new-dtags,-rpath,'${LIBRPATH}' no-shared \ 95 && make ${MAKEFLAGS_PARALLEL} \ 96 && make install_sw \ 97 && rm -rf /tmp/openssl* 98ENV OPENSSL_NEXT=/usr/local/openssl-1.1.1a/bin/openssl 99 100# Build libnettle 2.7.1 (needed by legacy gnutls) 101RUN cd /tmp \ 102 && wget https://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz -qO- | tar xz \ 103 && cd nettle-2.7.1 \ 104 && ./configure --disable-documentation \ 105 && make ${MAKEFLAGS_PARALLEL} \ 106 && make install \ 107 && /sbin/ldconfig \ 108 && rm -rf /tmp/nettle* 109 110# Build legacy gnutls (3.3.8) 111RUN cd /tmp \ 112 && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.3/gnutls-3.3.8.tar.xz -qO- | tar xJ \ 113 && cd gnutls-3.3.8 \ 114 && ./configure --prefix=/usr/local/gnutls-3.3.8 --exec_prefix=/usr/local/gnutls-3.3.8 --disable-shared --disable-guile --disable-doc \ 115 && make ${MAKEFLAGS_PARALLEL} \ 116 && make install \ 117 && rm -rf /tmp/gnutls* 118ENV GNUTLS_LEGACY_CLI=/usr/local/gnutls-3.3.8/bin/gnutls-cli 119ENV GNUTLS_LEGACY_SERV=/usr/local/gnutls-3.3.8/bin/gnutls-serv 120 121# Build libnettle 3.1 (needed by gnutls) 122RUN cd /tmp \ 123 && wget https://ftp.gnu.org/gnu/nettle/nettle-3.1.tar.gz -qO- | tar xz \ 124 && cd nettle-3.1 \ 125 && ./configure --disable-documentation \ 126 && make ${MAKEFLAGS_PARALLEL} \ 127 && make install \ 128 && /sbin/ldconfig \ 129 && rm -rf /tmp/nettle* 130 131# Build gnutls (3.4.10) 132RUN cd /tmp \ 133 && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.4/gnutls-3.4.10.tar.xz -qO- | tar xJ \ 134 && cd gnutls-3.4.10 \ 135 && ./configure --prefix=/usr/local/gnutls-3.4.10 --exec_prefix=/usr/local/gnutls-3.4.10 \ 136 --with-included-libtasn1 --without-p11-kit \ 137 --disable-shared --disable-guile --disable-doc \ 138 && make ${MAKEFLAGS_PARALLEL} \ 139 && make install \ 140 && rm -rf /tmp/gnutls* 141ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli 142ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv 143 144# Build libnettle 3.7.3 (needed by gnutls next) 145RUN cd /tmp \ 146 && wget https://ftp.gnu.org/gnu/nettle/nettle-3.7.3.tar.gz -qO- | tar xz \ 147 && cd nettle-3.7.3 \ 148 && ./configure --disable-documentation \ 149 && make ${MAKEFLAGS_PARALLEL} \ 150 && make install \ 151 && /sbin/ldconfig \ 152 && rm -rf /tmp/nettle* 153 154# Build gnutls next (3.7.2) 155RUN cd /tmp \ 156 && wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz -qO- | tar xJ \ 157 && cd gnutls-3.7.2 \ 158 && ./configure --prefix=/usr/local/gnutls-3.7.2 --exec_prefix=/usr/local/gnutls-3.7.2 \ 159 --with-included-libtasn1 --with-included-unistring --without-p11-kit \ 160 --disable-shared --disable-guile --disable-doc \ 161 && make ${MAKEFLAGS_PARALLEL} \ 162 && make install \ 163 && rm -rf /tmp/gnutls* 164 165ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.7.2/bin/gnutls-cli 166ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.7.2/bin/gnutls-serv 167