mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-19 04:58:00 +00:00
64 lines
3.1 KiB
Docker
64 lines
3.1 KiB
Docker
|
FROM rockylinux:8.8
|
||
|
|
|
||
|
|
# Purpose: This image is designed for HIRS ci testing on Rocky Linux
|
||
|
|
# Date Modified: 8/10/23
|
||
|
|
# Notes:
|
||
|
|
# * This image installs java, installs project dependencies, and runs gradlew to download gradlew
|
||
|
|
# dependencies. This saves time during a docker run. This also means the image should be
|
||
|
|
# re-built and re-posted to github each time the following occurs:
|
||
|
|
# 1) add/update a dependency
|
||
|
|
# 2) update gradle
|
||
|
|
# If not re-built, the docker run will still work, but will take longer as it downloads updates
|
||
|
|
# * Steps to login to registry, build image, tag image with ghcr.io registry, and push to registry:
|
||
|
|
# $ cat pat.txt | docker login ghcr.io -u iadgovuser## --password-stdin
|
||
|
|
# Note: pat requires permissions "upload packages from GitHub Package Registry" and possibly "repo"
|
||
|
|
# $ docker build . -f Dockerfile.rocky88ci -t hirs-rocky8-ci:latest
|
||
|
|
# Note: may need to use --no-cache when building, if 'git clone HIRS' or 'gradlew' is cached
|
||
|
|
# (bc need any updated dependencies)
|
||
|
|
# $ docker image tag hirs-rocky8-ci:latest ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest
|
||
|
|
# $ docker push ghcr.io/nsacyber/hirs/hirs-rocky8-ci:latest
|
||
|
|
|
||
|
|
# Update package installer
|
||
|
|
RUN dnf -y update
|
||
|
|
|
||
|
|
# Install Java 17
|
||
|
|
RUN dnf -y install java-17-openjdk-devel
|
||
|
|
|
||
|
|
# Set Environment Variables
|
||
|
|
#ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk
|
||
|
|
#ENV PATH="$JAVA_HOME/bin:$PATH"
|
||
|
|
|
||
|
|
# Ports needed for system-level tests
|
||
|
|
EXPOSE 8080
|
||
|
|
EXPOSE 8443
|
||
|
|
|
||
|
|
# Install HIRS dependencies
|
||
|
|
RUN dnf -y install mariadb-server initscripts firewalld policycoreutils net-tools git && dnf clean all
|
||
|
|
# maybe: libtool cmake make gcc-c++ sudo vim wget openssl openssl-devel protobuf tpm2-tools libcurl-devel libssh-devel
|
||
|
|
# prob not: rpmdevtools tpm2-tss-devel tpm2-abrmd protobuf-compiler protobuf-devel python36 log4cplus-devel re2-devel tpm2-tss-devel tpm2-abrmd-devel
|
||
|
|
|
||
|
|
# Install PACCOR for Device Info Gathering
|
||
|
|
# RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r6/paccor-1.1.4-6.noarch.rpm && yum -y install paccor-*.rpm && popd
|
||
|
|
|
||
|
|
# Install TPM Emulator for Provisioning
|
||
|
|
# RUN mkdir ibmtpm && pushd ibmtpm && wget --no-check-certificate https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm1332.tar.gz && tar -zxvf ibmtpm1332.tar.gz && cd src && make -j5 && popd
|
||
|
|
|
||
|
|
# Install Microsoft dotnet and rpm package tool
|
||
|
|
# RUN wget https://dot.net/v1/dotnet-install.sh
|
||
|
|
# RUN sh dotnet-install.sh --os linux --channel LTS
|
||
|
|
# ENV PATH="/root/.dotnet:${PATH}"
|
||
|
|
# RUN wget https://packages.microsoft.com/rhel/8/prod/packages-microsoft-prod.rpm
|
||
|
|
# RUN dnf -y install packages-microsoft-prod.rpm
|
||
|
|
# RUN dnf makecache
|
||
|
|
# RUN dnf -y install dotnet-sdk-6.0
|
||
|
|
# RUN dotnet tool install --global dotnet-rpm
|
||
|
|
# ?? need this?: RUN PATH="~/.dotnet/tools:${PATH}"
|
||
|
|
|
||
|
|
# Checkout HIRS main branch and run gradlew to install gradlew dependencies, then delete HIRS
|
||
|
|
# Use '--depth=1' so as to not download the history of all commits
|
||
|
|
RUN git clone -b main --depth=1 https://github.com/nsacyber/HIRS.git /hirsTemp
|
||
|
|
WORKDIR "/hirsTemp"
|
||
|
|
RUN /bin/bash -c './gradlew clean build'
|
||
|
|
WORKDIR "/"
|
||
|
|
RUN rm -rf /hirsTemp
|