mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
Updated the dockerfile for Ubuntu 22
This commit is contained in:
parent
d968080a43
commit
03ee0bfda8
@ -0,0 +1,19 @@
|
||||
FROM ubuntu:22.04
|
||||
|
||||
RUN apt-get update -y && apt-get upgrade -y && apt-get clean -y
|
||||
|
||||
# Install packages for building HIRS ACA
|
||||
RUN apt-get -y install openjdk-17-jdk mariadb-server
|
||||
RUN apt-get -y install git curl nano cron
|
||||
|
||||
# Ports needed for system-level tests
|
||||
EXPOSE 8080
|
||||
EXPOSE 8443
|
||||
|
||||
# Checkout HIRS main branch and run gradlew to install gradlew dependencies, then delete HIRS
|
||||
# Use '--depth=1' so as to not download the history of all commits
|
||||
RUN git clone -b main --depth=1 https://github.com/nsacyber/HIRS.git /hirsTemp
|
||||
WORKDIR "/hirsTemp"
|
||||
RUN /bin/bash -c './gradlew clean build'
|
||||
WORKDIR "/"
|
||||
RUN rm -rf /hirsTemp
|
@ -82,7 +82,7 @@ echo "Checking HIRS ACA Setup on this device..."
|
||||
rpm -q --quiet HIRS_AttestationCA
|
||||
elif [ $ID = 'ubuntu' ]; then
|
||||
echo "Ubuntu distro detected"
|
||||
dpkg -l "HIRS_AttestationCA" > /dev/null
|
||||
dpkg -l "hirs-attestationca" > /dev/null
|
||||
else
|
||||
echo "Unsupported OS Distro encountered"
|
||||
fi
|
||||
|
@ -45,7 +45,11 @@ source /etc/os-release
|
||||
if [ $ID = "ubuntu" ]; then
|
||||
DB_SRV_CONF="/etc/mysql/mariadb.conf.d/50-server.cnf"
|
||||
DB_CLIENT_CONF="/etc/mysql/mariadb.conf.d/50-client.cnf"
|
||||
echo log_error=/var/log/mysql/mysqld.log >> $DB_SRV_CONF
|
||||
if [[ $(cat "$DB_SRV_CONF" | grep -c "log-error") < 1 ]]; then
|
||||
echo log-error=/var/log/mysql/mysqld.log >> $DB_SRV_CONF
|
||||
echo "ssl-cipher=TLSv1.3" >> $DB_SRV_CONF
|
||||
echo "ssl=on" >> $DB_SRV_CONF
|
||||
fi
|
||||
fi
|
||||
|
||||
check_mysql_root_pwd () {
|
||||
@ -131,7 +135,8 @@ fi
|
||||
# Process HIRS DB USER
|
||||
set_hirs_db_pwd () {
|
||||
|
||||
RESULT="$(mysql -u root --password=$DB_ADMIN_PWD -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
||||
RESULT="$(mysql -u root --password=$DB_ADMIN_PWD -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
||||
|
||||
if [ "$RESULT" = 1 ]; then
|
||||
echo "hirs-db user exists"
|
||||
HIRS_DB_PWD=$hirs_db_password
|
||||
@ -158,7 +163,8 @@ create_hirs_db_with_tls () {
|
||||
else
|
||||
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/db_create.sql
|
||||
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/secure_mysql.sql
|
||||
mysql -u root --password=$DB_ADMIN_PWD -e "ALTER USER 'hirs_db'@'localhost' IDENTIFIED BY '"$HIRS_DB_PWD"'; FLUSH PRIVILEGES;";
|
||||
# mysql -u root --password=$DB_ADMIN_PWD -e "ALTER USER 'hirs_db'@'localhost' IDENTIFIED BY '"$HIRS_DB_PWD"'; FLUSH PRIVILEGES;";
|
||||
mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR 'hirs_db'@'localhost' = PASSWORD('"$HIRS_DB_PWD"'); FLUSH PRIVILEGES;";
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -79,9 +79,15 @@ start_mysqlsd () {
|
||||
|
||||
# Basic check for marai db status, attempts restart if not running
|
||||
check_mysql () {
|
||||
PROCESS="mysqld"
|
||||
source /etc/os-release
|
||||
if [ $ID = "ubuntu" ]; then
|
||||
PROCESS="mariadb"
|
||||
fi
|
||||
|
||||
echo "Checking mysqld status..."
|
||||
if [ $DOCKER_CONTAINER = true ]; then
|
||||
if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then
|
||||
if [[ $(pgrep -c -u mysql $PROCESS ) -eq 0 ]]; then
|
||||
echo "mariadb not running , attempting to restart"
|
||||
/usr/bin/mysqld_safe & >> "$LOG_FILE"
|
||||
fi
|
||||
@ -96,7 +102,7 @@ check_mysql () {
|
||||
|
||||
# Wait for mysql to start before continuing.
|
||||
count=1;
|
||||
if [[ $PRINT_STATUS == "-p" ]]; then echo "Checking mysqld status..."| tee -a "$LOG_FILE"; fi
|
||||
if [[ $PRINT_STATUS == "-p" ]]; then echo "Testing mysqld connection..."| tee -a "$LOG_FILE"; fi
|
||||
|
||||
until mysqladmin ping -h "localhost" --silent ; do
|
||||
((count++))
|
||||
|
@ -225,6 +225,9 @@ create_cert_chain () {
|
||||
-srcstorepass $PASS -destkeystore $DB_CLIENT.jks -deststoretype JKS -deststorepass $PASS >> "$LOG_FILE" 2>&1
|
||||
}
|
||||
|
||||
# Needed for older versions of openssl
|
||||
#openssl rand -writerand .rnd
|
||||
|
||||
if [ "$ASYM_ALG" == "rsa" ]; then
|
||||
# Create Root CA key pair and self signed cert
|
||||
echo "Generating RSA Root CA ...." | tee -a "$LOG_FILE"
|
||||
@ -255,4 +258,4 @@ if [ "$ASYM_ALG" == "ecc" ]; then
|
||||
add_to_stores $PKI_ROOT
|
||||
# Create an intermediate CA, 2 Leaf CAs, and Signer Certs
|
||||
create_cert_chain
|
||||
fi
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user