Updated the dockerfile for Ubuntu 22

This commit is contained in:
iadgovuser26 2023-10-11 19:56:36 +00:00
parent d968080a43
commit 03ee0bfda8
5 changed files with 41 additions and 7 deletions

View File

@ -0,0 +1,19 @@
FROM ubuntu:22.04
RUN apt-get update -y && apt-get upgrade -y && apt-get clean -y
# Install packages for building HIRS ACA
RUN apt-get -y install openjdk-17-jdk mariadb-server
RUN apt-get -y install git curl nano cron
# Ports needed for system-level tests
EXPOSE 8080
EXPOSE 8443
# Checkout HIRS main branch and run gradlew to install gradlew dependencies, then delete HIRS
# Use '--depth=1' so as to not download the history of all commits
RUN git clone -b main --depth=1 https://github.com/nsacyber/HIRS.git /hirsTemp
WORKDIR "/hirsTemp"
RUN /bin/bash -c './gradlew clean build'
WORKDIR "/"
RUN rm -rf /hirsTemp

View File

@ -82,7 +82,7 @@ echo "Checking HIRS ACA Setup on this device..."
rpm -q --quiet HIRS_AttestationCA
elif [ $ID = 'ubuntu' ]; then
echo "Ubuntu distro detected"
dpkg -l "HIRS_AttestationCA" > /dev/null
dpkg -l "hirs-attestationca" > /dev/null
else
echo "Unsupported OS Distro encountered"
fi

View File

@ -45,7 +45,11 @@ source /etc/os-release
if [ $ID = "ubuntu" ]; then
DB_SRV_CONF="/etc/mysql/mariadb.conf.d/50-server.cnf"
DB_CLIENT_CONF="/etc/mysql/mariadb.conf.d/50-client.cnf"
echo log_error=/var/log/mysql/mysqld.log >> $DB_SRV_CONF
if [[ $(cat "$DB_SRV_CONF" | grep -c "log-error") < 1 ]]; then
echo log-error=/var/log/mysql/mysqld.log >> $DB_SRV_CONF
echo "ssl-cipher=TLSv1.3" >> $DB_SRV_CONF
echo "ssl=on" >> $DB_SRV_CONF
fi
fi
check_mysql_root_pwd () {
@ -131,7 +135,8 @@ fi
# Process HIRS DB USER
set_hirs_db_pwd () {
RESULT="$(mysql -u root --password=$DB_ADMIN_PWD -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
RESULT="$(mysql -u root --password=$DB_ADMIN_PWD -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [ "$RESULT" = 1 ]; then
echo "hirs-db user exists"
HIRS_DB_PWD=$hirs_db_password
@ -158,7 +163,8 @@ create_hirs_db_with_tls () {
else
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/db_create.sql
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/secure_mysql.sql
mysql -u root --password=$DB_ADMIN_PWD -e "ALTER USER 'hirs_db'@'localhost' IDENTIFIED BY '"$HIRS_DB_PWD"'; FLUSH PRIVILEGES;";
# mysql -u root --password=$DB_ADMIN_PWD -e "ALTER USER 'hirs_db'@'localhost' IDENTIFIED BY '"$HIRS_DB_PWD"'; FLUSH PRIVILEGES;";
mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR 'hirs_db'@'localhost' = PASSWORD('"$HIRS_DB_PWD"'); FLUSH PRIVILEGES;";
fi
}

View File

@ -79,9 +79,15 @@ start_mysqlsd () {
# Basic check for marai db status, attempts restart if not running
check_mysql () {
PROCESS="mysqld"
source /etc/os-release
if [ $ID = "ubuntu" ]; then
PROCESS="mariadb"
fi
echo "Checking mysqld status..."
if [ $DOCKER_CONTAINER = true ]; then
if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then
if [[ $(pgrep -c -u mysql $PROCESS ) -eq 0 ]]; then
echo "mariadb not running , attempting to restart"
/usr/bin/mysqld_safe & >> "$LOG_FILE"
fi
@ -96,7 +102,7 @@ check_mysql () {
# Wait for mysql to start before continuing.
count=1;
if [[ $PRINT_STATUS == "-p" ]]; then echo "Checking mysqld status..."| tee -a "$LOG_FILE"; fi
if [[ $PRINT_STATUS == "-p" ]]; then echo "Testing mysqld connection..."| tee -a "$LOG_FILE"; fi
until mysqladmin ping -h "localhost" --silent ; do
((count++))

View File

@ -225,6 +225,9 @@ create_cert_chain () {
-srcstorepass $PASS -destkeystore $DB_CLIENT.jks -deststoretype JKS -deststorepass $PASS >> "$LOG_FILE" 2>&1
}
# Needed for older versions of openssl
#openssl rand -writerand .rnd
if [ "$ASYM_ALG" == "rsa" ]; then
# Create Root CA key pair and self signed cert
echo "Generating RSA Root CA ...." | tee -a "$LOG_FILE"
@ -255,4 +258,4 @@ if [ "$ASYM_ALG" == "ecc" ]; then
add_to_stores $PKI_ROOT
# Create an intermediate CA, 2 Leaf CAs, and Signer Certs
create_cert_chain
fi
fi