From fbeb54522f767f1a78f3da173ce9b3ac47396c2a Mon Sep 17 00:00:00 2001 From: iadgovuser29 <33426478+iadgovuser29@users.noreply.github.com> Date: Wed, 15 Nov 2023 11:11:42 -0500 Subject: [PATCH] Removed TPM from the ACA on Rocky image, changed container detection --- .ci/docker/Dockerfile.aca-rocky | 13 ------------- .ci/docker/Dockerfile.aca-windows | 2 +- .ci/docker/compose-acceptance-test.yml | 4 ++-- package/scripts/db/mysql_util.sh | 3 +-- 4 files changed, 4 insertions(+), 18 deletions(-) diff --git a/.ci/docker/Dockerfile.aca-rocky b/.ci/docker/Dockerfile.aca-rocky index a7806a4a..32e0d58d 100644 --- a/.ci/docker/Dockerfile.aca-rocky +++ b/.ci/docker/Dockerfile.aca-rocky @@ -24,19 +24,6 @@ ENV HIRS_DNF_TPM_COMPILE="tpm2-tools gcc cmake openssl-devel" # Download and install all dependencies at one time RUN dnf -y install $(echo "$HIRS_DNF_OS_SETUP") $(echo "$HIRS_DNF_OS_TOOLS") $(echo "$HIRS_DNF_ACA_COMPILE") $(echo "$HIRS_DNF_ACA_RUN") $(echo "$HIRS_DNF_TPM_COMPILE") -# Set up TPM Simulator -RUN git clone https://github.com/kgoldman/ibmswtpm2 /ibmswtpm2 -WORKDIR /ibmswtpm2/src -RUN make -# The following script allows the TPM to be set up in the docker image. -# This will install an empty TPM. -RUN echo "#!/bin/bash" > /tmp/tpm_config && \ - echo "/ibmswtpm2/src/tpm_server &" >> /tmp/tpm_config && \ - echo "sleep 5" >> /tmp/tpm_config && \ - echo "tpm2_startup -c" >> /tmp/tpm_config && \ - bash /tmp/tpm_config && \ - rm -rf /tmp/tpm_config - #EXPOSE 8080 # Only needed if TLS is not working. EXPOSE 8443 diff --git a/.ci/docker/Dockerfile.aca-windows b/.ci/docker/Dockerfile.aca-windows index 0474b62e..d9c33c5f 100644 --- a/.ci/docker/Dockerfile.aca-windows +++ b/.ci/docker/Dockerfile.aca-windows @@ -57,7 +57,7 @@ RUN echo $Env:JAVA_HOME WORKDIR C:/ RUN git config --global --add core.autocrlf false RUN git config --global --add safe.directory '*' -RUN git clone -b v3_windows-package-scripts https://github.com/nsacyber/hirs.git C:/repo +RUN git clone -b main https://github.com/nsacyber/hirs.git C:/repo # Defensive copy of the repo so it's easy to start fresh if needed WORKDIR C:/repo diff --git a/.ci/docker/compose-acceptance-test.yml b/.ci/docker/compose-acceptance-test.yml index 378e4e30..6e3bf5b7 100644 --- a/.ci/docker/compose-acceptance-test.yml +++ b/.ci/docker/compose-acceptance-test.yml @@ -1,7 +1,7 @@ version: "3.9" services: aca: # policy settings not saved, will have a clean database/default policy on each boot for now - image: ghcr.io/nsacyber/hirs/aca:alpha2 + image: ghcr.io/nsacyber/hirs/aca:alpha3 container_name: aca ports: - "8443:8443" @@ -9,7 +9,7 @@ services: hat_network: ipv4_address: 172.16.1.75 hat: - image: ghcr.io/nsacyber/hirs/hat:alpha4 + image: ghcr.io/nsacyber/hirs/hat:alpha6 container_name: hat ports: - 53:53/tcp diff --git a/package/scripts/db/mysql_util.sh b/package/scripts/db/mysql_util.sh index 08d62daf..d46dfc43 100755 --- a/package/scripts/db/mysql_util.sh +++ b/package/scripts/db/mysql_util.sh @@ -12,8 +12,7 @@ SQL_SERVICE="mariadb" check_for_container () { PRINT_STATUS=$1 # Check if we're in a Docker container - if [[ $(cat /proc/1/cgroup | head -n 1) == *"docker"* ]]; then - #if [ -f /.dockerenv ]; then + if [[ $(cat /proc/1/cgroup | head -n 1) == *"docker"* ]] || [ -f /.dockerenv ]; then DOCKER_CONTAINER=true if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is running in a container..." | tee -a "$LOG_FILE"; fi else