testing/tkm/Dockerfile - third_party/strongswan/strongswan - Git at Google

 # Container for TKM testing
 #
 # Build and usage (called from repository root):
 #
 #   docker build -t strongswan-tkm -f testing/tkm/Dockerfile testing
 #
 #   docker run -it --rm --cap-add net_admin -v $PWD:/strongswan strongswan-tkm
 #
 # In the container, this may be used to configure strongSwan with TKM support:
 #
 #   /strongswan/configure --disable-defaults --enable-silent-rules --enable-ikev2 --enable-kernel-netlink --enable-pem --enable-pkcs1 --enable-random --enable-sha1 --enable-socket-default --enable-swanctl --enable-tkm
 #
 # The following script can be used to generate private key, CA cert and example
 # config for TKM:
 #
 #   /usr/local/share/tkm/generate-config.sh
 #
 # Run TKM in the background with:
 #
 #   tkm_keymanager -c tkm.conf -k key.der -r ca.der:1 >/tmp/tkm.log &
 #
 # Then tests for charon-tkm can be run against TKM:
 #
 #   make -j check TESTS_RUNNERS=tkm TESTS_TKM=1

 FROM debian:trixie

 ARG packages="autoconf automake bison build-essential ca-certificates ccache \
 flex git gperf libssl-dev libtool pkg-config \
 gnat gprbuild libahven-dev libxmlada-schema-dev libgmpada-dev \
 libalog-dev"

 RUN apt-get update && \
   DEBIAN_FRONTEND=noninteractive apt-get install -qq -y \
   --no-install-recommends \
   $packages \
   && rm -rf /var/lib/apt/lists/*

 COPY scripts/recipes/*.mk /tmp/recipes/

 RUN cd /tmp/recipes \
   && make -f 004_spark-crypto.mk \
   && make -f 005_anet.mk \
   && make -f 006_tkm-rpc.mk \
   && make -f 007_x509-ada.mk \
   && make -f 008_xfrm-ada.mk \
   && make -f 009_xfrm-proxy.mk \
   && make -f 010_tkm.mk \
   && rm -rf /tmp/recipes

 ENV ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
 ENV PATH=/usr/lib/ccache:$PATH

 COPY tkm/generate-config.sh /usr/local/share/tkm/
 COPY tests/tkm/host2host-initiator/hosts/moon/etc/tkm/tkm.conf /usr/local/share/tkm/

 WORKDIR /build

 CMD [ "bash" ]
	# Container for TKM testing
	#
	# Build and usage (called from repository root):
	#
	# docker build -t strongswan-tkm -f testing/tkm/Dockerfile testing
	#
	# docker run -it --rm --cap-add net_admin -v $PWD:/strongswan strongswan-tkm
	#
	# In the container, this may be used to configure strongSwan with TKM support:
	#
	# /strongswan/configure --disable-defaults --enable-silent-rules --enable-ikev2 --enable-kernel-netlink --enable-pem --enable-pkcs1 --enable-random --enable-sha1 --enable-socket-default --enable-swanctl --enable-tkm
	#
	# The following script can be used to generate private key, CA cert and example
	# config for TKM:
	#
	# /usr/local/share/tkm/generate-config.sh
	#
	# Run TKM in the background with:
	#
	# tkm_keymanager -c tkm.conf -k key.der -r ca.der:1 >/tmp/tkm.log &
	#
	# Then tests for charon-tkm can be run against TKM:
	#
	# make -j check TESTS_RUNNERS=tkm TESTS_TKM=1

	FROM debian:trixie

	ARG packages="autoconf automake bison build-essential ca-certificates ccache \
	flex git gperf libssl-dev libtool pkg-config \
	gnat gprbuild libahven-dev libxmlada-schema-dev libgmpada-dev \
	libalog-dev"

	RUN apt-get update && \
	DEBIAN_FRONTEND=noninteractive apt-get install -qq -y \
	--no-install-recommends \
	$packages \
	&& rm -rf /var/lib/apt/lists/*

	COPY scripts/recipes/*.mk /tmp/recipes/

	RUN cd /tmp/recipes \
	&& make -f 004_spark-crypto.mk \
	&& make -f 005_anet.mk \
	&& make -f 006_tkm-rpc.mk \
	&& make -f 007_x509-ada.mk \
	&& make -f 008_xfrm-ada.mk \
	&& make -f 009_xfrm-proxy.mk \
	&& make -f 010_tkm.mk \
	&& rm -rf /tmp/recipes

	ENV ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
	ENV PATH=/usr/lib/ccache:$PATH

	COPY tkm/generate-config.sh /usr/local/share/tkm/
	COPY tests/tkm/host2host-initiator/hosts/moon/etc/tkm/tkm.conf /usr/local/share/tkm/

	WORKDIR /build

	CMD [ "bash" ]