github.com/transparency-dev/armored-witness-applet@v0.1.1/Dockerfile (about) 1 FROM golang:1.22-bookworm 2 3 ARG TAMAGO_VERSION 4 ARG FT_LOG_URL 5 ARG FT_BIN_URL 6 ARG LOG_ORIGIN 7 ARG LOG_PUBLIC_KEY 8 ARG APPLET_PUBLIC_KEY 9 ARG OS_PUBLIC_KEY1 10 ARG OS_PUBLIC_KEY2 11 ARG GIT_SEMVER_TAG 12 ARG REST_DISTRIBUTOR_BASE_URL 13 # Build environment variables. In addition to routing these through to the make 14 # command, they MUST also be committed to in the manifest. 15 ARG BEE 16 17 # Install dependencies. 18 RUN apt-get update && apt-get install -y git make wget 19 20 RUN wget --quiet "https://github.com/usbarmory/tamago-go/releases/download/tamago-go${TAMAGO_VERSION}/tamago-go${TAMAGO_VERSION}.linux-amd64.tar.gz" 21 RUN tar -xf "tamago-go${TAMAGO_VERSION}.linux-amd64.tar.gz" -C / 22 23 WORKDIR /build 24 25 COPY . . 26 27 # Set Tamago path for Make rule. 28 ENV TAMAGO=/usr/local/tamago-go/bin/go 29 30 # The Makefile expects verifiers to be stored in files, so do that. 31 RUN echo "${APPLET_PUBLIC_KEY}" > /tmp/applet.pub 32 RUN echo "${LOG_PUBLIC_KEY}" > /tmp/log.pub 33 RUN echo "${OS_PUBLIC_KEY1}" > /tmp/os1.pub 34 RUN echo "${OS_PUBLIC_KEY2}" > /tmp/os2.pub 35 36 # Firmware transparency parameters for output binary. 37 ENV FT_LOG_URL=${FT_LOG_URL} \ 38 FT_BIN_URL=${FT_BIN_URL} \ 39 LOG_ORIGIN=${LOG_ORIGIN} \ 40 LOG_PUBLIC_KEY="/tmp/log.pub" \ 41 APPLET_PUBLIC_KEY="/tmp/applet.pub" \ 42 OS_PUBLIC_KEY1="/tmp/os1.pub" \ 43 OS_PUBLIC_KEY2="/tmp/os2.pub" \ 44 GIT_SEMVER_TAG=${GIT_SEMVER_TAG} \ 45 REST_DISTRIBUTOR_BASE_URL=${REST_DISTRIBUTOR_BASE_URL} \ 46 BEE=${BEE} 47 48 RUN make trusted_applet_nosign