github.com/transparency-dev/armored-witness-os@v0.1.3-0.20240514084412-27eef7325168/Dockerfile (about)

     1  FROM golang:1.22-bookworm
     2  
     3  ARG TAMAGO_VERSION
     4  ARG LOG_ORIGIN
     5  ARG LOG_PUBLIC_KEY
     6  ARG APPLET_PUBLIC_KEY
     7  ARG OS_PUBLIC_KEY1
     8  ARG OS_PUBLIC_KEY2
     9  ARG GIT_SEMVER_TAG
    10  ARG SRK_HASH
    11  # Build environment variables. In addition to routing these through to the make
    12  # command, they MUST also be committed to in the manifest.
    13  ARG BEE
    14  ARG DEBUG
    15  
    16  # Install dependencies.
    17  RUN apt-get update && apt-get install -y make wget u-boot-tools binutils-arm-none-eabi
    18  
    19  RUN wget --quiet "https://github.com/usbarmory/tamago-go/releases/download/tamago-go${TAMAGO_VERSION}/tamago-go${TAMAGO_VERSION}.linux-amd64.tar.gz"
    20  RUN tar -xf "tamago-go${TAMAGO_VERSION}.linux-amd64.tar.gz" -C /
    21  # Set Tamago path for Make rule.
    22  ENV TAMAGO=/usr/local/tamago-go/bin/go
    23  
    24  WORKDIR /build
    25  
    26  COPY . .
    27  
    28  # The Makefile expects the verifiers to be in files, so make it so.
    29  RUN echo "${APPLET_PUBLIC_KEY}" > /tmp/applet.pub
    30  RUN echo "${LOG_PUBLIC_KEY}" > /tmp/log.pub
    31  RUN echo "${OS_PUBLIC_KEY1}" > /tmp/os1.pub
    32  RUN echo "${OS_PUBLIC_KEY2}" > /tmp/os2.pub
    33  
    34  # Firmware transparency parameters for output binary.
    35  ENV LOG_ORIGIN=${LOG_ORIGIN} \
    36      APPLET_PUBLIC_KEY="/tmp/applet.pub" \
    37      LOG_PUBLIC_KEY="/tmp/log.pub" \
    38      OS_PUBLIC_KEY1="/tmp/os1.pub" \
    39      OS_PUBLIC_KEY2="/tmp/os2.pub" \
    40      GIT_SEMVER_TAG=${GIT_SEMVER_TAG} \
    41      BEE=${BEE} \
    42      DEBUG=${DEBUG} \
    43      SRK_HASH=${SRK_HASH}
    44  
    45  RUN make trusted_os_release