github.com/transparency-dev/armored-witness-os@v0.1.3-0.20240514084412-27eef7325168/Dockerfile (about) 1 FROM golang:1.22-bookworm 2 3 ARG TAMAGO_VERSION 4 ARG LOG_ORIGIN 5 ARG LOG_PUBLIC_KEY 6 ARG APPLET_PUBLIC_KEY 7 ARG OS_PUBLIC_KEY1 8 ARG OS_PUBLIC_KEY2 9 ARG GIT_SEMVER_TAG 10 ARG SRK_HASH 11 # Build environment variables. In addition to routing these through to the make 12 # command, they MUST also be committed to in the manifest. 13 ARG BEE 14 ARG DEBUG 15 16 # Install dependencies. 17 RUN apt-get update && apt-get install -y make wget u-boot-tools binutils-arm-none-eabi 18 19 RUN wget --quiet "https://github.com/usbarmory/tamago-go/releases/download/tamago-go${TAMAGO_VERSION}/tamago-go${TAMAGO_VERSION}.linux-amd64.tar.gz" 20 RUN tar -xf "tamago-go${TAMAGO_VERSION}.linux-amd64.tar.gz" -C / 21 # Set Tamago path for Make rule. 22 ENV TAMAGO=/usr/local/tamago-go/bin/go 23 24 WORKDIR /build 25 26 COPY . . 27 28 # The Makefile expects the verifiers to be in files, so make it so. 29 RUN echo "${APPLET_PUBLIC_KEY}" > /tmp/applet.pub 30 RUN echo "${LOG_PUBLIC_KEY}" > /tmp/log.pub 31 RUN echo "${OS_PUBLIC_KEY1}" > /tmp/os1.pub 32 RUN echo "${OS_PUBLIC_KEY2}" > /tmp/os2.pub 33 34 # Firmware transparency parameters for output binary. 35 ENV LOG_ORIGIN=${LOG_ORIGIN} \ 36 APPLET_PUBLIC_KEY="/tmp/applet.pub" \ 37 LOG_PUBLIC_KEY="/tmp/log.pub" \ 38 OS_PUBLIC_KEY1="/tmp/os1.pub" \ 39 OS_PUBLIC_KEY2="/tmp/os2.pub" \ 40 GIT_SEMVER_TAG=${GIT_SEMVER_TAG} \ 41 BEE=${BEE} \ 42 DEBUG=${DEBUG} \ 43 SRK_HASH=${SRK_HASH} 44 45 RUN make trusted_os_release