From e9c6cb0419cac00a4928ba1e0ad9e8d9b6c9f02d Mon Sep 17 00:00:00 2001 From: "Manoj Alva(ma257n)" Date: Fri, 4 Jun 2021 07:29:05 +0000 Subject: [PATCH] Support for minideb based image with gnutls package This image could be used for TLS cert creation using certtool. Change-Id: Iaffcb1497fbf0f8ce24a25b38564854b9ad61083 --- gnu-tls/Dockerfile | 19 ++++++++ gnu-tls/Makefile | 109 +++++++++++++++++++++++++++++++++++++++++++++ gnu-tls/README.md | 4 ++ 3 files changed, 132 insertions(+) create mode 100644 gnu-tls/Dockerfile create mode 100644 gnu-tls/Makefile create mode 100644 gnu-tls/README.md diff --git a/gnu-tls/Dockerfile b/gnu-tls/Dockerfile new file mode 100644 index 0000000..fc0e382 --- /dev/null +++ b/gnu-tls/Dockerfile @@ -0,0 +1,19 @@ +ARG FROM=bitnami/minideb +FROM ${FROM} + +LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \ + org.opencontainers.image.url='https://airshipit.org' \ + org.opencontainers.image.documentation='https://airshipit.readthedocs.io' \ + org.opencontainers.image.source='https://opendev.org/airship/images' \ + org.opencontainers.image.vendor='The Airship Authors' \ + org.opencontainers.image.licenses='Apache-2.0' + +RUN set -xe \ + && export DEBIAN_FRONTEND=noninteractive \ + && apt-get update -qq && apt-get -y dist-upgrade \ + && apt-get install -y gnutls-bin \ + && apt-get autoremove -y --purge \ + && apt-get clean \ + && rm -rf /var/lib/apt-get/lists/* + +CMD ["/bin/bash"] diff --git a/gnu-tls/Makefile b/gnu-tls/Makefile new file mode 100644 index 0000000..8cf8e21 --- /dev/null +++ b/gnu-tls/Makefile @@ -0,0 +1,109 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +SHELL := /bin/bash +BUILD_DIR ?= build +PUSH_IMAGE ?= false +IMAGE_ID ?= none +COMMIT ?= $(shell git rev-parse HEAD) +LABEL ?= org.airshipit.build=community +IMAGE_NAME ?= gnu-tls +DOCKER_REGISTRY ?= quay.io +IMAGE_PREFIX ?= airshipit +IMAGE_TAG ?= latest +DISTRO ?= minideb +IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}-${DISTRO} +SH_TO_CHECK := $(wildcard files/*.sh ) +PROXY ?= http://proxy.foo.com:8000 +NO_PROXY ?= localhost,127.0.0.1,.svc.cluster.local +USE_PROXY ?= false + +all: lint images + +check-docker: + @if [ -z $$(which docker) ]; then \ + echo "Missing \`docker\` client which is required for development"; \ + exit 2; \ + fi + +images: check-docker build_image + +docs: clean build_docs + +build_docs: + echo TODO + +build_image: + mkdir -p $(BUILD_DIR) +ifeq ($(IMAGE_ID), none) +ifeq ($(USE_PROXY), true) + docker build . \ + --iidfile $(BUILD_DIR)/image_id \ + --tag $(IMAGE) \ + --label $(LABEL) \ + --label "org.opencontainers.image.revision=$(COMMIT)" \ + --label "org.opencontainers.image.created=\ + $(shell date --rfc-3339=seconds --utc)" \ + --label "org.opencontainers.image.title=$(IMAGE_NAME)" \ + --build-arg http_proxy=$(PROXY) \ + --build-arg https_proxy=$(PROXY) \ + --build-arg HTTP_PROXY=$(PROXY) \ + --build-arg HTTPS_PROXY=$(PROXY) \ + --build-arg no_proxy=$(NO_PROXY) \ + --build-arg NO_PROXY=$(NO_PROXY) \ + --build-arg GIT_COMMIT=$(COMMIT) +else + docker build . \ + --iidfile $(BUILD_DIR)/image_id \ + --tag $(IMAGE) \ + --label $(LABEL) \ + --label "org.opencontainers.image.revision=$(COMMIT)" \ + --label "org.opencontainers.image.created=\ + $(shell date --rfc-3339=seconds --utc)" \ + --label "org.opencontainers.image.title=$(IMAGE_NAME)" \ + --build-arg GIT_COMMIT=$(COMMIT) +endif +else + echo $(IMAGE_ID) > $(BUILD_DIR)/image_id +endif +ifeq ($(PUSH_IMAGE), true) + docker push $(IMAGE) +endif + +clean: +ifeq ($(IMAGE_ID), none) + if [[ -s $(BUILD_DIR)/image_id ]]; \ + then \ + docker rmi $$(cat $(BUILD_DIR)/image_id); \ + fi +endif + rm -rf $(BUILD_DIR) + +# style checks +lint: test-shellcheck + echo "TODO" + +tests: lint unit_tests + +test-shellcheck: $(SH_TO_CHECK) + +unit_tests: + echo TODO + +$(SH_TO_CHECK): + docker run --rm -v $(shell pwd):/mnt \ + nlknguyen/alpine-shellcheck -x /mnt/$(@) + +.PHONY: test clean $(SH_TO_CHECK) test-shellcheck tests lint build_image \ + all build_docs docs check-docker images diff --git a/gnu-tls/README.md b/gnu-tls/README.md new file mode 100644 index 0000000..e30a4f9 --- /dev/null +++ b/gnu-tls/README.md @@ -0,0 +1,4 @@ +# gnu-tls-image + +This image serves mindeb image with gnu-tls utils for use in tls cert +generation.