[PATCH 1/1] Dockerfile: build swtpm
For testing the TPM drivers and the EFI_TCG2_PROTOCOL we need the tool swtpm.
Once we move to Ubuntu Impish we can take libtpms from package libtpms-dev.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com --- tools/docker/Dockerfile | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+)
diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile index 1a44423d77..79b7e1d0fb 100644 --- a/tools/docker/Dockerfile +++ b/tools/docker/Dockerfile @@ -48,11 +48,14 @@ RUN apt-get update && apt-get install -y \ dosfstools \ e2fsprogs \ efitools \ + expect \ fakeroot \ flex \ + gawk \ gdisk \ git \ gnu-efi \ + gnutls-dev \ graphviz \ grub-efi-amd64-bin \ grub-efi-ia32-bin \ @@ -62,13 +65,16 @@ RUN apt-get update && apt-get install -y \ iputils-ping \ libconfuse-dev \ libgit2-dev \ + libjson-glib-dev \ libguestfs-tools \ liblz4-tool \ libpixman-1-dev \ libpython3-dev \ libsdl1.2-dev \ libsdl2-dev \ + libseccomp-dev \ libssl-dev \ + libtool \ libudev-dev \ libusb-1.0-0-dev \ linux-image-kvm \ @@ -77,6 +83,7 @@ RUN apt-get update && apt-get install -y \ mount \ mtd-utils \ mtools \ + net-tools \ ninja-build \ openssl \ picocom \ @@ -92,6 +99,8 @@ RUN apt-get update && apt-get install -y \ rpm2cpio \ sbsigntool \ sloccount \ + socat \ + softhsm2 \ sparse \ srecord \ sudo \ @@ -186,6 +195,25 @@ RUN wget -O - https://github.com/pengutronix/genimage/releases/download/v14/geni make install && \ rm -rf /tmp/genimage-14
+# Build libtpms +RUN git clone https://github.com/stefanberger/libtpms /tmp/libtpms && \ + cd /tmp/libtpms && \ + ./autogen.sh && \ + ./configure && \ + make -j$(nproc) && \ + make install && \ + ldconfig && \ + rm -rf /tmp/libtpms + +# Build swtpm +RUN git clone https://github.com/stefanberger/swtpm /tmp/swtpm && \ + cd /tmp/swtpm && \ + ./autogen.sh && \ + ./configure && \ + make -j$(nproc) && \ + make install && \ + rm -rf /tmp/swtpm + # Create our user/group RUN echo uboot ALL=NOPASSWD: ALL > /etc/sudoers.d/uboot RUN useradd -m -U uboot
On Tue, Nov 09, 2021 at 07:51:20PM +0100, Heinrich Schuchardt wrote:
For testing the TPM drivers and the EFI_TCG2_PROTOCOL we need the tool swtpm.
Once we move to Ubuntu Impish we can take libtpms from package libtpms-dev.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
Much like how we used to handle one of the other requirements by wget'ing a single deb from a later release, can we do that here? Or too many dependencies?
On 11/9/21 20:27, Tom Rini wrote:
On Tue, Nov 09, 2021 at 07:51:20PM +0100, Heinrich Schuchardt wrote:
For testing the TPM drivers and the EFI_TCG2_PROTOCOL we need the tool swtpm.
Once we move to Ubuntu Impish we can take libtpms from package libtpms-dev.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
Much like how we used to handle one of the other requirements by wget'ing a single deb from a later release, can we do that here? Or too many dependencies?
The following works in "virgin" Ubuntu Focal:
apt-get update apt-get install wget dpkg-sig wget https://launchpad.net/ubuntu/+archive/primary/+files/libtpms-dev_0.9.0-0ubun... wget https://launchpad.net/ubuntu/+archive/primary/+files/libtpms0_0.9.0-0ubuntu2... dpkg -i *.deb
But this would not check package signatures. You should check the hashes of the downloaded deb files.
I would not expect that the URLs stay available when a new package version becomes available.
Why do you want to stay on Focal?
Best regards
Heinrich
On Sat, Nov 13, 2021 at 09:14:39PM +0100, Heinrich Schuchardt wrote:
On 11/9/21 20:27, Tom Rini wrote:
On Tue, Nov 09, 2021 at 07:51:20PM +0100, Heinrich Schuchardt wrote:
For testing the TPM drivers and the EFI_TCG2_PROTOCOL we need the tool swtpm.
Once we move to Ubuntu Impish we can take libtpms from package libtpms-dev.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
Much like how we used to handle one of the other requirements by wget'ing a single deb from a later release, can we do that here? Or too many dependencies?
The following works in "virgin" Ubuntu Focal:
apt-get update apt-get install wget dpkg-sig wget https://launchpad.net/ubuntu/+archive/primary/+files/libtpms-dev_0.9.0-0ubun... wget https://launchpad.net/ubuntu/+archive/primary/+files/libtpms0_0.9.0-0ubuntu2... dpkg -i *.deb
But this would not check package signatures. You should check the hashes of the downloaded deb files.
OK, we'll just build it then I guess, thanks.
I would not expect that the URLs stay available when a new package version becomes available.
Why do you want to stay on Focal?
Because it's the LTS? I try and keep CI (and python requirements, etc) to things that are widely available and still supported. I'd frankly try and stick to focal until 2022.10 is out, but will probably move to 2022.04 shortly after release just because the lack of host-gcc 11 in turn makes the checks we have for optimized memcpy/etc for aarch64 annoying. I'm tempted to switch to vanilla Debian/bullseye in CI, but need to change what we pin pygit2 to, but updating that isn't the worst idea either.
On Tue, Nov 09, 2021 at 07:51:20PM +0100, Heinrich Schuchardt wrote:
For testing the TPM drivers and the EFI_TCG2_PROTOCOL we need the tool swtpm.
Once we move to Ubuntu Impish we can take libtpms from package libtpms-dev.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
Applied to u-boot/master, thanks!
participants (2)
-
Heinrich Schuchardt -
Tom Rini