Muzosh
commented
2 months ago @ounsworth Not sure if it is any helpful to you, but I have been using this Dockerfile snippet to prepare openssl@3 with oqs-provider in my containers:
# BUILDER FOR OPENSSL WITH OQS-PROVIDER
FROM bitnami/minideb:bookworm AS builder
ENV OPENSSLv3_TAG 3.3.0
ENV OPENSSLv3_DOWNLOAD_URL https://github.com/openssl/openssl/releases/download/openssl-$OPENSSLv3_TAG/openssl-$OPENSSLv3_TAG.tar.gz
ENV OQSPROVIDER_TAG 0.6.0
RUN install_packages \
wget ca-certificates perl build-essential make git cmake ninja-build
# OPENSSL@3
WORKDIR /root/opensslv3
RUN wget $OPENSSLv3_DOWNLOAD_URL \
&& tar --strip-components=1 -zxvf openssl-$OPENSSLv3_TAG.tar.gz \
&& ./config \
&& make -j $(nproc) \
&& make -j $(nproc) install \
&& ldconfig
# OQS-PROVIDER
WORKDIR /root/oqsprovider
RUN git clone --branch $OQSPROVIDER_TAG --depth 1 https://github.com/open-quantum-safe/oqs-provider.git .\
&& OQSPROV_CMAKE_PARAMS="-DOQS_KEM_ENCODERS=ON" OPENSSL_INSTALL=/usr/local ./scripts/fullbuild.sh
# USE FOLLOWING CODE TO USE IT IN YOUR CONTAINER
# INSTALL PQ-OPENSSL3
# COPY --from=builder /usr/local/bin/* /usr/local/bin/
# COPY --from=builder /usr/local/include/* /usr/local/include/
# COPY --from=builder /usr/local/lib/* /usr/local/lib/
# COPY --from=builder /usr/local/share/* /usr/local/share/
# COPY --from=builder /usr/local/ssl/* /usr/local/ssl/
# RUN ldconfig /usr/local/lib
# COPY --from=builder /root/oqsprovider/_build/lib/oqsprovider.so /usr/local/lib/ossl-modules/oqsprovider.so
# RUN sed -i 's/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect\n\n\[oqsprovider_sect\]\nactivate = 1/g' /usr/local/ssl/openssl.cnf && sed -i 's/# activate = 1/activate = 1/g' /usr/local/ssl/openssl.cnf
# RUN rm -rf /root/oqsprovider
When artifacts are submitted, a github action could be started that would automatically unzip, run the artifacts against open source verification routines, and then update the compatibility matrix outputs.