search

stefanberger / swtpm

Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
Other
564 stars 136 forks source link

Any objection if I add Dockerfile here ? #869

Closed glimchb closed 1 month ago

glimchb commented 2 months ago

wiki page https://github.com/stefanberger/swtpm/wiki/Dockerfiles is not enough...

something like this is super easy and helpful:

$ cat Dockerfile
FROM debian:12.6-slim

RUN apt-get update && \
    apt-get install --no-install-recommends -y swtpm=0.7.1-1.3 && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

ENTRYPOINT ["/usr/bin/swtpm"]

lint passed:

$ docker run --rm -i ghcr.io/hadolint/hadolint < Dockerfile
$

build:

$ docker build -t swtpm:0.7.1 - < Dockerfile
Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM debian:12.6-slim
 ---> 3eeb141ea1a1
Step 2/3 : RUN apt-get update &&     apt-get install --no-install-recommends -y swtpm=0.7.1-1.3 &&     apt-get clean &&     rm -rf /var/lib/apt/lists/*
 ---> Using cache
 ---> a9e31f6fdb72
Step 3/3 : ENTRYPOINT ["/usr/bin/swtpm"]
 ---> Using cache
 ---> 6fb7ab4b45f6
Successfully built 6fb7ab4b45f6
Successfully tagged swtpm:0.7.1

run:

$ docker run --rm -it swtpm:0.7.1 --version
TPM emulator version 0.7.1, Copyright (c) 2014-2021 IBM Corp.
stefanberger commented 2 months ago

Regarding your title: a Dockerfile for swtpm should probably install the swtpm from the git repo rather than a specific old version from a distro

glimchb commented 2 months ago

Regarding your title: a Dockerfile for swtpm should probably install the swtpm from the git repo rather than a specific old version from a distro

sure, I can do that, absolutely just wanted to get general agreement to work on this from the maintainer if agreed, I will create PR I can also do a matrix of 3 last versions to build and publish or just do the latest and then all future ones...

stefanberger commented 2 months ago

Regarding your title: a Dockerfile for swtpm should probably install the swtpm from the git repo rather than a specific old version from a distro

sure, I can do that, absolutely just wanted to get general agreement to work on this from the maintainer if agreed, I will create PR I can also do a matrix of 3 last versions to build and publish or just do the latest and then all future ones...

My preference would be that I don't have to deal much with updating the versions installed in the container and the version of the underlying distro and that others don't feel the need to add Dockerfiles for their favorite distro because then it becomes endless.

glimchb commented 2 months ago

My preference would be that I don't have to deal much with updating the versions installed in the container and the version of the underlying distro and that others don't feel the need to add Dockerfiles for their favorite distro because then it becomes endless.

Yep, understood, minimal support is a requirement.

lmussier commented 1 month ago

Hi @glimchb, if I may, is there any chance that your contribution will lead to a container where we can use swtpm seamlessly? I'm strugeling to find a way to have an image where swtpm would run and be the responder of tpm2-tools / tpm2-openssl for instance.

stefanberger commented 1 month ago

FYI: I am testing swtpm across distros in this project here: https://github.com/stefanberger/swtpm-distro-compile/

Maybe you can derive a Dockerfile from either one of these. Alpine seems to be a distro that produces a small image iirc.

glimchb commented 1 month ago

@stefanberger I also saw this repo... it that maintained ? https://github.com/tpm2-software/tpm2-software-container ?

glimchb commented 1 month ago

Hi @glimchb, if I may, is there any chance that your contribution will lead to a container where we can use swtpm seamlessly? I'm strugeling to find a way to have an image where swtpm would run and be the responder of tpm2-tools / tpm2-openssl for instance.

@lmussier While I work on the dockerfile in this repo, I already deployed example in my project using debian container. It works seamlessly both swtpm and tpm2tools, docker-compose is testing this https://github.com/opiproject/sztp/blob/3c77452310bdcb3e8bb1da9bb6d8e6839f2c1dff/docker-compose.yml#L254-L279

let me know if that works, I will try to replicate same behavior here, just using latest code instead of DEB pre-built package...

glimchb commented 1 month ago

sorry it took me few days - I was ooo

PR submitted for review based on alpine docker I also added github actions for lint, build and test I also added docker compose for test and example Any comments are welcomed

glimchb commented 1 month ago

@stefanberger

I publish docker image automatically to ghcr.io/stefanberger/swtpm so peopel can download and use it without need to rebuild all the time themselves...

if you want to publish docker also to https://hub.docker.com/u/stefanberger everything is ready, just to have 2 secrets defined in this repo settings: secrets.DOCKERHUB_USERNAME and secrets.DOCKERHUB_TOKEN

glimchb commented 1 month ago

opened new #876 to publish to https://hub.docker.com/u/stefanberger