diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index caafaaf7..378f34c6 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -34,7 +34,7 @@ jobs: - uses: hadolint/hadolint-action@v2.1.0 with: recursive: true - ignore: DL3041 + ignore: DL3041,DL3008 dockerfile: Dockerfile.${{ matrix.package }} shellcheck: diff --git a/Dockerfile.agent b/Dockerfile.agent index 4b833d7d..a04eb915 100644 --- a/Dockerfile.agent +++ b/Dockerfile.agent @@ -1,14 +1,14 @@ FROM docker.io/library/python:3.10.7-slim -RUN apt update && apt install -y libyang-tools libxml2-utils make curl && rm -rf /var/lib/apt/lists/* +RUN apt update && apt install -y --no-install-recommends libyang-tools libxml2-utils make curl && rm -rf /var/lib/apt/lists/* # certificates +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] RUN curl -kL https://watsen.net/support/sztpd-simulator-0.0.11.tgz | tar -zxvf - -C /tmp/ WORKDIR /tmp/sztpd-simulator/pki -RUN sed -i 's/localhost/bootstrap/g' sztpd1/sbi/end-entity/openssl.cnf -RUN make pki +RUN sed -i "s/localhost/bootstrap/g" sztpd1/sbi/end-entity/openssl.cnf && \ + make pki + echo # create trust chain && \ + cat sztpd1/sbi/root-ca/my_cert.pem sztpd1/sbi/intermediate1/my_cert.pem > /opi.pem -# create trust chain -RUN cat sztpd1/sbi/root-ca/my_cert.pem sztpd1/sbi/intermediate1/my_cert.pem > /opi.pem - -CMD ['/bin/sh', '-c', 'sleep infinity'] +CMD ["/bin/sh", "-c", "sleep infinity"] diff --git a/Dockerfile.bootstrap b/Dockerfile.bootstrap index 340007a3..ee88c2b4 100644 --- a/Dockerfile.bootstrap +++ b/Dockerfile.bootstrap @@ -1,29 +1,29 @@ FROM docker.io/library/python:3.10.7-slim -RUN apt-get update && apt-get install -y gettext libsqlite3-dev make curl && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends gettext libsqlite3-dev make curl && rm -rf /var/lib/apt/lists/* RUN pip install --no-cache-dir sztpd==0.0.11 # certificates +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] RUN curl -kL https://watsen.net/support/sztpd-simulator-0.0.11.tgz | tar -zxvf - -C /tmp/ WORKDIR /tmp/sztpd-simulator/pki -RUN sed -i 's/localhost/bootstrap/g' sztpd1/sbi/end-entity/openssl.cnf -RUN make pki - -# SBI Port certificates -RUN cat sztpd1/sbi/end-entity/my_cert.pem sztpd1/sbi/intermediate2/my_cert.pem > /tmp/cert_chain.pem -RUN openssl crl2pkcs7 -nocrl -certfile /tmp/cert_chain.pem -outform DER -out /tmp/cert_chain.cms - -# client cert (DevID) trust anchor -RUN cat client/root-ca/my_cert.pem client/intermediate1/my_cert.pem client/intermediate2/my_cert.pem > /tmp/ta_cert_chain.pem -RUN openssl crl2pkcs7 -nocrl -certfile /tmp/ta_cert_chain.pem -outform DER -out /tmp/ta_cert_chain.cms - -# TODO: remove this line and run test from agent container instead -RUN cat sztpd1/sbi/root-ca/my_cert.pem sztpd1/sbi/intermediate1/my_cert.pem > /opi.pem +RUN sed -i 's/localhost/bootstrap/g' sztpd1/sbi/end-entity/openssl.cnf && \ + make pki && \ + echo # SBI Port certificates && \ + cat sztpd1/sbi/end-entity/my_cert.pem sztpd1/sbi/intermediate2/my_cert.pem > /tmp/cert_chain.pem && \ + openssl crl2pkcs7 -nocrl -certfile /tmp/cert_chain.pem -outform DER -out /tmp/cert_chain.cms && \ + echo # client cert (DevID) trust anchor && \ + cat client/root-ca/my_cert.pem client/intermediate1/my_cert.pem client/intermediate2/my_cert.pem > /tmp/ta_cert_chain.pem && \ + openssl crl2pkcs7 -nocrl -certfile /tmp/ta_cert_chain.pem -outform DER -out /tmp/ta_cert_chain.cms && \ + echo # TODO: remove this line and run test from agent container instead && \ + cat sztpd1/sbi/root-ca/my_cert.pem sztpd1/sbi/intermediate1/my_cert.pem > /opi.pem # configurations, images, templates COPY config/ /tmp/ # generate static template + +# hadolint ignore=SC2016 RUN \ BOOT_IMG_HASH_VAL=`openssl dgst -sha256 -c /tmp/my-boot-image.img | awk '{print $2}'` \ PRE_SCRIPT_B64=`openssl enc -base64 -A -in /tmp/my-pre-configuration-script.sh` \ diff --git a/Dockerfile.client b/Dockerfile.client index 6df44144..17df5973 100644 --- a/Dockerfile.client +++ b/Dockerfile.client @@ -1,4 +1,4 @@ FROM docker.io/library/fedora:36 -RUN dnf install -y dhclient +RUN dnf install -y dhclient && dnf clean all COPY ./dhclient.conf /etc/dhcp/ CMD ["dhclient", "-d", "-v"] diff --git a/Dockerfile.dhcp b/Dockerfile.dhcp index 1010b584..606b3d90 100644 --- a/Dockerfile.dhcp +++ b/Dockerfile.dhcp @@ -1,4 +1,4 @@ FROM docker.io/library/fedora:36 -RUN dnf install -y dhcp-server gettext +RUN dnf install -y dhcp-server gettext && dnf clean all COPY ./dhcpd.conf.template /etc/dhcp/ CMD ["dhcpd", "-d"]