...
1# Copyright 2020 The Go Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file.
4
5# Run this using build.sh.
6
7ARG ubuntu=ubuntu
8FROM $ubuntu:focal
9
10RUN mkdir /boring
11WORKDIR /boring
12
13ENV LANG=C
14ENV LANGUAGE=
15
16# Following NIST submission draft dated July 3, 2021.
17# This corresponds to boringssl.googlesource.com/boringssl tag fips-20210429.
18ENV ClangV=12
19RUN apt-get update && \
20 apt-get install --no-install-recommends -y cmake xz-utils wget unzip ca-certificates clang-$ClangV python
21
22# Download, validate, unpack, build, and install Ninja.
23ENV NinjaV=1.10.2
24ENV NinjaH=ce35865411f0490368a8fc383f29071de6690cbadc27704734978221f25e2bed
25RUN \
26 wget https://github.com/ninja-build/ninja/archive/refs/tags/v$NinjaV.tar.gz && \
27 echo "$NinjaH v$NinjaV.tar.gz" >sha && sha256sum -c sha && \
28 tar -xzf v$NinjaV.tar.gz && \
29 rm v$NinjaV.tar.gz && \
30 cd ninja-$NinjaV && \
31 CC=clang-$ClangV CXX=clang++-$ClangV ./configure.py --bootstrap && \
32 mv ninja /usr/local/bin/
33
34# Download, validate, unpack, and install Go.
35ARG GOARCH
36ENV GoV=1.16.5
37ENV GoHamd64=b12c23023b68de22f74c0524f10b753e7b08b1504cb7e417eccebdd3fae49061
38ENV GoHarm64=d5446b46ef6f36fdffa852f73dfbbe78c1ddf010b99fa4964944b9ae8b4d6799
39RUN \
40 eval GoH=\${GoH$GOARCH} && \
41 wget https://golang.org/dl/go$GoV.linux-$GOARCH.tar.gz && \
42 echo "$GoH go$GoV.linux-$GOARCH.tar.gz" >sha && sha256sum -c sha && \
43 tar -C /usr/local -xzf go$GoV.linux-$GOARCH.tar.gz && \
44 rm go$GoV.linux-$GOARCH.tar.gz && \
45 ln -s /usr/local/go/bin/go /usr/local/bin/
46
47# Download, validate, and unpack BoringCrypto.
48ENV BoringV=853ca1ea1168dff08011e5d42d94609cc0ca2e27
49ENV BoringH=a4d069ccef6f3c7bc0c68de82b91414f05cb817494cd1ab483dcf3368883c7c2
50RUN \
51 wget https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl-$BoringV.tar.xz && \
52 echo "$BoringH boringssl-$BoringV.tar.xz" >sha && sha256sum -c sha && \
53 tar xJf boringssl-$BoringV.tar.xz
54
55# Build BoringCrypto.
56ADD build-boring.sh /boring/build-boring.sh
57RUN /boring/build-boring.sh
58
59# Build Go BoringCrypto syso.
60# build.sh copies it back out of the Docker image.
61ADD goboringcrypto.h /boring/godriver/goboringcrypto.h
62ADD build-goboring.sh /boring/build-goboring.sh
63RUN /boring/build-goboring.sh
View as plain text