[container] build container with SoftHSM2 from Dockerfile #28
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This shortens and aligns the name of the base container to make it easier to type. Signed-off-by: Tim Trippel <ttrippel@google.com>
cfrantz
approved these changes
Oct 4, 2024
This adds a Dockerfile, build script, and Bazel build rules to build a container with SoftHSM2 inside (from a Dockerfile) so that it may be used by the SPM server container. After being built, the container was then pushed to the public OpenTitan Provisioning container registry, found here: us-docker.pkg.dev/opentitan/opentitan-public This is required fix the integration tests since the previous base container image used by the SPM server could contain a version of the PCKS#11 shared library that was not built in the same environment the SPM server was built it, causing dependency issues. Signed-off-by: Tim Trippel <ttrippel@google.com>
Container images should be released via a container registry. Including them in the tarball of the release binaries wastes build time as the containers are quite large (1G+). Signed-off-by: Tim Trippel <ttrippel@google.com>
timothytrippel
force-pushed
the
build-softhsm-in-container
branch
from
ae1e2a2
to
9d5c85f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a Dockerfile, build script, and Bazel build rules to build a container with SoftHSM2 inside (from a Dockerfile) so that it may be used by the SPM server container.
After being built, the container was then pushed to the public OpenTitan public GCP Artifact Registry, found here: us-docker.pkg.dev/opentitan/opentitan-public
This is required fix the integration tests since the previous base container image used by the SPM server could contain a version of the PCKS#11 shared library that was not built in the same environment the SPM server was built it, causing dependency issues.
Signed-off-by: Tim Trippel ttrippel@google.com