Text file src/crypto/internal/boring/Dockerfile 

     1  # Copyright 2020 The Go Authors. All rights reserved.
     2  # Use of this source code is governed by a BSD-style
     3  # license that can be found in the LICENSE file.
     4  
     5  # Run this using build.sh.
     6  
     7  ARG ubuntu=ubuntu
     8  FROM $ubuntu:focal
     9  
    10  RUN mkdir /boring
    11  WORKDIR /boring
    12  
    13  ENV LANG=C
    14  ENV LANGUAGE=
    15  
    16  # Following the Security Policy for FIPS 140 certificate #4735.
    17  # https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4735.pdf
    18  # This corresponds to boringssl.googlesource.com/boringssl tag fips-20220613.
    19  RUN apt-get update && \
    20          apt-get install --no-install-recommends -y xz-utils wget unzip ca-certificates python lsb-release software-properties-common gnupg make libssl-dev faketime
    21  
    22  # Install Clang.
    23  ENV ClangV=14
    24  RUN \
    25  	wget https://apt.llvm.org/llvm.sh && \
    26  	chmod +x llvm.sh && \
    27  	./llvm.sh $ClangV
    28  
    29  # Download, validate, unpack, build, and install Ninja.
    30  ENV NinjaV=1.10.2
    31  ENV NinjaH=ce35865411f0490368a8fc383f29071de6690cbadc27704734978221f25e2bed
    32  RUN \
    33  	wget https://github.com/ninja-build/ninja/archive/refs/tags/v$NinjaV.tar.gz && \
    34  	echo "$NinjaH v$NinjaV.tar.gz" >sha && sha256sum -c sha && \
    35  	tar -xzf v$NinjaV.tar.gz && \
    36  	rm v$NinjaV.tar.gz && \
    37  	cd ninja-$NinjaV && \
    38  	CC=clang-$ClangV CXX=clang++-$ClangV ./configure.py --bootstrap && \
    39  	mv ninja /usr/local/bin/
    40  
    41  # Download, validate, unpack, build, and install Cmake.
    42  ENV CmakeV=3.22.1
    43  ENV CmakeH=0e998229549d7b3f368703d20e248e7ee1f853910d42704aa87918c213ea82c0
    44  RUN \
    45  	wget https://github.com/Kitware/CMake/releases/download/v$CmakeV/cmake-$CmakeV.tar.gz && \
    46  	echo "$CmakeH cmake-$CmakeV.tar.gz" >sha && sha256sum -c sha && \
    47  	tar -xzf cmake-$CmakeV.tar.gz && \
    48  	rm cmake-$CmakeV.tar.gz && \
    49  	cd cmake-$CmakeV && \
    50  	CC=clang-$ClangV CXX=clang++-$ClangV ./bootstrap && \
    51  	make && make install
    52  
    53  # Download, validate, unpack, and install Go.
    54  ARG GOARCH
    55  ENV GoV=1.18.1
    56  ENV GoHamd64=b3b815f47ababac13810fc6021eb73d65478e0b2db4b09d348eefad9581a2334
    57  ENV GoHarm64=56a91851c97fb4697077abbca38860f735c32b38993ff79b088dac46e4735633
    58  RUN \
    59  	eval GoH=\${GoH$GOARCH} && \
    60  	wget https://golang.org/dl/go$GoV.linux-$GOARCH.tar.gz && \
    61  	echo "$GoH go$GoV.linux-$GOARCH.tar.gz" >sha && sha256sum -c sha && \
    62  	tar -C /usr/local -xzf go$GoV.linux-$GOARCH.tar.gz && \
    63  	rm go$GoV.linux-$GOARCH.tar.gz && \
    64  	ln -s /usr/local/go/bin/go /usr/local/bin/
    65  
    66  # Download, validate, and unpack BoringCrypto.
    67  ENV BoringV=0c6f40132b828e92ba365c6b7680e32820c63fa7
    68  ENV BoringH=62f733289f2d677c2723f556aa58034c438f3a7bbca6c12b156538a88e38da8a
    69  RUN \
    70  	wget https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl-$BoringV.tar.xz && \
    71  	echo "$BoringH boringssl-$BoringV.tar.xz" >sha && sha256sum -c sha && \
    72  	tar xJf boringssl-$BoringV.tar.xz
    73  
    74  # Build BoringCrypto.
    75  ADD build-boring.sh /boring/build-boring.sh
    76  RUN /boring/build-boring.sh
    77  
    78  # Build Go BoringCrypto syso.
    79  # build.sh copies it back out of the Docker image.
    80  ADD goboringcrypto.h /boring/godriver/goboringcrypto.h
    81  ADD build-goboring.sh /boring/build-goboring.sh
    82  RUN /boring/build-goboring.sh
    83  

View as plain text

go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.