- Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathDockerfile
159 lines (135 loc) · 5.59 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
ARG ARCH=armv7hf
ARG VERSION=12.3.0
ARG UBUNTU_VERSION=24.04
ARG REPO=axisecp
ARG SDK=acap-native-sdk
FROM ${REPO}/${SDK}:${VERSION}-${ARCH}-ubuntu${UBUNTU_VERSION}
# Set arguments used in build of both libraries
ARG ARCH=armv7hf
ARG SDK_LIB_PATH_BASE=/opt/axis/acapsdk/sysroots/${ARCH}/usr
ARG APP_RPATH=/usr/local/packages/openssl_curl_example
ARG BUILD_DIR=/opt/build
ARG PEM_CERT_FILE=cacert.pem
# Library versions
ARG OPENSSL_VER=1.1.1m
ARG CURL_VER=7_83_1
# (Optional) If the network has a proxy
ARG APP_PROXY
ENV APP_PROXY ${APP_PROXY}
# (Optional) Get more verbose logging when running the application
ARG APP_DEBUG
ENV APP_DEBUG ${APP_DEBUG}
#-------------------------------------------------------------------------------
# Prepare build environment
#-------------------------------------------------------------------------------
# Delete OpenSSL and curl libraries in SDK to avoid linking to them in build
# time. This is a safety precaution since all shared libraries should use the
# libc version from the SDK in build time.
WORKDIR ${SDK_LIB_PATH_BASE}/lib
RUN [ -z "$(ls libcrypto.so* libssl.so* libcurl.so*)" ] || \
rm -f libcrypto.so* libssl.so* libcurl.so*
WORKDIR ${SDK_LIB_PATH_BASE}/lib/pkgconfig
RUN [ -z "$(ls libssl.pc libcrypto.pc openssl.pc libcurl.pc)" ] || \
rm -f libssl.pc libcrypto.pc openssl.pc libcurl.pc
WORKDIR ${SDK_LIB_PATH_BASE}/include
RUN [ -z "$(ls openssl crypto curl)" ] || \
rm -rf openssl crypto curl
# Install build dependencies for cross compiling OpenSSL and curl
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
autoconf \
libtool \
automake && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
#-------------------------------------------------------------------------------
# Build OpenSSL libraries
#-------------------------------------------------------------------------------
ARG OPENSSL_BUILD_PATH=${BUILD_DIR}/openssl
ARG OPENSSL_BUILD_DIR=${OPENSSL_BUILD_PATH}/openssl-${OPENSSL_VER}
ARG OPENSSL_INSTALL_DIR=${SDK_LIB_PATH_BASE}
WORKDIR ${OPENSSL_BUILD_PATH}
RUN curl -L -O https://www.openssl.org/source/openssl-${OPENSSL_VER}.tar.gz && \
tar xzvf openssl-${OPENSSL_VER}.tar.gz
WORKDIR ${OPENSSL_BUILD_DIR}
RUN if [ "$ARCH" = "armv7hf" ]; then \
ARCH_LIB=linux-armv4 ;\
elif [ "$ARCH" = "aarch64" ]; then \
ARCH_LIB=linux-aarch64 ;\
else \
echo "Error: ARCH '${ARCH}' is not supported"; \
exit 1; \
fi && \
# Sourcing the SDK environment to get correct cross compiler, but unset
# conflicting environment variables used by OpenSSL like CROSS_COMPILE
. /opt/axis/acapsdk/environment-setup* && \
unset CROSS_COMPILE && \
# Configure build options
./Configure \
${ARCH_LIB} \
no-deprecated \
shared \
--strict-warnings \
# Install the OpenSSL shared object(.so), header(.h) and pkgconfig(.pc)
# files to the SDK library path in order to help curl link to them and
# other dependencies like libc correctly in build time.
--prefix=${OPENSSL_INSTALL_DIR} \
--openssldir=${APP_RPATH} \
"-Wl,-rpath,${APP_RPATH}/lib" && \
./configdata.pm --dump
RUN make && \
make install_sw
#-------------------------------------------------------------------------------
# Build curl library
#-------------------------------------------------------------------------------
ARG CURL_BUILD_PATH=${BUILD_DIR}/curl
ARG CURL_BUILD_DIR=${CURL_BUILD_PATH}/curl-${CURL_VER}
ARG CURL_INSTALL_DIR=${CURL_BUILD_PATH}/install
# Clone a curl tag in to a versioned directory
WORKDIR ${CURL_BUILD_PATH}
RUN git clone https://github.com/curl/curl.git --branch=curl-${CURL_VER} curl-${CURL_VER}
WORKDIR ${CURL_BUILD_DIR}
# CONFIGURE_FLAGS need to be split
# hadolint ignore=SC2086
RUN . /opt/axis/acapsdk/environment-setup* && \
autoreconf -fi && \
LDFLAGS="${LDFLAGS} -Wl,-rpath,${APP_RPATH}/lib" \
./configure \
--with-openssl \
--without-zlib \
--without-zstd \
--prefix="${CURL_INSTALL_DIR}" \
${CONFIGURE_FLAGS} && \
make && \
make install
#-------------------------------------------------------------------------------
# Copy the built library files to application directory
#-------------------------------------------------------------------------------
WORKDIR /opt/app
COPY ./app .
RUN mkdir lib && \
cp -r ${CURL_INSTALL_DIR}/lib/libcurl.so* lib && \
cp -r ${OPENSSL_BUILD_DIR}/libssl.so* lib && \
cp -r ${OPENSSL_BUILD_DIR}/libcrypto.so* lib
#-------------------------------------------------------------------------------
# Get CA certificate for the web server we want to transfer data from
#-------------------------------------------------------------------------------
# Use the 'openssl' tool from the Ubuntu container to get a CA certificate from
# the web server of interest. Why not use the compiled 'openssl' binary to do
# this? It's cross compiled and will not run on a standard desktop.
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# APP_PROXY_SETTING need to be split
# hadolint ignore=SC2086
RUN APP_PROXY_SETTING= ; \
[ -z "$APP_PROXY" ] || APP_PROXY_SETTING="-proxy $APP_PROXY" ; \
echo quit | openssl s_client \
-showcerts \
-servername www.example.com \
-connect www.example.com:443 \
$APP_PROXY_SETTING \
> ${PEM_CERT_FILE}
#-------------------------------------------------------------------------------
# Finally build the ACAP application
#-------------------------------------------------------------------------------
RUN . /opt/axis/acapsdk/environment-setup* && \
acap-build . -a ${PEM_CERT_FILE}
