Dockerfile raw
1 # Copyright 2020 The Go Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style
3 # license that can be found in the LICENSE file.
4
5 # Run this using build.sh.
6
7 ARG ubuntu=ubuntu
8 FROM $ubuntu:focal
9
10 RUN mkdir /boring
11 WORKDIR /boring
12
13 ENV LANG=C
14 ENV LANGUAGE=
15
16 # Following the Security Policy for FIPS 140 certificate #4735.
17 # https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4735.pdf
18 # This corresponds to boringssl.googlesource.com/boringssl tag fips-20220613.
19 RUN apt-get update && \
20 apt-get install --no-install-recommends -y xz-utils wget unzip ca-certificates python lsb-release software-properties-common gnupg make libssl-dev faketime
21
22 # Install Clang.
23 ENV ClangV=14
24 RUN \
25 wget https://apt.llvm.org/llvm.sh && \
26 chmod +x llvm.sh && \
27 ./llvm.sh $ClangV
28
29 # Download, validate, unpack, build, and install Ninja.
30 ENV NinjaV=1.10.2
31 ENV NinjaH=ce35865411f0490368a8fc383f29071de6690cbadc27704734978221f25e2bed
32 RUN \
33 wget https://github.com/ninja-build/ninja/archive/refs/tags/v$NinjaV.tar.gz && \
34 echo "$NinjaH v$NinjaV.tar.gz" >sha && sha256sum -c sha && \
35 tar -xzf v$NinjaV.tar.gz && \
36 rm v$NinjaV.tar.gz && \
37 cd ninja-$NinjaV && \
38 CC=clang-$ClangV CXX=clang++-$ClangV ./configure.py --bootstrap && \
39 mv ninja /usr/local/bin/
40
41 # Download, validate, unpack, build, and install Cmake.
42 ENV CmakeV=3.22.1
43 ENV CmakeH=0e998229549d7b3f368703d20e248e7ee1f853910d42704aa87918c213ea82c0
44 RUN \
45 wget https://github.com/Kitware/CMake/releases/download/v$CmakeV/cmake-$CmakeV.tar.gz && \
46 echo "$CmakeH cmake-$CmakeV.tar.gz" >sha && sha256sum -c sha && \
47 tar -xzf cmake-$CmakeV.tar.gz && \
48 rm cmake-$CmakeV.tar.gz && \
49 cd cmake-$CmakeV && \
50 CC=clang-$ClangV CXX=clang++-$ClangV ./bootstrap && \
51 make && make install
52
53 # Download, validate, unpack, and install Go.
54 ARG GOARCH
55 ENV GoV=1.18.1
56 ENV GoHamd64=b3b815f47ababac13810fc6021eb73d65478e0b2db4b09d348eefad9581a2334
57 ENV GoHarm64=56a91851c97fb4697077abbca38860f735c32b38993ff79b088dac46e4735633
58 RUN \
59 eval GoH=\${GoH$GOARCH} && \
60 wget https://golang.org/dl/go$GoV.linux-$GOARCH.tar.gz && \
61 echo "$GoH go$GoV.linux-$GOARCH.tar.gz" >sha && sha256sum -c sha && \
62 tar -C /usr/local -xzf go$GoV.linux-$GOARCH.tar.gz && \
63 rm go$GoV.linux-$GOARCH.tar.gz && \
64 ln -s /usr/local/go/bin/go /usr/local/bin/
65
66 # Download, validate, and unpack BoringCrypto.
67 ENV BoringV=0c6f40132b828e92ba365c6b7680e32820c63fa7
68 ENV BoringH=62f733289f2d677c2723f556aa58034c438f3a7bbca6c12b156538a88e38da8a
69 RUN \
70 wget https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl-$BoringV.tar.xz && \
71 echo "$BoringH boringssl-$BoringV.tar.xz" >sha && sha256sum -c sha && \
72 tar xJf boringssl-$BoringV.tar.xz
73
74 # Build BoringCrypto.
75 ADD build-boring.sh /boring/build-boring.sh
76 RUN /boring/build-boring.sh
77
78 # Build Go BoringCrypto syso.
79 # build.sh copies it back out of the Docker image.
80 ADD goboringcrypto.h /boring/godriver/goboringcrypto.h
81 ADD build-goboring.sh /boring/build-goboring.sh
82 RUN /boring/build-goboring.sh
83