linuxkit/pkg/tss/Dockerfile

FROM linuxkit/alpine:35b33c6b03c40e51046c3b053dd131a68a26c37a AS build

ENV TROUSERS_COMMIT 94144b0a1dcef6e31845d6c319e9bd7357208eb9
ENV TPM_TOOLS_COMMIT bf43837575c5f7d31865562dce7778eae970052e

RUN apk add --no-cache --initdb \
    automake \
    autoconf \
    gettext \
    gettext-dev \
    git \
    pkgconfig \
    libtool \
    libc-dev \
    linux-headers \
    gcc \
    make \
    patch \
    openssl-dev \
    util-linux \
    && true

RUN mkdir -p /usr/src
COPY src/glibc_stubs/ /usr/src/glibc_stubs
WORKDIR /usr/src/glibc_stubs
RUN make && make install

COPY src/patch/ /usr/src/patch

RUN git clone https://git.code.sf.net/p/trousers/trousers /usr/src/trousers-trousers && cd /usr/src/trousers-trousers && git checkout $TROUSERS_COMMIT
RUN git clone https://git.code.sf.net/p/trousers/tpm-tools /usr/src/trousers-tpm-tools && cd /usr/src/trousers-tpm-tools && git checkout $TPM_TOOLS_COMMIT
WORKDIR /usr/src/trousers-trousers
RUN sh bootstrap.sh && \
    ./configure --prefix=/ --sysconfdir=/etc LDFLAGS="-L/out/lib/ -lgetpwent_r" && \
    for patch in /usr/src/patch/*.patch; do patch -p1 < $patch; done && \ 
    make && \
    make install prefix=/out
WORKDIR /usr/src/trousers-tpm-tools

RUN sh bootstrap.sh && \
    ./configure --prefix=/out CFLAGS="-I/out/include" LDFLAGS="-L/out/lib/ -lgetpwent_r" && \
    make && \
    make install

COPY src/savedeps/ /usr/src/savedeps
RUN /usr/src/savedeps/savedeps.sh /out /out

RUN mkdir -p /out/var/lib/tpm

# we need busybox to run chmod, chown, touch, etc.
RUN mkdir -p /out/bin && cp /bin/busybox /out/bin/busybox && ln -s /bin/busybox /out/bin/sh



FROM scratch
WORKDIR /
COPY --from=build /out /
COPY etc/ /etc
# set up the appropriate groups and perms
RUN busybox chmod 0644 /etc/passwd /etc/group && \
    busybox chmod 0640 /etc/shadow && \
    busybox touch /etc/tcsd.conf && \
    busybox chmod 0600 /etc/tcsd.conf && \
    busybox chown -R tss /var/lib/tpm/ /etc/tcsd.conf && \
    busybox chgrp -R tss /var/lib/tpm/ /etc/tcsd.conf && \
    busybox rm /bin/busybox /bin/sh

CMD ["/sbin/tcsd","-f"]