forked from devgateway/docker-openssl-fips
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
51 lines (46 loc) · 1.28 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
FROM alpine:3.9 AS build
ARG OPENSSL_FIPS_VER=2.0.16
ARG OPENSSL_VER=1.0.2o
ARG OPENSSL_PGP_FINGERPRINT=D9C4D26D0E604491
WORKDIR /tmp/build
ADD openssl-fips-${OPENSSL_FIPS_VER}.tar.gz ./
RUN set -x; \
apk add --no-cache zlib \
&& apk add --no-cache --virtual .build-deps \
wget \
gcc \
gzip \
tar \
libc-dev \
ca-certificates \
perl \
make \
coreutils \
gnupg \
linux-headers \
zlib-dev \
&& wget --quiet https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \
&& wget --quiet https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc \
&& gpg --recv $OPENSSL_PGP_FINGERPRINT \
&& gpg --verify openssl-$OPENSSL_VER.tar.gz.asc \
&& tar -xzf openssl-$OPENSSL_VER.tar.gz \
&& cd openssl-fips-$OPENSSL_FIPS_VER \
&& ./config \
&& make \
&& make install \
&& cd .. \
&& cd openssl-$OPENSSL_VER \
&& perl ./Configure linux-x86_64 \
--prefix=/usr \
--libdir=lib \
--openssldir=/etc/ssl \
-DOPENSSL_NO_BUF_FREELISTS \
-Wa,--noexecstack \
fips shared zlib enable-ec_nistp_64_gcc_128 enable-ssl2 \
&& make \
&& make INSTALL_PREFIX=/tmp/root install_sw \
&& cd \
&& rm -rf /tmp/build /usr/local/ssl \
&& apk del .build-deps
FROM alpine:3.9
COPY --from=build /tmp/root /