Merge pull request #106 from gardenlinux/fix/aws-kms-pkcs11

fix: use patched version of aws-kms-pkcs11 module to restore support with libp11-0.4.13
gardenlinux · Jan 16, 2025 · 9e4906f · 9e4906f
2 parents 7ceaff3 + 5395b2b
commit 9e4906f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -7,7 +7,7 @@ FROM debian:testing AS aws-kms-pkcs11
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends build-essential awscli ca-certificates cmake git libcurl4-openssl-dev libengine-pkcs11-openssl libjson-c-dev libssl-dev libp11-kit-dev libp11-dev pkg-config zlib1g-dev
 RUN git clone --depth=1 --recurse-submodules -b 1.11.315 https://github.com/aws/aws-sdk-cpp
 RUN mkdir aws-sdk-cpp/.build && cd aws-sdk-cpp/.build && cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DAWS_USE_CRYPTO_SHARED_LIBS=ON -DBUILD_ONLY="kms;acm-pca" -DAUTORUN_UNIT_TESTS=OFF .. && make -j "$(nproc)" install
-RUN git clone --depth=1 -b v0.0.10 https://github.com/gardenlinux/aws-kms-pkcs11
+RUN git clone --depth=1 -b fix/libp11-0.4.13 https://github.com/gardenlinux/aws-kms-pkcs11
 RUN cd aws-kms-pkcs11 && make -j "$(nproc)" AWS_SDK_STATIC=y install
 RUN cp "/usr/lib/$(uname -m)-linux-gnu/pkcs11/aws_kms_pkcs11.so" /aws_kms_pkcs11.so
 
@@ -21,17 +21,13 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-ins
 RUN git clone https://github.com/gardenlinux/resizefat32
 RUN make -C resizefat32 install
 
-FROM ghcr.io/gardenlinux/repo-debian-snapshot:1735677232
+FROM debian:testing
 
 LABEL org.opencontainers.image.source="https://github.com/gardenlinux/builder"
 LABEL org.opencontainers.image.description="Builder for Garden Linux"
 
 COPY pkg.list /pkg.list
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $(cat /pkg.list) && rm /pkg.list
-RUN cd /tmp \
-&& curl -sSL "https://github.com/gardenlinux/package-openssl/releases/download/3.1.4-2gardenlinux0/openssl_3.1.4-2gardenlinux0_$(dpkg --print-architecture).deb" > openssl.deb \
-&& dpkg -i openssl.deb \
-&& rm openssl.deb
 COPY --from=mv_data /usr/bin/mv_data /usr/bin/mv_data
 COPY --from=aws-kms-pkcs11 /aws_kms_pkcs11.so /aws_kms_pkcs11.so
 COPY --from=datefudge /usr/lib/datefudge/datefudge.so /usr/lib/datefudge/datefudge.so

diff --git a/pkg.list b/pkg.list
@@ -18,6 +18,7 @@ libjson-c5
 make
 mmdebstrap
 mtools
+openssl
 ostree
 ostree-boot
 python3
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,6 +18,7 @@ libjson-c5 @@
     make
     mmdebstrap
     mtools
+    openssl
     ostree
     ostree-boot
     python3
@@ Expand Down @@