|
| 1 | +# wolfProvider test-deps container. |
| 2 | +# |
| 3 | +# Bakes in the union of apt packages every PR workflow used to install at |
| 4 | +# job time. Goal: zero `apt-get update` calls during PR CI. Built and |
| 5 | +# pushed to ghcr.io/wolfssl/wolfprovider-test-deps:bookworm by the |
| 6 | +# publish-test-deps-image.yml workflow. |
| 7 | + |
| 8 | +FROM debian:bookworm-slim |
| 9 | + |
| 10 | +ENV DEBIAN_FRONTEND=noninteractive |
| 11 | +ENV PERL_MM_USE_DEFAULT=1 |
| 12 | + |
| 13 | +# One apt-get update + one apt-get install. Anything you add here ships |
| 14 | +# in the image; do not add per-workflow installs. |
| 15 | +RUN apt-get update \ |
| 16 | + && apt-get install -y --no-install-recommends \ |
| 17 | + # core build toolchain |
| 18 | + build-essential gcc g++ make m4 gettext \ |
| 19 | + autoconf automake autoconf-archive autopoint autotools-dev \ |
| 20 | + libtool libtool-bin pkg-config pkgconf \ |
| 21 | + cmake meson ninja-build bison flex gperf gengetopt help2man \ |
| 22 | + clang clang-tools cppcheck libc++-dev \ |
| 23 | + # vcs, transport, compression, scripting |
| 24 | + git git-all curl wget ca-certificates patch xxd dpkg-dev \ |
| 25 | + gawk perl python3 python3-pip python3-venv python3-wheel \ |
| 26 | + python3-setuptools python3-yaml python3-jinja2 python3-six \ |
| 27 | + python3-pytest python3-dnspython python3-hypothesis \ |
| 28 | + python3-impacket python3-cryptography python3-pycryptodome \ |
| 29 | + python3-cmarkgfm python3-docutils python-dev-is-python3 \ |
| 30 | + cpanminus \ |
| 31 | + # editors, debug, system bits |
| 32 | + valgrind vim vim-common groff sudo procps psmisc bc less \ |
| 33 | + bsdextrautils util-linux kmod systemd cryptsetup-bin \ |
| 34 | + ca-certificates dbus \ |
| 35 | + # networking, ssh, vnc, sniffers |
| 36 | + net-tools netcat-openbsd iproute2 iw bridge-utils \ |
| 37 | + openssh-client openssh-server expect \ |
| 38 | + tigervnc-viewer xvfb \ |
| 39 | + wireless-regdb wireless-tools \ |
| 40 | + # zlib / xz / lzma / bz2 / lzo / lz4 / zstd |
| 41 | + zlib1g zlib1g-dev liblzma-dev libbz2-dev liblzo2-dev \ |
| 42 | + liblz4-dev libzstd-dev libzstd1 \ |
| 43 | + # crypto / TLS adjacents. libssl3/libssl-dev are the *stock* Debian |
| 44 | + # versions; replace-default mode dpkg-installs wolfprov-patched |
| 45 | + # debs on top (and apt-marks them held) at job time. |
| 46 | + openssl libssl-dev libssl3 \ |
| 47 | + libgcrypt20-dev libgpg-error-dev \ |
| 48 | + libgnutls28-dev gnutls-bin \ |
| 49 | + libp11-dev libp11-kit-dev libargon2-dev libcbor-dev \ |
| 50 | + libcurl4-openssl-dev libidn2-dev libnghttp2-dev nghttp2 \ |
| 51 | + libpsl-dev libpsl5 \ |
| 52 | + libpcsclite-dev opensc pcsc-tools pcscd \ |
| 53 | + libtss2-dev tpm2-tools tpm2-abrmd swtpm softhsm2 \ |
| 54 | + libfido2-dev \ |
| 55 | + libsasl2-dev libldap2-dev libldb-dev libldb2 \ |
| 56 | + libpcre2-dev libpcre3-dev \ |
| 57 | + libreadline-dev libsqlite3-dev libpopt-dev libpcap-dev libpcap0.8 \ |
| 58 | + libseccomp-dev libwrap0-dev libudev-dev libdevmapper-dev libcap-dev \ |
| 59 | + libcap-ng-dev libcap2 libacl1-dev libattr1-dev libblkid-dev \ |
| 60 | + libmount-dev libdw-dev libdbus-1-dev libglib2.0-dev \ |
| 61 | + libgstreamer1.0-dev gstreamer1.0-plugins-base-apps \ |
| 62 | + libhiredis-dev libjansson-dev libjemalloc-dev libjson-c-dev \ |
| 63 | + libxml2-dev libcunit1-dev libcmocka-dev libpam0g-dev \ |
| 64 | + libpng-dev libjpeg-dev libusb-1.0-0-dev libuv1-dev libverto-dev \ |
| 65 | + libavahi-client-dev libavahi-compat-libdnssd-dev libmemcached-dev \ |
| 66 | + libutf8proc-dev libxxhash-dev libkeyutils-dev libcom-err2 \ |
| 67 | + libcjose-dev libeac-dev libefivar-dev libncurses5-dev \ |
| 68 | + libncursesw5-dev libiberty-dev libltdl-dev libltdl7 \ |
| 69 | + libperl-dev linux-libc-dev binutils-dev uuid-dev \ |
| 70 | + # X11 (x11vnc, qt5network5) |
| 71 | + libx11-dev libxdamage-dev libxext-dev libxfixes-dev libxi-dev \ |
| 72 | + libxinerama-dev libxrandr-dev libxss-dev libxtst-dev \ |
| 73 | + libxkbcommon-dev libvncserver-dev x11proto-core-dev \ |
| 74 | + # netlink (hostap) |
| 75 | + libnl-3-dev libnl-route-3-dev libnl-genl-3-dev libnl-genl-3-200 \ |
| 76 | + # krb5 build deps (e2fsprogs headers) |
| 77 | + comerr-dev ss-dev libss2 \ |
| 78 | + # sscep test |
| 79 | + scep \ |
| 80 | + # extras called out by specific workflows |
| 81 | + check apache2-dev acl attr fakeroot \ |
| 82 | + asciidoctor docbook-xsl pandoc xsltproc man2html \ |
| 83 | + memcached vsftpd pps-tools tshark \ |
| 84 | + && rm -rf /var/lib/apt/lists/* |
| 85 | + |
| 86 | +# Perl modules used by app test suites. Baked in so transient CPAN |
| 87 | +# flakes don't poison a PR run. |
| 88 | +RUN cpanm --notest \ |
| 89 | + Net::DNS \ |
| 90 | + Proc::Find Net::SSLeay IO::Socket::SSL \ |
| 91 | + && rm -rf /root/.cpanm |
| 92 | + |
| 93 | +# OpenSSL/wolfSSL come from .deb packages pulled at job time via ORAS. |
| 94 | +# We do NOT pre-install them here; the workflows do |
| 95 | +# dpkg -i $WOLFSSL_PACKAGES_PATH/libwolfssl_*.deb |
| 96 | +# and then apt-mark hold them to stop test-dep apt installs from |
| 97 | +# clobbering the wolfprov-patched libssl3. |
0 commit comments