Last active
August 31, 2024 04:05
-
-
Save h0tw1r3/e546142189eb4068c69589f46b0e5ec2 to your computer and use it in GitHub Desktop.
Revisions
-
h0tw1r3 renamed this gist
Aug 20, 2024 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Aug 20, 2024 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -40,7 +40,7 @@ RUN sed \ && echo -e "[algorithm_sect]\ndefault_properties = fips=yes" >> /etc/ssl/openssl.cnf RUN openssl fipsinstall -config /etc/ssl/openssl.cnf \ && openssl list -providers -provider fips FROM alpine:${BUILD_OS_TAG} as alpine -
Aug 20, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,49 @@ # syntax=docker/dockerfile:1.6 ARG BUILD_OS_TAG FROM alpine:${BUILD_OS_TAG} as build ARG BUILD_OS_TAG RUN apk add --no-cache alpine-sdk doas \ && echo 'permit nopass :wheel' >> /etc/doas.conf RUN adduser -D build \ && addgroup build abuild \ && addgroup build wheel USER build WORKDIR /home/build RUN git clone -n --depth=1 --filter=tree:0 https://gitlab.alpinelinux.org/alpine/aports --branch v${BUILD_OS_TAG} \ && cd aports \ && git sparse-checkout set --no-cone main/openssl \ && git checkout WORKDIR /home/build/aports/main/openssl RUN sed -i 's/^\(.*\)enable-ktls \(.*\)$/&\n\1enable-fips \2/' APKBUILD RUN abuild deps RUN abuild fetch RUN abuild unpack RUN abuild prepare RUN abuild build USER root RUN cd src/openssl-* \ && make install_sw install_ssldirs install_fips RUN sed \ -e 's@^# \(.include \)\(fipsmodule.cnf\)@\1 /etc/ssl/\2@' \ -e 's@^\[openssl_init\]@&\nalg_section = algorithm_sect@' \ -e 's@^# \(fips = fips_sect\)@\1@' \ -e 's@^# \(activate = 1\)@\1@' \ /etc/ssl/openssl.cnf.dist > /etc/ssl/openssl.cnf \ && echo -e "[algorithm_sect]\ndefault_properties = fips=yes" >> /etc/ssl/openssl.cnf RUN openssl fipsinstall -config /etc/ssl/openssl.cnf \ && openssl list -providers -provider fips && \ FROM alpine:${BUILD_OS_TAG} as alpine COPY --from=build /usr/lib/ossl-modules/fips.so /usr/lib/ossl-modules/fips.so COPY --from=build /etc/ssl/fipsmodule.cnf /etc/ssl/fipsmodule.cnf COPY --from=build /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf