From e2562393085b926327c5fc9c57c472a7f646d204 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Mon, 23 Nov 2015 13:05:19 -0800 Subject: [PATCH] updates Signed-off-by: Jessica Frazelle --- chrome/beta/Dockerfile | 1 + chrome/old/Dockerfile | 57 --------------------- chrome/old/local.conf | 29 ----------- chrome/stable/Dockerfile | 1 + wireshark/Dockerfile | 30 +++++++++++ ykpersonalize/Dockerfile | 27 ++-------- yubico-piv-tool/Dockerfile | 6 ++- yubikey/Dockerfile | 78 ---------------------------- yubikey/testsign.sh | 102 ------------------------------------- 9 files changed, 42 insertions(+), 289 deletions(-) delete mode 100644 chrome/old/Dockerfile delete mode 100644 chrome/old/local.conf create mode 100644 wireshark/Dockerfile delete mode 100644 yubikey/Dockerfile delete mode 100755 yubikey/testsign.sh diff --git a/chrome/beta/Dockerfile b/chrome/beta/Dockerfile index 3defe69..6b71ab4 100644 --- a/chrome/beta/Dockerfile +++ b/chrome/beta/Dockerfile @@ -11,6 +11,7 @@ RUN mkdir -p /usr/share/icons/hicolor && \ apt-get update && apt-get install -y \ ca-certificates \ fonts-liberation \ + fonts-symbola \ gconf-service \ hicolor-icon-theme \ libappindicator1 \ diff --git a/chrome/old/Dockerfile b/chrome/old/Dockerfile deleted file mode 100644 index e2c62e9..0000000 --- a/chrome/old/Dockerfile +++ /dev/null @@ -1,57 +0,0 @@ -# Run Chrome in a container -# -# docker run -it \ -# --net host \ # may as well YOLO -# --cpuset-cpus 0 \ # control the cpu -# --memory 512mb \ # max memory it can use -# -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket -# -e DISPLAY=unix$DISPLAY \ -# -v $HOME/Downloads:/root/Downloads \ -# -v $HOME/.config/google-chrome/:/data \ # if you want to save state -# --device /dev/snd \ # so we have sound -# -v /dev/shm:/dev/shm \ -# --name chrome \ -# jess/chrome -# - -# Base docker image -FROM debian:sid -MAINTAINER Jessica Frazelle - -ADD https://dl.google.com/linux/direct/google-talkplugin_current_amd64.deb /src/google-talkplugin_current_amd64.deb - -ADD https://jesss.s3.amazonaws.com/debs/google-chrome-stable_42.0.2311.152-1_amd64.deb /src/google-chrome-stable_current_amd64.deb - -# Install Chromium -RUN mkdir -p /usr/share/icons/hicolor && \ - apt-get update && apt-get install -y \ - ca-certificates \ - gconf-service \ - hicolor-icon-theme \ - libappindicator1 \ - libasound2 \ - libcanberra-gtk-module \ - libcurl3 \ - libexif-dev \ - libgconf-2-4 \ - libgl1-mesa-dri \ - libgl1-mesa-glx \ - libnspr4 \ - libnss3 \ - libpango1.0-0 \ - libv4l-0 \ - libxss1 \ - libxtst6 \ - wget \ - xdg-utils \ - --no-install-recommends && \ - dpkg -i '/src/google-chrome-stable_current_amd64.deb' && \ - dpkg -i '/src/google-talkplugin_current_amd64.deb' \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /src/*.deb - -COPY local.conf /etc/fonts/local.conf - -# Autorun chrome -ENTRYPOINT [ "/usr/bin/google-chrome" ] -CMD [ "--user-data-dir=/data" ] diff --git a/chrome/old/local.conf b/chrome/old/local.conf deleted file mode 100644 index 51dd0d3..0000000 --- a/chrome/old/local.conf +++ /dev/null @@ -1,29 +0,0 @@ - - - - - -rgb - - - - -true - - - - -hintslight - - - - -true - - - - -lcddefault - - - diff --git a/chrome/stable/Dockerfile b/chrome/stable/Dockerfile index beceb44..1aaa81f 100644 --- a/chrome/stable/Dockerfile +++ b/chrome/stable/Dockerfile @@ -27,6 +27,7 @@ RUN mkdir -p /usr/share/icons/hicolor && \ apt-get update && apt-get install -y \ ca-certificates \ fonts-liberation \ + fonts-symbola \ gconf-service \ hicolor-icon-theme \ libappindicator1 \ diff --git a/wireshark/Dockerfile b/wireshark/Dockerfile new file mode 100644 index 0000000..9f33c31 --- /dev/null +++ b/wireshark/Dockerfile @@ -0,0 +1,30 @@ +# Run wireshark in a container +# +# docker run -d \ +# -v /etc/localtime:/etc/localtime:ro \ +# -v /tmp/.X11-unix:/tmp/.X11-unix \ +# -e DISPLAY=unix$DISPLAY \ +# --name wireshark \ +# jess/wireshark +# +FROM ubuntu:14.04 +MAINTAINER Jessie Frazelle + +RUN apt-get update && apt-get install -y \ + software-properties-common \ + --no-install-recommends && \ + add-apt-repository ppa:wireshark-dev/stable && \ + apt-get update && \ + apt-get install -y \ + wireshark \ + && rm -rf /var/lib/apt/lists/* + +ENV HOME /home/wireshark +RUN useradd --create-home --home-dir $HOME wireshark \ + && chown -R wireshark:wireshark $HOME + +USER wireshark + +WORKDIR wireshark + +ENTRYPOINT [ "wireshark" ] diff --git a/ykpersonalize/Dockerfile b/ykpersonalize/Dockerfile index 6291d42..2d048ac 100644 --- a/ykpersonalize/Dockerfile +++ b/ykpersonalize/Dockerfile @@ -10,6 +10,10 @@ FROM debian:sid MAINTAINER Jessica Frazelle RUN apt-get update && apt-get install -y \ + software-properties-common \ + --no-install-recommends && \ + add-apt-repository ppa:yubico/stable && \ + apt-get update && apt-get install -y \ ca-certificates \ curl \ libjson0 \ @@ -17,31 +21,10 @@ RUN apt-get update && apt-get install -y \ libyubikey0 \ pcscd \ usbutils \ + yubikey-personalization \ yubico-piv-tool \ && rm -rf /var/lib/apt/lists/* -ENV YKPERS_VERSION 1.6.1 - -RUN buildDeps=' \ - build-essential \ - libjson0-dev \ - libusb-1.0-0-dev \ - libyubikey-dev \ - pkg-config \ - ' \ - && set -x \ - && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && curl -sSL "https://yubico.github.io/yubikey-personalization/releases/ykpers-${YKPERS_VERSION}.tar.gz" -o /tmp/ykpersonalize.tar.gz \ - && mkdir -p /usr/src/ykpersonalize \ - && tar -xzf /tmp/ykpersonalize.tar.gz -C /usr/src/ykpersonalize --strip-components 1 \ - && cd /usr/src/ykpersonalize \ - && ./configure \ - && make check install \ - && rm -rf /tmp/ykpersonalize* \ - && rm -rf /usr/src/ykpersonalize \ - && apt-get purge -y --auto-remove $buildDeps - WORKDIR /root/ COPY entrypoint.sh /usr/local/bin/ diff --git a/yubico-piv-tool/Dockerfile b/yubico-piv-tool/Dockerfile index d07fcf3..42632ba 100644 --- a/yubico-piv-tool/Dockerfile +++ b/yubico-piv-tool/Dockerfile @@ -6,10 +6,14 @@ # --name yubico-piv-tool \ # jess/yubico-piv-tool # -FROM debian:sid +FROM ubuntu:14.04 MAINTAINER Jessica Frazelle RUN apt-get update && apt-get install -y \ + software-properties-common \ + --no-install-recommends && \ + add-apt-repository ppa:yubico/stable && \ + apt-get update && apt-get install -y \ pcscd \ usbutils \ yubico-piv-tool \ diff --git a/yubikey/Dockerfile b/yubikey/Dockerfile deleted file mode 100644 index 5c50c17..0000000 --- a/yubikey/Dockerfile +++ /dev/null @@ -1,78 +0,0 @@ -# Usage: -# -# docker build --rm --force-rm -t jess/yubikey . -# -# docker run --rm -it --device /dev/usb \ -# --device /dev/bus/usb \ -# jess/yubikey -# -FROM debian:sid -MAINTAINER Jessica Frazelle - -RUN apt-get update && apt-get install -y \ - ca-certificates \ - curl \ - opensc \ - opensc-pkcs11 \ - openssl \ - usbutils \ - --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* - -ENV CCID_VERSION 1.4.21 -ENV PCSC_LITE_VERSION 1.8.14 -ENV YUBIKEY_PIV_TOOL_VERSION 1.1.0 -RUN buildDeps=' \ - autoconf \ - bzip2 \ - clang \ - file \ - libssl-dev \ - libusb-1.0-0-dev \ - make \ - pkg-config \ - ' \ - && set -x \ - && gpg --keyserver pgp.mit.edu --recv-key E8F9C57E \ - && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && curl -sSL "https://alioth.debian.org/frs/download.php/file/4138/pcsc-lite-${PCSC_LITE_VERSION}.tar.bz2" -o /tmp/pcsc-lite.tar.bz2 \ - && curl -sSL "https://alioth.debian.org/frs/download.php/file/4139/pcsc-lite-${PCSC_LITE_VERSION}.tar.bz2.asc" -o /tmp/pcsc-lite.tar.bz2.asc \ - && gpg --verify /tmp/pcsc-lite.tar.bz2.asc \ - && mkdir -p /usr/src/pcsc-lite \ - && tar -xjf /tmp/pcsc-lite.tar.bz2 -C /usr/src/pcsc-lite --strip-components 1 \ - && rm /tmp/pcsc-lite.tar.bz2* \ - && cd /usr/src/pcsc-lite \ - && ./configure --prefix="/usr" \ - --enable-libusb \ - --disable-libudev \ - && make \ - && make install \ - && cd /usr/src && rm -rf /usr/src/pcsc-lite* \ - && curl -sSL "https://alioth.debian.org/frs/download.php/file/4140/ccid-${CCID_VERSION}.tar.bz2" -o /tmp/ccid.tar.bz2 \ - && curl -sSL "https://alioth.debian.org/frs/download.php/file/4141/ccid-${CCID_VERSION}.tar.bz2.asc" -o /tmp/ccid.tar.bz2.asc \ - && gpg --verify /tmp/ccid.tar.bz2.asc \ - && mkdir -p /usr/src/ccid \ - && ls /tmp/ \ - && tar -xjf /tmp/ccid.tar.bz2 -C /usr/src/ccid --strip-components 1 \ - && rm /tmp/ccid.tar.bz2* \ - && cd /usr/src/ccid \ - && ./configure --prefix="/usr" \ - && make \ - && make install \ - && cp src/92_pcscd_ccid.rules /etc/udev/rules.d/ \ - && cd /usr/src && rm -rf /usr/src/ccid* \ - && mkdir -p /usr/src/yubico-piv-tool \ - && curl -sSL "https://s3.j3ss.co/tmp/yubico-piv-tool-${YUBIKEY_PIV_TOOL_VERSION}.tar.gz" | tar -xz -C /usr/src/yubico-piv-tool --strip-components 1 \ - && cd /usr/src/yubico-piv-tool \ - && ./configure --prefix="/usr" \ - && make \ - && make install \ - && cd ~ && rm -rf /usr/src/yubico-piv-tool* \ - && apt-get purge -y --auto-remove $buildDeps - -COPY testsign.sh /usr/local/bin/ -COPY entrypoint.sh /usr/local/bin/ - -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] -CMD ["/usr/local/bin/testsign.sh"] diff --git a/yubikey/testsign.sh b/yubikey/testsign.sh deleted file mode 100755 index c103b69..0000000 --- a/yubikey/testsign.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/bash -set -e - -pkcslib="/usr/lib/libykcs11.so" -#pkcslib="/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" - -init(){ - local pcscd_running=$(ps -aux | grep [p]cscd) - if [ -z "$pcscd_running" ]; then - echo "starting pcscd in backgroud" - pcscd --debug --apdu - pcscd --hotplug - else - echo "pcscd is running in already: ${pcscd_running}" - fi - - clean -} - -clean(){ - # Delete Slots - yubico-piv-tool -a delete -s 9a - yubico-piv-tool -a delete -s 9c - yubico-piv-tool -a delete -s 9d - yubico-piv-tool -a delete -s 9e -} - -setup(){ - cd $(mktemp -d) - - # Create some data to sign - echo "Hello World!" > in.txt -} - -9a1024sha1() { - ( - setup - - # Generate a key in slot 9a - pkcs11-tool --module $pkcslib -k --key-type rsa:1024 -l --login-type so --so-pin 010203040506070801020304050607080102030405060708 -d 0 - - # Extract the certificate with the public key - yubico-piv-tool -a read -s 9a > 9a.pem - - # Extract the public key from the certificate - openssl x509 -pubkey -noout -in 9a.pem > pubkey9a.pem - - # Sign the data using sha1WithRSA - pkcs11-tool --module $pkcslib -s -l -p 123456 -d 0 -m SHA1-RSA-PKCS -o sign9a.dat -i in.txt - - # Verify the signature - openssl dgst -sha1 -verify pubkey9a.pem -signature sign9a.dat in.txt - ) -} - -9e2048sha256() { - ( - setup - - # Generate a key in slot 9e - pkcs11-tool --module $pkcslib -k --key-type rsa:2048 -l --login-type so --so-pin 010203040506070801020304050607080102030405060708 -d 1 - - # Extract the certificate with the public key - yubico-piv-tool -a read -s 9e > 9e.pem - - # Extract the public key from the certificate - openssl x509 -pubkey -noout -in 9e.pem > pubkey9e.pem - - # Sign the data using sha256WithRSA - pkcs11-tool --module $pkcslib -s -l -p 123456 -d 1 -m SHA256-RSA-PKCS -o sign9e.dat -i in.txt - - # Verify the signature - openssl dgst -sha256 -verify pubkey9e.pem -signature sign9e.dat in.txt - ) -} - -9c256sha1() { - ( - setup - - # Generate a key in slot 9c - pkcs11-tool --module $pkcslib -k --key-type EC:prime256v1 -l --login-type so --so-pin 010203040506070801020304050607080102030405060708 -d 2 - - # Extract the certificate with the public key - yubico-piv-tool -a read -s 9c > 9c.pem - - # Extract the public key from the certificate - openssl x509 -pubkey -noout -in 9c.pem > pubkey9c.pem - - # Sign the data using sha256WithECDSA - pkcs11-tool --module $pkcslib -s -l -p 123456 -d 2 -m ECDSA-SHA1 -o sign9c.dat -i in.txt - - # Verify the signature - openssl dgst -ecdsa-with-SHA1 -verify pubkey9c.pem -signature sign9c.dat in.txt - ) -} - -init - -9a1024sha1 -9e2048sha256 -9c256sha1