xZero707/dockerfiles
1
0
Fork 0
mirror of https://github.com/jessfraz/dockerfiles.git synced 2024-11-27 04:16:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

updates

Browse Source 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
Jessica Frazelle 2015-11-23 13:05:19 -08:00
parent 4332fda3a8
commit e256239308
No known key found for this signature in database
GPG Key ID: 18F3685C0022BFF3
9 changed files with 42 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
chrome/beta/Dockerfile
View File

@ -11,6 +11,7 @@ RUN mkdir -p /usr/share/icons/hicolor && \
apt-get update && apt-get install -y \ apt-get update && apt-get install -y \
ca-certificates \ ca-certificates \
fonts-liberation \ fonts-liberation \
fonts-symbola \
gconf-service \ gconf-service \
hicolor-icon-theme \ hicolor-icon-theme \
libappindicator1 \ libappindicator1 \

57
chrome/old/Dockerfile
View File

@ -1,57 +0,0 @@
# Run Chrome in a container
#
# docker run -it \
# --net host \ # may as well YOLO
# --cpuset-cpus 0 \ # control the cpu
# --memory 512mb \ # max memory it can use
# -v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
# -e DISPLAY=unix$DISPLAY \
# -v $HOME/Downloads:/root/Downloads \
# -v $HOME/.config/google-chrome/:/data \ # if you want to save state
# --device /dev/snd \ # so we have sound
# -v /dev/shm:/dev/shm \
# --name chrome \
# jess/chrome
#
# Base docker image
FROM debian:sid
MAINTAINER Jessica Frazelle <jess@docker.com>
ADD https://dl.google.com/linux/direct/google-talkplugin_current_amd64.deb /src/google-talkplugin_current_amd64.deb
ADD https://jesss.s3.amazonaws.com/debs/google-chrome-stable_42.0.2311.152-1_amd64.deb /src/google-chrome-stable_current_amd64.deb
# Install Chromium
RUN mkdir -p /usr/share/icons/hicolor && \
apt-get update && apt-get install -y \
ca-certificates \
gconf-service \
hicolor-icon-theme \
libappindicator1 \
libasound2 \
libcanberra-gtk-module \
libcurl3 \
libexif-dev \
libgconf-2-4 \
libgl1-mesa-dri \
libgl1-mesa-glx \
libnspr4 \
libnss3 \
libpango1.0-0 \
libv4l-0 \
libxss1 \
libxtst6 \
wget \
xdg-utils \
--no-install-recommends && \
dpkg -i '/src/google-chrome-stable_current_amd64.deb' && \
dpkg -i '/src/google-talkplugin_current_amd64.deb' \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /src/*.deb
COPY local.conf /etc/fonts/local.conf
# Autorun chrome
ENTRYPOINT [ "/usr/bin/google-chrome" ]
CMD [ "--user-data-dir=/data" ]

29
chrome/old/local.conf
View File

@ -1,29 +0,0 @@
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<match target="font">
<edit mode="assign" name="rgba">
<const>rgb</const>
</edit>
</match>
<match target="font">
<edit mode="assign" name="hinting">
<bool>true</bool>
</edit>
</match>
<match target="font">
<edit mode="assign" name="hintstyle">
<const>hintslight</const>
</edit>
</match>
<match target="font">
<edit mode="assign" name="antialias">
<bool>true</bool>
</edit>
</match>
<match target="font">
<edit mode="assign" name="lcdfilter">
<const>lcddefault</const>
</edit>
</match>
</fontconfig>

1
chrome/stable/Dockerfile
View File

@ -27,6 +27,7 @@ RUN mkdir -p /usr/share/icons/hicolor && \
apt-get update && apt-get install -y \ apt-get update && apt-get install -y \
ca-certificates \ ca-certificates \
fonts-liberation \ fonts-liberation \
fonts-symbola \
gconf-service \ gconf-service \
hicolor-icon-theme \ hicolor-icon-theme \
libappindicator1 \ libappindicator1 \

30
wireshark/Dockerfile Normal file
View File

@ -0,0 +1,30 @@
# Run wireshark in a container
#
# docker run -d \
# -v /etc/localtime:/etc/localtime:ro \
# -v /tmp/.X11-unix:/tmp/.X11-unix \
# -e DISPLAY=unix$DISPLAY \
# --name wireshark \
# jess/wireshark
#
FROM ubuntu:14.04
MAINTAINER Jessie Frazelle <jess@linux.com>
RUN apt-get update && apt-get install -y \
software-properties-common \
--no-install-recommends && \
add-apt-repository ppa:wireshark-dev/stable && \
apt-get update && \
apt-get install -y \
wireshark \
&& rm -rf /var/lib/apt/lists/*
ENV HOME /home/wireshark
RUN useradd --create-home --home-dir $HOME wireshark \
&& chown -R wireshark:wireshark $HOME
USER wireshark
WORKDIR wireshark
ENTRYPOINT [ "wireshark" ]

27
ykpersonalize/Dockerfile
View File

@ -10,6 +10,10 @@ FROM debian:sid
MAINTAINER Jessica Frazelle <jess@docker.com> MAINTAINER Jessica Frazelle <jess@docker.com>
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
software-properties-common \
--no-install-recommends && \
add-apt-repository ppa:yubico/stable && \
apt-get update && apt-get install -y \
ca-certificates \ ca-certificates \
curl \ curl \
libjson0 \ libjson0 \
@ -17,31 +21,10 @@ RUN apt-get update && apt-get install -y \
libyubikey0 \ libyubikey0 \
pcscd \ pcscd \
usbutils \ usbutils \
yubikey-personalization \
yubico-piv-tool \ yubico-piv-tool \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
ENV YKPERS_VERSION 1.6.1
RUN buildDeps=' \
build-essential \
libjson0-dev \
libusb-1.0-0-dev \
libyubikey-dev \
pkg-config \
' \
&& set -x \
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
&& curl -sSL "https://yubico.github.io/yubikey-personalization/releases/ykpers-${YKPERS_VERSION}.tar.gz" -o /tmp/ykpersonalize.tar.gz \
&& mkdir -p /usr/src/ykpersonalize \
&& tar -xzf /tmp/ykpersonalize.tar.gz -C /usr/src/ykpersonalize --strip-components 1 \
&& cd /usr/src/ykpersonalize \
&& ./configure \
&& make check install \
&& rm -rf /tmp/ykpersonalize* \
&& rm -rf /usr/src/ykpersonalize \
&& apt-get purge -y --auto-remove $buildDeps
WORKDIR /root/ WORKDIR /root/
COPY entrypoint.sh /usr/local/bin/ COPY entrypoint.sh /usr/local/bin/

6
yubico-piv-tool/Dockerfile
View File

@ -6,10 +6,14 @@
# --name yubico-piv-tool \ # --name yubico-piv-tool \
# jess/yubico-piv-tool # jess/yubico-piv-tool
# #
FROM debian:sid FROM ubuntu:14.04
MAINTAINER Jessica Frazelle <jess@docker.com> MAINTAINER Jessica Frazelle <jess@docker.com>
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
software-properties-common \
--no-install-recommends && \
add-apt-repository ppa:yubico/stable && \
apt-get update && apt-get install -y \
pcscd \ pcscd \
usbutils \ usbutils \
yubico-piv-tool \ yubico-piv-tool \

78
yubikey/Dockerfile
View File

@ -1,78 +0,0 @@
# Usage:
#
# docker build --rm --force-rm -t jess/yubikey .
#
# docker run --rm -it --device /dev/usb \
# --device /dev/bus/usb \
# jess/yubikey
#
FROM debian:sid
MAINTAINER Jessica Frazelle <jess@docker.com>
RUN apt-get update && apt-get install -y \
ca-certificates \
curl \
opensc \
opensc-pkcs11 \
openssl \
usbutils \
--no-install-recommends \
&& rm -rf /var/lib/apt/lists/*
ENV CCID_VERSION 1.4.21
ENV PCSC_LITE_VERSION 1.8.14
ENV YUBIKEY_PIV_TOOL_VERSION 1.1.0
RUN buildDeps=' \
autoconf \
bzip2 \
clang \
file \
libssl-dev \
libusb-1.0-0-dev \
make \
pkg-config \
' \
&& set -x \
&& gpg --keyserver pgp.mit.edu --recv-key E8F9C57E \
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
&& curl -sSL "https://alioth.debian.org/frs/download.php/file/4138/pcsc-lite-${PCSC_LITE_VERSION}.tar.bz2" -o /tmp/pcsc-lite.tar.bz2 \
&& curl -sSL "https://alioth.debian.org/frs/download.php/file/4139/pcsc-lite-${PCSC_LITE_VERSION}.tar.bz2.asc" -o /tmp/pcsc-lite.tar.bz2.asc \
&& gpg --verify /tmp/pcsc-lite.tar.bz2.asc \
&& mkdir -p /usr/src/pcsc-lite \
&& tar -xjf /tmp/pcsc-lite.tar.bz2 -C /usr/src/pcsc-lite --strip-components 1 \
&& rm /tmp/pcsc-lite.tar.bz2* \
&& cd /usr/src/pcsc-lite \
&& ./configure --prefix="/usr" \
--enable-libusb \
--disable-libudev \
&& make \
&& make install \
&& cd /usr/src && rm -rf /usr/src/pcsc-lite* \
&& curl -sSL "https://alioth.debian.org/frs/download.php/file/4140/ccid-${CCID_VERSION}.tar.bz2" -o /tmp/ccid.tar.bz2 \
&& curl -sSL "https://alioth.debian.org/frs/download.php/file/4141/ccid-${CCID_VERSION}.tar.bz2.asc" -o /tmp/ccid.tar.bz2.asc \
&& gpg --verify /tmp/ccid.tar.bz2.asc \
&& mkdir -p /usr/src/ccid \
&& ls /tmp/ \
&& tar -xjf /tmp/ccid.tar.bz2 -C /usr/src/ccid --strip-components 1 \
&& rm /tmp/ccid.tar.bz2* \
&& cd /usr/src/ccid \
&& ./configure --prefix="/usr" \
&& make \
&& make install \
&& cp src/92_pcscd_ccid.rules /etc/udev/rules.d/ \
&& cd /usr/src && rm -rf /usr/src/ccid* \
&& mkdir -p /usr/src/yubico-piv-tool \
&& curl -sSL "https://s3.j3ss.co/tmp/yubico-piv-tool-${YUBIKEY_PIV_TOOL_VERSION}.tar.gz" | tar -xz -C /usr/src/yubico-piv-tool --strip-components 1 \
&& cd /usr/src/yubico-piv-tool \
&& ./configure --prefix="/usr" \
&& make \
&& make install \
&& cd ~ && rm -rf /usr/src/yubico-piv-tool* \
&& apt-get purge -y --auto-remove $buildDeps
COPY testsign.sh /usr/local/bin/
COPY entrypoint.sh /usr/local/bin/
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["/usr/local/bin/testsign.sh"]

102
yubikey/testsign.sh
View File

@ -1,102 +0,0 @@
#!/bin/bash
set -e
pkcslib="/usr/lib/libykcs11.so"
#pkcslib="/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
init(){
local pcscd_running=$(ps -aux | grep [p]cscd)
if [ -z "$pcscd_running" ]; then
echo "starting pcscd in backgroud"
pcscd --debug --apdu
pcscd --hotplug
else
echo "pcscd is running in already: ${pcscd_running}"
fi
clean
}
clean(){
# Delete Slots
yubico-piv-tool -a delete -s 9a
yubico-piv-tool -a delete -s 9c
yubico-piv-tool -a delete -s 9d
yubico-piv-tool -a delete -s 9e
}
setup(){
cd $(mktemp -d)
# Create some data to sign
echo "Hello World!" > in.txt
}
9a1024sha1() {
(
setup
# Generate a key in slot 9a
pkcs11-tool --module $pkcslib -k --key-type rsa:1024 -l --login-type so --so-pin 010203040506070801020304050607080102030405060708 -d 0
# Extract the certificate with the public key
yubico-piv-tool -a read -s 9a > 9a.pem
# Extract the public key from the certificate
openssl x509 -pubkey -noout -in 9a.pem > pubkey9a.pem
# Sign the data using sha1WithRSA
pkcs11-tool --module $pkcslib -s -l -p 123456 -d 0 -m SHA1-RSA-PKCS -o sign9a.dat -i in.txt
# Verify the signature
openssl dgst -sha1 -verify pubkey9a.pem -signature sign9a.dat in.txt
)
}
9e2048sha256() {
(
setup
# Generate a key in slot 9e
pkcs11-tool --module $pkcslib -k --key-type rsa:2048 -l --login-type so --so-pin 010203040506070801020304050607080102030405060708 -d 1
# Extract the certificate with the public key
yubico-piv-tool -a read -s 9e > 9e.pem
# Extract the public key from the certificate
openssl x509 -pubkey -noout -in 9e.pem > pubkey9e.pem
# Sign the data using sha256WithRSA
pkcs11-tool --module $pkcslib -s -l -p 123456 -d 1 -m SHA256-RSA-PKCS -o sign9e.dat -i in.txt
# Verify the signature
openssl dgst -sha256 -verify pubkey9e.pem -signature sign9e.dat in.txt
)
}
9c256sha1() {
(
setup
# Generate a key in slot 9c
pkcs11-tool --module $pkcslib -k --key-type EC:prime256v1 -l --login-type so --so-pin 010203040506070801020304050607080102030405060708 -d 2
# Extract the certificate with the public key
yubico-piv-tool -a read -s 9c > 9c.pem
# Extract the public key from the certificate
openssl x509 -pubkey -noout -in 9c.pem > pubkey9c.pem
# Sign the data using sha256WithECDSA
pkcs11-tool --module $pkcslib -s -l -p 123456 -d 2 -m ECDSA-SHA1 -o sign9c.dat -i in.txt
# Verify the signature
openssl dgst -ecdsa-with-SHA1 -verify pubkey9c.pem -signature sign9c.dat in.txt
)
}
init
9a1024sha1
9e2048sha256
9c256sha1