From 6e393c989a861cac2dac359c8e6ba1d5fc952279 Mon Sep 17 00:00:00 2001 From: Dave Heller Date: Wed, 5 Apr 2017 15:32:14 -0400 Subject: libstb/create-container: Add full container build and sign with imprint keys This adds support for writing all the public key and signature fields to the container header, and for dumping the prefix and software headers so they may may be signed, and for signing those headers with the imprint keys. Signed-off-by: Dave Heller [stewart@linux.vnet.ibm.com: fixup warnings&build, include openssl-devel in CI dockerfiles] Signed-off-by: Stewart Smith --- Makefile.main | 4 +- libstb/Makefile.inc | 2 +- libstb/container.h | 8 + libstb/create-container.c | 381 ++++++++++++++++++++++++++++++++++++-- libstb/sign-with-local-keys.sh | 36 ++++ opal-ci/Dockerfile-centos6 | 2 +- opal-ci/Dockerfile-centos7 | 2 +- opal-ci/Dockerfile-fedora-rawhide | 2 +- opal-ci/Dockerfile-fedora24 | 2 +- opal-ci/Dockerfile-fedora25 | 2 +- opal-ci/Dockerfile-ubuntu-12.04 | 2 +- opal-ci/Dockerfile-ubuntu-16.04 | 2 +- opal-ci/Dockerfile-ubuntu-latest | 2 +- 13 files changed, 425 insertions(+), 22 deletions(-) create mode 100755 libstb/sign-with-local-keys.sh diff --git a/Makefile.main b/Makefile.main index 214ab48..5494131 100644 --- a/Makefile.main +++ b/Makefile.main @@ -210,10 +210,10 @@ $(TARGET).lid: $(TARGET).elf $(call Q,OBJCOPY, $(OBJCOPY) -O binary -S $^ $@, $@) $(TARGET).lid.stb: $(TARGET).lid libstb/create-container - $(call Q,STB-UNSIGNED-CONTAINER,./libstb/create-container $< $@,$@) + $(call Q,STB-UNSIGNED-CONTAINER,./libstb/create-container --payload $< --imagefile $@,$@) $(TARGET).lid.xz.stb: $(TARGET).lid.xz libstb/create-container - $(call Q,STB-UNSIGNED-CONTAINER,./libstb/create-container $< $@,$@) + $(call Q,STB-UNSIGNED-CONTAINER,./libstb/create-container --payload $< --imagefile $@,$@) $(TARGET).tmp.elf: $(ALL_OBJS_1) $(TARGET).lds $(KERNEL) $(call Q,LD, $(CC) $(LDFLAGS) -T $(TARGET).lds $(ALL_OBJS_1) -o $@, $@) diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc index 8eba009..64be4d6 100644 --- a/libstb/Makefile.inc +++ b/libstb/Makefile.inc @@ -15,7 +15,7 @@ $(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) libstb/create-container: libstb/create-container.c $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \ - -Wpadded -O0 -g -I$(SRC) -I$(SRC)/include -o $@ $<,$<) + -Wpadded -O0 -g -I$(SRC) -I$(SRC)/include -o $@ $< -lssl -lcrypto,$<) clean: create-container-clean diff --git a/libstb/container.h b/libstb/container.h index f8965d4..c125bc1 100644 --- a/libstb/container.h +++ b/libstb/container.h @@ -149,4 +149,12 @@ int parse_stb_container(const void* data, size_t len, struct parsed_stb_containe void stb_print_data(const void *data, size_t len); +void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *inFile); + +void getSigRaw(ecc_signature_t *sigraw, char *inFile); + +void writeHdr(void *ph, const char *outFile, int hdr_type); + +void printBytes(char *lead, unsigned char *buffer, size_t buflen, int wrap); + #endif /* __STB_CONTAINER_H */ diff --git a/libstb/create-container.c b/libstb/create-container.c index b7ec175..85e0e08 100644 --- a/libstb/create-container.c +++ b/libstb/create-container.c @@ -31,6 +31,220 @@ #include #include #include +#include + +#include +#include +#include +#include + +#define PREFIX_HDR 0 +#define SOFTWARE_HDR 1 + +char *progname; +int debug; + +void usage(int status); + +void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *inFile) +{ + EVP_PKEY* pkey; + EC_KEY *key; + const EC_GROUP *ecgrp; + const EC_POINT *ecpoint; + BIGNUM *pubkeyBN; + unsigned char pubkeyData[1 + 2*EC_COORDBYTES]; + + FILE *fp = fopen( inFile, "r"); + pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); + assert(pkey); + + key = EVP_PKEY_get1_EC_KEY(pkey); + assert(key); + ecgrp = EC_KEY_get0_group(key); + assert(ecgrp); + ecpoint = EC_KEY_get0_public_key(key); + assert(ecpoint); + pubkeyBN = EC_POINT_point2bn(ecgrp, ecpoint, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL); + BN_bn2bin(pubkeyBN, pubkeyData); + + if (debug) + printBytes((char *)"pubkey (RAW) = ", &pubkeyData[1], sizeof(pubkeyData) - 1, 32); + + memcpy(*pubkeyraw, &pubkeyData[1], sizeof(ecc_key_t)); + + EC_KEY_free(key); + EVP_PKEY_free(pkey); + fclose(fp); + + return; +} + +void getSigRaw(ecc_signature_t *sigraw, char *inFile) +{ + ECDSA_SIG* signature; + int fdin; + struct stat s; + void *infile; + unsigned char outbuf[2*EC_COORDBYTES]; + int r, rlen, roff, slen, soff; + + fdin = open(inFile, O_RDONLY); + assert(fdin > 0); + r = fstat(fdin, &s); + assert(r==0); + + infile = mmap(NULL, s.st_size, PROT_READ, MAP_PRIVATE, fdin, 0); + assert(infile); + + signature = d2i_ECDSA_SIG(NULL, (const unsigned char **) &infile, 7 + 2*EC_COORDBYTES); + + memset(&outbuf, 0, sizeof(outbuf)); + + rlen = BN_num_bytes(signature->r); + roff = 66 - rlen; + BN_bn2bin(signature->r, &outbuf[roff]); + + slen = BN_num_bytes(signature->s); + soff = 66 + (66 - slen); + BN_bn2bin(signature->s, &outbuf[soff]); + + if (debug) + printBytes((char *)"sig (RAW) = ", outbuf, sizeof(outbuf), 32); + + memcpy(*sigraw, outbuf, 2*EC_COORDBYTES); + + ECDSA_SIG_free(signature); + + return; +} + +void writeHdr(void *hdr, const char *outFile, int hdr_type) +{ + int fdout; + int r, hdr_sz; + const char *lead; + unsigned char md[SHA512_DIGEST_LENGTH]; + + fdout = open(outFile, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + assert(fdout > 0); + + switch (hdr_type) { + case PREFIX_HDR: + hdr_sz = sizeof(ROM_prefix_header_raw); + break; + case SOFTWARE_HDR: + hdr_sz = sizeof(ROM_sw_header_raw); + break; + } + + r = write(fdout, (const void *)hdr, hdr_sz); + assert(r > 0); + + if (debug) { + if (hdr_type == PREFIX_HDR) + lead = "PR hdr hash = "; + else + lead = "SW hdr hash = "; + + SHA512(hdr, r, md); + printBytes((char *)lead, md, sizeof(md), 32); + } + + close(fdout); + + return; +} + +void printBytes(char *lead, unsigned char *buffer, size_t buflen, int wrap) +{ + int i; + int leadbytes = strlen(lead); + leadbytes = leadbytes > 30 ? 30 : leadbytes; + + fprintf (stderr, "%s", lead); + for (i = 1; i < buflen + 1; i++) { + fprintf (stderr, "%02x", buffer[i - 1]); + if (((i % wrap) == 0) && (i < buflen)) + fprintf (stderr, "\n%*c", leadbytes, ' '); + } + fprintf (stderr, "\n"); +} + +__attribute__((__noreturn__)) void usage (int status) +{ + if (status != 0) { + fprintf(stderr, "Try '%s --help' for more information.\n", progname); + } + else { + printf("Usage: %s [options]\n", progname); + printf( + "\n" + "Options:\n" + " -d, --debug show additional debug info\n" + " -h, --help display this message and exit\n" + " -a, --hw_key_a file containing HW key A private key in PEM format\n" + " -b, --hw_key_b file containing HW key B private key in PEM format\n" + " -c, --hw_key_c file containing HW key C private key in PEM format\n" + " -p, --sw_key_p file containing SW key P private key in PEM format\n" + " -q, --sw_key_q file containing SW key Q private key in PEM format\n" + " -r, --sw_key_r file containing SW key R private key in PEM format\n" + " -A, --hw_sig_a file containing HW key A signature in DER format\n" + " -B, --hw_sig_b file containing HW key B signature in DER format\n" + " -C, --hw_sig_c file containing HW key C signature in DER format\n" + " -P, --sw_sig_p file containing SW key P signature in DER format\n" + " -Q, --sw_sig_q file containing SW key Q signature in DER format\n" + " -R, --sw_sig_r file containing SW key R signature in DER format\n" + " -L, --payload file containing the payload to be signed\n" + " -I, --imagefile file to write containerized payload (output)\n" + " --dumpPrefixHdr file to dump Prefix header blob (to be signed)\n" + " --dumpSwHdr file to dump Software header blob (to be signed)\n" + "\n"); + }; + exit(status); +} + +static struct option const opts[] = { + { "debug", no_argument, 0, 'd' }, + { "help", no_argument, 0, 'h' }, + { "hw_key_a", required_argument, 0, 'a' }, + { "hw_key_b", required_argument, 0, 'b' }, + { "hw_key_c", required_argument, 0, 'c' }, + { "sw_key_p", required_argument, 0, 'p' }, + { "sw_key_q", required_argument, 0, 'q' }, + { "sw_key_r", required_argument, 0, 'r' }, + { "hw_sig_a", required_argument, 0, 'A' }, + { "hw_sig_b", required_argument, 0, 'B' }, + { "hw_sig_c", required_argument, 0, 'C' }, + { "sw_sig_p", required_argument, 0, 'P' }, + { "sw_sig_q", required_argument, 0, 'Q' }, + { "sw_sig_r", required_argument, 0, 'R' }, + { "payload", required_argument, 0, 'L' }, + { "imagefile", required_argument, 0, 'I' }, + { "dumpPrefixHdr", required_argument, 0, 128 }, + { "dumpSwHdr", required_argument, 0, 129 }, + {NULL, 0, 0, 0} +}; + +static struct { + char *hw_keyfn_a; + char *hw_keyfn_b; + char *hw_keyfn_c; + char *sw_keyfn_p; + char *sw_keyfn_q; + char *sw_keyfn_r; + char *hw_sigfn_a; + char *hw_sigfn_b; + char *hw_sigfn_c; + char *sw_sigfn_p; + char *sw_sigfn_q; + char *sw_sigfn_r; + char *imagefn; + char *payloadfn; + char *prhdrfn; + char *swhdrfn; +} params; + int main(int argc, char* argv[]) { @@ -45,29 +259,119 @@ int main(int argc, char* argv[]) ROM_prefix_header_raw *ph; ROM_prefix_data_raw *pd; ROM_sw_header_raw *swh; + ROM_sw_sig_raw *ssig; + + unsigned char md[SHA512_DIGEST_LENGTH]; + void *p; + ecc_key_t pubkeyraw; + ecc_signature_t sigraw; + int indexptr; + + progname = strrchr (argv[0], '/'); + if (progname != NULL) + ++progname; + else + progname = argv[0]; memset(container, 0, SECURE_BOOT_HEADERS_SIZE); - if (argc<3) - return -1; + while (1) { + int opt; + opt = getopt_long(argc, argv, "a:b:c:p:q:r:A:B:C:P:Q:R:L:I:dh", opts, &indexptr); + if (opt == -1) + break; + + switch (opt) { + case 'h': + case '?': + usage(EX_OK); + break; + case 'd': + debug = 1; + break; + case 'a': + params.hw_keyfn_a = optarg; + break; + case 'b': + params.hw_keyfn_b = optarg; + break; + case 'c': + params.hw_keyfn_c = optarg; + break; + case 'p': + params.sw_keyfn_p = optarg; + break; + case 'q': + params.sw_keyfn_q = optarg; + break; + case 'r': + params.sw_keyfn_r = optarg; + break; + case 'A': + params.hw_sigfn_a = optarg; + break; + case 'B': + params.hw_sigfn_b = optarg; + break; + case 'C': + params.hw_sigfn_c = optarg; + break; + case 'P': + params.sw_sigfn_p = optarg; + break; + case 'Q': + params.sw_sigfn_q = optarg; + break; + case 'R': + params.sw_sigfn_r = optarg; + break; + case 'L': + params.payloadfn = optarg; + break; + case 'I': + params.imagefn = optarg; + break; + case 128: + params.prhdrfn = optarg; + break; + case 129: + params.swhdrfn = optarg; + break; + default: + usage(EX_USAGE); + } + } +// } - fdin = open(argv[1], O_RDONLY); + fdin = open(params.payloadfn, O_RDONLY); assert(fdin > 0); r = fstat(fdin, &s); assert(r==0); - infile = mmap(NULL, s.st_size, PROT_READ, 0, fdin, 0); + infile = mmap(NULL, s.st_size, PROT_READ, MAP_PRIVATE, fdin, 0); assert(infile); - fdout = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + fdout = open(params.imagefn, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); assert(fdout > 0); c->magic_number = cpu_to_be32(ROM_MAGIC_NUMBER); - c->version = 1; + c->version = cpu_to_be16(1); c->container_size = cpu_to_be64(SECURE_BOOT_HEADERS_SIZE + s.st_size); c->target_hrmor = 0; c->stack_pointer = 0; memset(c->hw_pkey_a, 0, sizeof(ecc_key_t)); memset(c->hw_pkey_b, 0, sizeof(ecc_key_t)); memset(c->hw_pkey_c, 0, sizeof(ecc_key_t)); + if (params.hw_keyfn_a) { + getPublicKeyRaw(&pubkeyraw, params.hw_keyfn_a); + memcpy(c->hw_pkey_a, pubkeyraw, sizeof(ecc_key_t)); + } + if (params.hw_keyfn_b) { + getPublicKeyRaw(&pubkeyraw, params.hw_keyfn_b); + memcpy(c->hw_pkey_b, pubkeyraw, sizeof(ecc_key_t)); + } + if (params.hw_keyfn_c) { + getPublicKeyRaw(&pubkeyraw, params.hw_keyfn_c); + memcpy(c->hw_pkey_c, pubkeyraw, sizeof(ecc_key_t)); + } ph = container + sizeof(ROM_container_raw); ph->ver_alg.version = cpu_to_be16(1); @@ -75,21 +379,53 @@ int main(int argc, char* argv[]) ph->ver_alg.sig_alg = 1; ph->code_start_offset = 0; ph->reserved = 0; - ph->flags = 0; - ph->sw_key_count = 1; // 1, not 0. Because Hostboot - memset(ph->payload_hash, 0, sizeof(sha2_hash_t)); // TODO + ph->flags = cpu_to_be32(0x80000000); + memset(ph->payload_hash, 0, sizeof(sha2_hash_t)); ph->ecid_count = 0; pd = (ROM_prefix_data_raw*)ph->ecid; memset(pd->hw_sig_a, 0, sizeof(ecc_signature_t)); memset(pd->hw_sig_b, 0, sizeof(ecc_signature_t)); memset(pd->hw_sig_c, 0, sizeof(ecc_signature_t)); + if (params.hw_sigfn_a) { + getSigRaw(&sigraw, params.hw_sigfn_a); + memcpy(pd->hw_sig_a, sigraw, sizeof(ecc_key_t)); + } + if (params.hw_sigfn_b) { + getSigRaw(&sigraw, params.hw_sigfn_b); + memcpy(pd->hw_sig_b, sigraw, sizeof(ecc_key_t)); + } + if (params.hw_sigfn_c) { + getSigRaw(&sigraw, params.hw_sigfn_c); + memcpy(pd->hw_sig_c, sigraw, sizeof(ecc_key_t)); + } memset(pd->sw_pkey_p, 0, sizeof(ecc_key_t)); memset(pd->sw_pkey_q, 0, sizeof(ecc_key_t)); memset(pd->sw_pkey_r, 0, sizeof(ecc_key_t)); - ph->payload_size = cpu_to_be64(sizeof(ecc_signature_t)*3 + ph->sw_key_count * sizeof(ecc_key_t)); + if (params.sw_keyfn_p) { + getPublicKeyRaw(&pubkeyraw, params.sw_keyfn_p); + memcpy(pd->sw_pkey_p, pubkeyraw, sizeof(ecc_key_t)); + ph->sw_key_count++; + } + if (params.sw_keyfn_q) { + getPublicKeyRaw(&pubkeyraw, params.sw_keyfn_q); + memcpy(pd->sw_pkey_q, pubkeyraw, sizeof(ecc_key_t)); + ph->sw_key_count++; + } + if (params.sw_keyfn_r) { + getPublicKeyRaw(&pubkeyraw, params.sw_keyfn_r); + memcpy(pd->sw_pkey_r, pubkeyraw, sizeof(ecc_key_t)); + ph->sw_key_count++; + } + ph->payload_size = cpu_to_be64(ph->sw_key_count * sizeof(ecc_key_t)); + p = SHA512(pd->sw_pkey_p, sizeof(ecc_key_t) * ph->sw_key_count, md); + assert(p); + memcpy(ph->payload_hash, md, sizeof(sha2_hash_t)); - swh = (ROM_sw_header_raw*)(((void*)pd) + be64_to_cpu(ph->payload_size)); + if (params.prhdrfn) + writeHdr((void *)ph, params.prhdrfn, PREFIX_HDR); + + swh = (ROM_sw_header_raw*)(((uint8_t*)pd) + sizeof(ecc_signature_t)*3 + be64_to_cpu(ph->payload_size)); swh->ver_alg.version = cpu_to_be16(1); swh->ver_alg.hash_alg = 1; swh->ver_alg.sig_alg = 1; @@ -98,6 +434,29 @@ int main(int argc, char* argv[]) swh->flags = 0; swh->reserved_0 = 0; swh->payload_size = cpu_to_be64(s.st_size); + p = SHA512(infile, s.st_size, md); + assert(p); + memcpy(swh->payload_hash, md, sizeof(sha2_hash_t)); + + if (params.swhdrfn) + writeHdr((void *)swh, params.swhdrfn, SOFTWARE_HDR); + + ssig = (ROM_sw_sig_raw*)(((uint8_t*)swh) + sizeof(ROM_sw_header_raw)); + memset(ssig->sw_sig_p, 0, sizeof(ecc_signature_t)); + memset(ssig->sw_sig_q, 0, sizeof(ecc_signature_t)); + memset(ssig->sw_sig_r, 0, sizeof(ecc_signature_t)); + if (params.sw_sigfn_p) { + getSigRaw(&sigraw, params.sw_sigfn_p); + memcpy(ssig->sw_sig_p, sigraw, sizeof(ecc_key_t)); + } + if (params.sw_sigfn_q) { + getSigRaw(&sigraw, params.sw_sigfn_q); + memcpy(ssig->sw_sig_q, sigraw, sizeof(ecc_key_t)); + } + if (params.sw_sigfn_r) { + getSigRaw(&sigraw, params.sw_sigfn_r); + memcpy(ssig->sw_sig_r, sigraw, sizeof(ecc_key_t)); + } r = write(fdout, container, SECURE_BOOT_HEADERS_SIZE); assert(r == 4096); diff --git a/libstb/sign-with-local-keys.sh b/libstb/sign-with-local-keys.sh new file mode 100755 index 0000000..d9fed37 --- /dev/null +++ b/libstb/sign-with-local-keys.sh @@ -0,0 +1,36 @@ +#!/bin/bash -x + +PAYLOAD=$1 +OUTPUT=$2 + +if [ ! -f $PAYLOAD ]; then + echo "Can't read PAYLOAD"; + exit 1; +fi + +KEYLOC="/tmp/keys" +T=`mktemp -d` + +# Build enough of the container to create the Prefix and Software headers. +./create-container -a $KEYLOC/hw_key_a.key -b $KEYLOC/hw_key_b.key -c $KEYLOC/hw_key_c.key \ + -p $KEYLOC/sw_key_a.key \ + --payload $PAYLOAD --imagefile $OUTPUT \ + --dumpPrefixHdr $T/prefix_hdr --dumpSwHdr $T/software_hdr + +# Sign the Prefix header. +openssl dgst -SHA512 -sign $KEYLOC/hw_key_a.key $T/prefix_hdr > $T/hw_key_a.sig +openssl dgst -SHA512 -sign $KEYLOC/hw_key_b.key $T/prefix_hdr > $T/hw_key_b.sig +openssl dgst -SHA512 -sign $KEYLOC/hw_key_c.key $T/prefix_hdr > $T/hw_key_c.sig + +# Sign the Software header. +# Only one SW key in Nick's repo, and it has a confusing name (should be "sw_key_p") +openssl dgst -SHA512 -sign $KEYLOC/sw_key_a.key $T/software_hdr > $T/sw_key_p.sig + +# Build the full container with signatures. +./create-container -a $KEYLOC/hw_key_a.key -b $KEYLOC/hw_key_b.key -c $KEYLOC/hw_key_c.key \ + -p $KEYLOC/sw_key_a.key \ + -A $T/hw_key_a.sig -B $T/hw_key_b.sig -C $T/hw_key_c.sig \ + -P $T/sw_key_p.sig \ + --payload $PAYLOAD --imagefile $OUTPUT + +rm -rf $T diff --git a/opal-ci/Dockerfile-centos6 b/opal-ci/Dockerfile-centos6 index 162b32b..3c88b27 100644 --- a/opal-ci/Dockerfile-centos6 +++ b/opal-ci/Dockerfile-centos6 @@ -1,6 +1,6 @@ FROM centos:6 RUN yum -y update && yum clean all -RUN yum -y install wget curl xterm gcc git xz ccache dtc +RUN yum -y install wget curl xterm gcc git xz ccache dtc openssl-devel RUN wget https://www.kernel.org/pub/tools/crosstool/files/bin/x86_64/4.8.0/x86_64-gcc-4.8.0-nolibc_powerpc64-linux.tar.xz RUN mkdir /opt/cross RUN tar -C /opt/cross -xf x86_64-gcc-4.8.0-nolibc_powerpc64-linux.tar.xz diff --git a/opal-ci/Dockerfile-centos7 b/opal-ci/Dockerfile-centos7 index 1708a74..d30d129 100644 --- a/opal-ci/Dockerfile-centos7 +++ b/opal-ci/Dockerfile-centos7 @@ -1,6 +1,6 @@ FROM centos:7 RUN yum -y update && yum clean all -RUN yum -y install wget curl xterm gcc git xz make diffutils findutils expect valgrind valgrind-devel ccache dtc +RUN yum -y install wget curl xterm gcc git xz make diffutils findutils expect valgrind valgrind-devel ccache dtc openssl-devel RUN wget https://www.kernel.org/pub/tools/crosstool/files/bin/x86_64/4.8.0/x86_64-gcc-4.8.0-nolibc_powerpc64-linux.tar.xz RUN mkdir /opt/cross RUN tar -C /opt/cross -xf x86_64-gcc-4.8.0-nolibc_powerpc64-linux.tar.xz diff --git a/opal-ci/Dockerfile-fedora-rawhide b/opal-ci/Dockerfile-fedora-rawhide index 443e409..f3e7acf 100644 --- a/opal-ci/Dockerfile-fedora-rawhide +++ b/opal-ci/Dockerfile-fedora-rawhide @@ -1,5 +1,5 @@ FROM fedora:rawhide -RUN dnf -y install wget curl xterm gcc git xz make diffutils findutils expect valgrind valgrind-devel ccache dtc +RUN dnf -y install wget curl xterm gcc git xz make diffutils findutils expect valgrind valgrind-devel ccache dtc openssl-devel RUN dnf -y install gcc-powerpc64-linux-gnu RUN dnf -y install http://public.dhe.ibm.com/software/server/powerfuncsim/p9/packages/v1.0-0/systemsim-p9-1.0-0.f22.x86_64.rpm COPY . /build/ diff --git a/opal-ci/Dockerfile-fedora24 b/opal-ci/Dockerfile-fedora24 index a120640..6ab99f6 100644 --- a/opal-ci/Dockerfile-fedora24 +++ b/opal-ci/Dockerfile-fedora24 @@ -1,5 +1,5 @@ FROM fedora:24 -RUN dnf -y install wget curl xterm gcc git xz make diffutils findutils expect valgrind valgrind-devel ccache dtc +RUN dnf -y install wget curl xterm gcc git xz make diffutils findutils expect valgrind valgrind-devel ccache dtc openssl-devel RUN dnf -y install gcc-powerpc64-linux-gnu RUN dnf -y install http://public.dhe.ibm.com/software/server/powerfuncsim/p9/packages/v1.0-0/systemsim-p9-1.0-0.f22.x86_64.rpm COPY . /build/ diff --git a/opal-ci/Dockerfile-fedora25 b/opal-ci/Dockerfile-fedora25 index dcc683f..39890b3 100644 --- a/opal-ci/Dockerfile-fedora25 +++ b/opal-ci/Dockerfile-fedora25 @@ -1,5 +1,5 @@ FROM fedora:25 -RUN dnf -y install wget curl xterm gcc git xz make diffutils findutils expect valgrind valgrind-devel ccache dtc +RUN dnf -y install wget curl xterm gcc git xz make diffutils findutils expect valgrind valgrind-devel ccache dtc openssl-devel RUN dnf -y install gcc-powerpc64-linux-gnu RUN dnf -y install http://public.dhe.ibm.com/software/server/powerfuncsim/p9/packages/v1.0-0/systemsim-p9-1.0-0.f22.x86_64.rpm COPY . /build/ diff --git a/opal-ci/Dockerfile-ubuntu-12.04 b/opal-ci/Dockerfile-ubuntu-12.04 index f38c482..02bac7c 100644 --- a/opal-ci/Dockerfile-ubuntu-12.04 +++ b/opal-ci/Dockerfile-ubuntu-12.04 @@ -3,7 +3,7 @@ RUN sudo apt-get update -qq RUN sudo apt-get install -y software-properties-common RUN sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test RUN sudo apt-get update -qq -RUN sudo apt-get install -y gcc-4.8 libstdc++6 valgrind expect xterm ccache expect device-tree-compiler +RUN sudo apt-get install -y gcc-4.8 libstdc++6 valgrind expect xterm ccache expect device-tree-compiler libssl-dev RUN sudo apt-get install -y gcc-arm-linux-gnueabi gcc-powerpc64le-linux-gnu gcc RUN sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.8 50 RUN sudo apt-get install -y wget curl diff --git a/opal-ci/Dockerfile-ubuntu-16.04 b/opal-ci/Dockerfile-ubuntu-16.04 index 11bd1ce..8617c55 100644 --- a/opal-ci/Dockerfile-ubuntu-16.04 +++ b/opal-ci/Dockerfile-ubuntu-16.04 @@ -1,6 +1,6 @@ FROM ubuntu:16.04 RUN apt-get update -qq -RUN apt-get install -y gcc-powerpc64le-linux-gnu gcc ccache expect +RUN apt-get install -y gcc-powerpc64le-linux-gnu gcc ccache expect libssl-dev RUN apt-get install -y wget curl xterm device-tree-compiler RUN apt-get install -y gcc-arm-linux-gnueabi RUN curl -O ftp://public.dhe.ibm.com/software/server/powerfuncsim/p8/packages/v1.0-2/systemsim-p8_1.0-2_amd64.deb diff --git a/opal-ci/Dockerfile-ubuntu-latest b/opal-ci/Dockerfile-ubuntu-latest index 2b9b038..3d113d7 100644 --- a/opal-ci/Dockerfile-ubuntu-latest +++ b/opal-ci/Dockerfile-ubuntu-latest @@ -1,6 +1,6 @@ FROM ubuntu:latest RUN apt-get update -qq -RUN apt-get install -y gcc-powerpc64le-linux-gnu gcc ccache expect +RUN apt-get install -y gcc-powerpc64le-linux-gnu gcc ccache expect libssl-dev RUN apt-get install -y wget xterm curl device-tree-compiler RUN apt-get install -y gcc-arm-linux-gnueabi RUN curl -O ftp://public.dhe.ibm.com/software/server/powerfuncsim/p8/packages/v1.0-2/systemsim-p8_1.0-2_amd64.deb -- cgit v1.1