Any objection if I add Dockerfile here ?

[glimchb]

wiki page https://github.com/stefanberger/swtpm/wiki/Dockerfiles is not enough...

something like this is super easy and helpful:

$ cat Dockerfile
FROM debian:12.6-slim

RUN apt-get update && \
    apt-get install --no-install-recommends -y swtpm=0.7.1-1.3 && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

ENTRYPOINT ["/usr/bin/swtpm"]

lint passed:

$ docker run --rm -i ghcr.io/hadolint/hadolint < Dockerfile
$

build:

$ docker build -t swtpm:0.7.1 - < Dockerfile
Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM debian:12.6-slim
 ---> 3eeb141ea1a1
Step 2/3 : RUN apt-get update &&     apt-get install --no-install-recommends -y swtpm=0.7.1-1.3 &&     apt-get clean &&     rm -rf /var/lib/apt/lists/*
 ---> Using cache
 ---> a9e31f6fdb72
Step 3/3 : ENTRYPOINT ["/usr/bin/swtpm"]
 ---> Using cache
 ---> 6fb7ab4b45f6
Successfully built 6fb7ab4b45f6
Successfully tagged swtpm:0.7.1

run:

$ docker run --rm -it swtpm:0.7.1 --version
TPM emulator version 0.7.1, Copyright (c) 2014-2021 IBM Corp.

[stefanberger]

Regarding your title: a Dockerfile for swtpm should probably install the swtpm from the git repo rather than a specific old version from a distro

[glimchb]

Regarding your title: a Dockerfile for swtpm should probably install the swtpm from the git repo rather than a specific old version from a distro

sure, I can do that, absolutely
just wanted to get general agreement to work on this from the maintainer
if agreed, I will create PR
I can also do a matrix of 3 last versions to build and publish or just do the latest and then all future ones...

[stefanberger]

Regarding your title: a Dockerfile for swtpm should probably install the swtpm from the git repo rather than a specific old version from a distro

sure, I can do that, absolutely just wanted to get general agreement to work on this from the maintainer if agreed, I will create PR I can also do a matrix of 3 last versions to build and publish or just do the latest and then all future ones...

My preference would be that I don't have to deal much with updating the versions installed in the container and the version of the underlying distro and that others don't feel the need to add Dockerfiles for their favorite distro because then it becomes endless.

[glimchb]

My preference would be that I don't have to deal much with updating the versions installed in the container and the version of the underlying distro and that others don't feel the need to add Dockerfiles for their favorite distro because then it becomes endless.

Yep, understood, minimal support is a requirement.

[lmussier]

Hi @glimchb, if I may, is there any chance that your contribution will lead to a container where we can use swtpm seamlessly?
I'm strugeling to find a way to have an image where swtpm would run and be the responder of tpm2-tools / tpm2-openssl for instance.

[stefanberger]

FYI: I am testing swtpm across distros in this project here: https://github.com/stefanberger/swtpm-distro-compile/

Maybe you can derive a Dockerfile from either one of these. Alpine seems to be a distro that produces a small image iirc.

[glimchb]

@stefanberger I also saw this repo... it that maintained ?
https://github.com/tpm2-software/tpm2-software-container
?

[glimchb]

Hi @glimchb, if I may, is there any chance that your contribution will lead to a container where we can use swtpm seamlessly? I'm strugeling to find a way to have an image where swtpm would run and be the responder of tpm2-tools / tpm2-openssl for instance.

@lmussier
While I work on the dockerfile in this repo, I already deployed example in my project using debian container.
It works seamlessly both swtpm and tpm2tools, docker-compose is testing this
https://github.com/opiproject/sztp/blob/3c77452310bdcb3e8bb1da9bb6d8e6839f2c1dff/docker-compose.yml#L254-L279

let me know if that works, I will try to replicate same behavior here, just using latest code instead of DEB pre-built package...

[glimchb]

sorry it took me few days - I was ooo

PR submitted for review based on alpine docker
I also added github actions for lint, build and test
I also added docker compose for test and example
Any comments are welcomed

[glimchb]

@stefanberger

I publish docker image automatically to ghcr.io/stefanberger/swtpm so peopel can download and use it without need to rebuild all the time themselves...

if you want to publish docker also to https://hub.docker.com/u/stefanberger everything is ready, just to have 2 secrets defined in this repo settings: secrets.DOCKERHUB_USERNAME and secrets.DOCKERHUB_TOKEN

[glimchb]

opened new #876 to publish to https://hub.docker.com/u/stefanberger