bmwcarit
diff --git a/‎.github/actions/build-docker/action.yml
Lines changed: 6 additions & 4 deletions b/‎.github/actions/build-docker/action.yml
Lines changed: 6 additions & 4 deletions
diff --git a/‎.github/workflows/ci.yml
Lines changed: 0 additions & 11 deletions b/‎.github/workflows/ci.yml
Lines changed: 0 additions & 11 deletions
diff --git a/‎dockerfiles/base/Dockerfile
Lines changed: 80 additions & 3 deletions b/‎dockerfiles/base/Dockerfile
Lines changed: 80 additions & 3 deletions
diff --git a/‎dockerfiles/feature-support/dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch renamed to ‎dockerfiles/base/dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch b/‎dockerfiles/feature-support/dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch renamed to ‎dockerfiles/base/dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch
diff --git a/‎dockerfiles/feature-support/dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch renamed to ‎dockerfiles/base/dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch b/‎dockerfiles/feature-support/dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch renamed to ‎dockerfiles/base/dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch
diff --git a/‎dockerfiles/feature-support/dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch renamed to ‎dockerfiles/base/dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch b/‎dockerfiles/feature-support/dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch renamed to ‎dockerfiles/base/dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch
diff --git a/‎dockerfiles/feature-support/dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch renamed to ‎dockerfiles/base/dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch b/‎dockerfiles/feature-support/dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch renamed to ‎dockerfiles/base/dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch
diff --git a/‎dockerfiles/feature-support/dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch renamed to ‎dockerfiles/base/dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch b/‎dockerfiles/feature-support/dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch renamed to ‎dockerfiles/base/dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch
diff --git a/‎dockerfiles/feature-support/dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch renamed to ‎dockerfiles/base/dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch b/‎dockerfiles/feature-support/dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch renamed to ‎dockerfiles/base/dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch
diff --git a/‎dockerfiles/feature-support/dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch renamed to ‎dockerfiles/base/dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch b/‎dockerfiles/feature-support/dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch renamed to ‎dockerfiles/base/dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch
@@ -11,11 +11,13 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - name: "Load Docker cache"
-      uses: satackey/[email protected]
+    - name: Expose GitHub Runtime
+      uses: crazy-max/ghaction-github-runtime@v2
 
     - name: "Build Docker image"
       shell: bash
       run: |
-        docker build -t ${{ inputs.docker_tag }} ${{ inputs.docker_folder_path }}
-
+        docker buildx create --use --driver=docker-container
+        docker buildx build -t ${{ inputs.docker_tag }} \
+        --cache-to="type=gha,mode=max" --cache-from="type=gha" \
+        ${{ inputs.docker_folder_path }} --load
@@ -10,10 +10,6 @@ env:
   DOCKER_TAG: buildenv
   DOCKER_FOLDER_PATH: ./dockerfiles/base
 
-  # This buildenv contains libp11/softhsm and libdilithium
-  DOCKER_WITH_FEATURE_TAG: buildenv_with_features
-  DOCKER_WITH_FEATURE_FOLDER_PATH: ./dockerfiles/feature-support
-
   TOKEN_LABEL1: token-label
   TOKEN_LABEL2: token-label2
   USER_PIN: 1234
@@ -82,13 +78,6 @@ jobs:
           docker_tag: ${{ env.DOCKER_TAG }}
           docker_folder_path: ${{ env.DOCKER_FOLDER_PATH }}
 
-      - name: "Build Docker Image With HSM"
-        if: ${{ matrix.hsm_flag == 'MOCOCRW_HSM_ENABLED=ON' || matrix.dilithium_flag == 'MOCOCRW_DILITHIUM_ENABLED=ON' }}
-        uses: ./.github/actions/build-docker
-        with:
-          docker_tag: ${{ env.DOCKER_WITH_FEATURE_TAG }}
-          docker_folder_path: ${{ env.DOCKER_WITH_FEATURE_FOLDER_PATH }}
-
       - name: "Build MoCOCrW"
         run: |
           mkdir build
 
@@ -1,4 +1,4 @@
-FROM ubuntu:focal
+FROM ubuntu:focal as base
 
 # Install MoCOCrW dependencies (except OpenSSL)
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
@@ -18,5 +18,82 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-rec
         make \
         ninja-build \
         pkg-config \
-        wget \
-        && rm -rf /var/lib/apt/lists/*
+        wget
+
+FROM base as hsm
+
+ARG LIBP11_URL=https://github.com/OpenSC/libp11/releases/download/libp11-0.4.12/libp11-0.4.12.tar.gz
+COPY hsm-patches/0001-Introduce-generic-keypair-generation-interface-and-e.patch \
+     dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch     \
+     dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch     \
+     dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch        \
+     dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch     \
+     dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch           \
+     dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch    \
+     dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch   \
+     dilithium-patches/0008-Add-function-for-pub-key-extraction.patch               \
+     /tmp/patches/
+
+# Install:
+#  * MoCOCrW dependencies (except OpenSSL)
+#  * libp11
+#  * libdilithium
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
+    # for pkcs11-tool which we use to create keys in token
+    opensc \
+    # p11-kit-modules allows loading of libp11 engine without having to edit openssl.cnf
+    p11-kit-modules \
+    # softhsm2: includes both softhsm2-util and libsofthsm2
+    softhsm2 \
+    # libp11 needs this
+    libtool && \
+    rm -rf /var/lib/apt/lists/*
+
+    # Build libp11
+RUN mkdir -p /tmp/libp11 && \
+    cd /tmp/libp11 && \
+    wget "${LIBP11_URL}" && \
+    tar xf libp11-0.4.12.tar.gz && \
+    cd libp11-0.4.12 && \
+    git apply /tmp/patches/0001-Introduce-generic-keypair-generation-interface-and-e.patch && \
+    echo "Successfully patched libp11" && \
+    autoreconf --verbose --install --force && \
+    ./configure --enable-strict && \
+    make -j"$(nproc)" && \
+    make check && \
+    make install && \
+    rm -rf /tmp/libp11
+
+FROM base as dilithium
+RUN mkdir /tmp/patches
+COPY dilithium-patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch     \
+     dilithium-patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch     \
+     dilithium-patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch        \
+     dilithium-patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch     \
+     dilithium-patches/0005-CMakeLists.txt-Add-cmake-install-target.patch           \
+     dilithium-patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch    \
+     dilithium-patches/0007-CMakeLists.txt-Change-target_compile_definition.patch   \
+     dilithium-patches/0008-Add-function-for-pub-key-extraction.patch               \
+     /tmp/patches/
+RUN mkdir /tmp/libdilithium && \
+    cd /tmp/libdilithium && \
+    git clone https://github.com/pq-crystals/dilithium && \
+    cd dilithium && \
+    git checkout 3e9b9f1412f6c7435dbeb4e10692ea58f181ee51 && \
+    git apply /tmp/patches/0001-CMakeLists.txt-Add-BUILD_TESTING-compile-flag.patch   && \
+    git apply /tmp/patches/0002-CMakeLists.txt-Enable-parallel-test-execution.patch   && \
+    git apply /tmp/patches/0003-CMakeLists.txt-Enable-PIE-compilation-flag.patch      && \
+    git apply /tmp/patches/0004-CMakeLists.txt-Add-UBSAN-and-ASAN-build-types.patch   && \
+    git apply /tmp/patches/0005-CMakeLists.txt-Add-cmake-install-target.patch         && \
+    git apply /tmp/patches/0006-CMakelists.txt-Add-stack-protector-strong-flag.patch  && \
+    git apply /tmp/patches/0007-CMakeLists.txt-Change-target_compile_definition.patch && \
+    git apply /tmp/patches/0008-Add-function-for-pub-key-extraction.patch             && \
+    mkdir build && \
+    cd build && \
+    cmake -GNinja .. -DBUILD_TESTING=ON&& \
+    ninja && \
+    ctest -j"$(nproc)" && \
+    ninja install && \
+    cd / && \
+    rm -rf /tmp/libdilithium && \
+    rm -rf /tmp/patches