-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement Docker best practices on ESP32 image
Signed-off-by: Victor Morales <v.morales@samsung.com>
- Loading branch information
1 parent
3d70836
commit e17daa5
Showing
3 changed files
with
79 additions
and
25 deletions.
There are no files selected for viewing
54 changes: 54 additions & 0 deletions
54
...ations/docker/images/chip-build-esp32/0001-esp_crt_bundle-remove-EC-ACC-certificate.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
From 4e45f13e2df72a4cb4dc875942e95775198db85c Mon Sep 17 00:00:00 2001 | ||
From: Victor Morales <chipahuac@hotmail.com> | ||
Date: Fri, 1 Oct 2021 13:56:33 -0700 | ||
Subject: [PATCH] esp_crt_bundle: remove EC-ACC certificate | ||
|
||
Fixes bug #7631 | ||
--- | ||
.../mbedtls/esp_crt_bundle/cacrt_all.pem | 30 ------------------- | ||
1 file changed, 30 deletions(-) | ||
|
||
diff --git a/components/mbedtls/esp_crt_bundle/cacrt_all.pem b/components/mbedtls/esp_crt_bundle/cacrt_all.pem | ||
index 09b4ce16b7..a669b94fbd 100644 | ||
--- a/components/mbedtls/esp_crt_bundle/cacrt_all.pem | ||
+++ b/components/mbedtls/esp_crt_bundle/cacrt_all.pem | ||
@@ -1645,36 +1645,6 @@ tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 | ||
mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 | ||
-----END CERTIFICATE----- | ||
|
||
-EC-ACC | ||
-====== | ||
------BEGIN CERTIFICATE----- | ||
-MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE | ||
-BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w | ||
-ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD | ||
-VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE | ||
-CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT | ||
-BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7 | ||
-MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt | ||
-SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl | ||
-Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh | ||
-cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND | ||
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK | ||
-w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT | ||
-ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4 | ||
-HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a | ||
-E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw | ||
-0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E | ||
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD | ||
-VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0 | ||
-Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l | ||
-dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ | ||
-lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa | ||
-Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe | ||
-l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2 | ||
-E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D | ||
-5EI= | ||
------END CERTIFICATE----- | ||
- | ||
Hellenic Academic and Research Institutions RootCA 2011 | ||
======================================================= | ||
-----BEGIN CERTIFICATE----- | ||
-- | ||
2.25.1 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,36 +1,36 @@ | ||
ARG VERSION=latest | ||
FROM connectedhomeip/chip-build:${VERSION} | ||
FROM connectedhomeip/chip-build:${VERSION} as build | ||
|
||
# Setup the ESP-IDF | ||
RUN set -x \ | ||
&& apt-get update \ | ||
&& DEBIAN_FRONTEND=noninteractive apt-get install -y python libgcrypt20-dev \ | ||
&& mkdir -p /opt/espressif \ | ||
&& cd /opt/espressif \ | ||
&& git clone --progress -b v4.3 https://github.com/espressif/esp-idf.git \ | ||
&& cd esp-idf \ | ||
&& git submodule update --init --progress \ | ||
&& IDF_TOOLS_PATH=/opt/espressif/tools ./install.sh \ | ||
&& DEBIAN_FRONTEND=noninteractive apt-get install -fy --no-install-recommends \ | ||
git=1:2.25.1-1ubuntu3.2 \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/ \ | ||
&& : # last line | ||
|
||
RUN set -x \ | ||
&& git clone --depth 1 --recursive -b v4.3 https://github.com/espressif/esp-idf.git /tmp/esp-idf \ | ||
&& : # last line | ||
|
||
# BEGIN: PATCH BROKEN UPSTREAM | ||
# | ||
# After an upgrade in https://pypi.org/project/cryptography/#history | ||
# ESP sdk starts failing when attempting to run: | ||
# | ||
# /opt/espressif/tools/python_env/idf4.3_py3.9_env/bin/python \ | ||
# /opt/espressif/esp-idf/components/mbedtls/esp_crt_bundle/gen_crt_bundle.py \ | ||
# --input /opt/espressif/esp-idf/components/mbedtls/esp_crt_bundle/cacrt_all.pem -q | ||
# | ||
# Unfortunately cryptography is brought up as ">=2.1.4" from | ||
# /opt/espressif/esp-idf/requirements.txt, so we get an incompatible version | ||
# Code below reverts to a known working version. | ||
# TODO: Remove this patch once https://github.com/espressif/esp-idf/pull/7632 is available | ||
COPY 0001-esp_crt_bundle-remove-EC-ACC-certificate.patch /tmp/esp-idf/0001-esp_crt_bundle-remove-EC-ACC-certificate.patch | ||
|
||
WORKDIR /tmp/esp-idf | ||
RUN set -x \ | ||
&& /opt/espressif/tools/python_env/idf4.3_py3.9_env/bin/pip uninstall -y cryptography \ | ||
&& /opt/espressif/tools/python_env/idf4.3_py3.9_env/bin/pip install cryptography==3.4.8 \ | ||
&& git apply /tmp/esp-idf/0001-esp_crt_bundle-remove-EC-ACC-certificate.patch \ | ||
&& rm -f /tmp/esp-idf/0001-esp_crt_bundle-remove-EC-ACC-certificate.patch \ | ||
&& : # last line | ||
# END: PATCH BROKEN UPSTREAM | ||
|
||
FROM connectedhomeip/chip-build:${VERSION} | ||
|
||
ENV IDF_PATH=/opt/espressif/esp-idf/ | ||
ENV IDF_TOOLS_PATH=/opt/espressif/tools | ||
|
||
COPY --from=build /tmp/esp-idf /opt/espressif/esp-idf | ||
|
||
# Setup the ESP-IDF | ||
WORKDIR /opt/espressif/esp-idf | ||
RUN set -x \ | ||
&& ./install.sh \ | ||
&& : # last line |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
0.5.10 | ||
0.5.11 |