Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Docker best practices on ESP32 image #10165

Merged
merged 1 commit into from
Oct 7, 2021
Merged

Implement Docker best practices on ESP32 image #10165

merged 1 commit into from
Oct 7, 2021

Conversation

electrocucaracha
Copy link
Collaborator

@electrocucaracha electrocucaracha commented Oct 2, 2021
edited
Loading

Problem

Previous attempt to reduce the image size and implement Docker best practices occurred when cryptography module was released. This python module doesn't allow to loading of X.509 certificates with negative serial numbers. A fix has been submitted to Espressif IoT Development Framework but we need to keep a patch until it's available.

Change overview

This change implements Docker best practices validated with Hadolint tool which helps to reduce the size. It also contains a patch file which removes the invalid certificate.

Fixes #10123

Testing

It was created ESP32 and ESP32 QEMU images locally and use act to validate the execution.

@electrocucaracha
Implement Docker best practices on ESP32 image
e17daa5 
Signed-off-by: Victor Morales <v.morales@samsung.com>
@todo
Copy link

todo bot commented Oct 2, 2021

Remove this patch once espressif/esp-idf#7632 is available

connectedhomeip/integrations/docker/images/chip-build-esp32/Dockerfile

Lines 16 to 26 in e17daa5

# TODO: Remove this patch once https://github.com/espressif/esp-idf/pull/7632 is available
COPY 0001-esp_crt_bundle-remove-EC-ACC-certificate.patch /tmp/esp-idf/0001-esp_crt_bundle-remove-EC-ACC-certificate.patch
WORKDIR /tmp/esp-idf
RUN set -x \
&& git apply /tmp/esp-idf/0001-esp_crt_bundle-remove-EC-ACC-certificate.patch \
&& rm -f /tmp/esp-idf/0001-esp_crt_bundle-remove-EC-ACC-certificate.patch \
&& : # last line
FROM connectedhomeip/chip-build:${VERSION}

This comment was generated by todo based on a TODO comment in e17daa5 in #10165. cc @electrocucaracha.

@bzbarsky-apple bzbarsky-apple merged commit 05f6882 into project-chip:master Oct 7, 2021
@todo todo bot mentioned this pull request Oct 7, 2021
Closed
@bzbarsky-apple
Copy link
Contributor

Ugh. I just realized that this had an undetected merge conflict: our docker version is already at 0.5.11. @andreilitvin @woody-apple Do we want to just do a standalone version bump, or revert this and reland with a version bump?

bzbarsky-apple added a commit to bzbarsky-apple/connectedhomeip that referenced this pull request Oct 7, 2021
@bzbarsky-apple
Bump docker image version.
889bbf9 
This should have happened in
project-chip#10165 but didn't
due to an undetected merge conflict.
@bzbarsky-apple bzbarsky-apple mentioned this pull request Oct 7, 2021
Merged
andy31415 pushed a commit that referenced this pull request Oct 7, 2021
@bzbarsky-apple
Bump docker image version. (#10312)
c0ba6b1 
This should have happened in
#10165 but didn't
due to an undetected merge conflict.
@electrocucaracha electrocucaracha deleted the fix_esp32_img branch October 7, 2021 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andy31415 andy31415 andy31415 approved these changes

@woody-apple woody-apple woody-apple approved these changes

@jmartinez-silabs jmartinez-silabs jmartinez-silabs approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@austinh0 austinh0 Awaiting requested review from austinh0

@balducci-apple balducci-apple Awaiting requested review from balducci-apple

@bzbarsky-apple bzbarsky-apple Awaiting requested review from bzbarsky-apple

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@emargolis emargolis Awaiting requested review from emargolis

@franck-apple franck-apple Awaiting requested review from franck-apple

@hawk248 hawk248 Awaiting requested review from hawk248

@holbrookt holbrookt Awaiting requested review from holbrookt

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@kghost kghost Awaiting requested review from kghost

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@LuDuda LuDuda Awaiting requested review from LuDuda

@mlepage-google mlepage-google Awaiting requested review from mlepage-google

@msandstedt msandstedt Awaiting requested review from msandstedt

@pan-apple pan-apple Awaiting requested review from pan-apple

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@shana-apple shana-apple Awaiting requested review from shana-apple

@tcarmelveilleux tcarmelveilleux Awaiting requested review from tcarmelveilleux

@turon turon Awaiting requested review from turon

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@yunhanw-google yunhanw-google Awaiting requested review from yunhanw-google

Assignees
No one assigned
Labels
integrations review - approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Figure out why QEMU fails post 0.5.7 docker tag
5 participants
@electrocucaracha @bzbarsky-apple @andy31415 @woody-apple @jmartinez-silabs