Adding support for containerized tss and abrmd

Adding a dockerfile to build a container that has
tss, abrmd and tpm2-tools installed on it.

Issue-ID: AAF-275
Change-Id: I8bda86d36290785950cf3c23d6527e1245652f42
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>

diff --git a/bin/README.md b/bin/README.md
new file mode 100644 (file)
index 0000000..c4c54ca
--- /dev/null
+++ b/bin/README.md
@@ -0,0 +1,27 @@
+### Building Docker Images
+
+```
+$ docker build -t <image name> -f tpmdockerfile .
+```
+
+### Running ABRMD Container
+
+```
+$ docker run -d --privileged -v /tmp/run/dbus:/var/run/dbus --name <container name> <image name>
+```
+
+### Running Tools Container
+This command will drop you into the tools container with everything setup appropriately:
+```
+# Runs without any privileges.
+# Requires that the dbus be mounted from the same host folder
+# This is to enable communication between the tools and ABRMD
+$ docker run -v /tmp/run/dbus:/var/run/dbus --name <container name> -it --entrypoint /bin/bash <image name>
+```
+
+##### Sanity Check
+Run the following command in the tools container to see if everything is setup correctly:
+
+```
+tpm2_listpcrs
+```

diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh
new file mode 100755 (executable)
index 0000000..b13c681
--- /dev/null
+++ b/bin/entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -e
+
+# Start DBUS
+mkdir -p /var/run/dbus
+stdbuf -oL -eL dbus-daemon --system --nofork 2>&1 1> /var/log/dbus-daemon.log &
+
+# Start Resource Manager
+hostip=$(ip route show | awk '/default/ {print $3}')
+echo "Connecting to $hostip\n"
+tpm2-abrmd -a $hostip -t socket
\ No newline at end of file

diff --git a/bin/tpmdockerfile b/bin/tpmdockerfile
new file mode 100644 (file)
index 0000000..d1c9480
--- /dev/null
+++ b/bin/tpmdockerfile
@@ -0,0 +1,62 @@
+FROM ubuntu:xenial
+
+RUN apt-get -y update && \
+  apt-get -y install \
+    autoconf \
+    autoconf-archive \
+    libglib2.0-dev \
+    libdbus-1-dev \
+    automake \
+    libtool \
+    autotools-dev \
+    libcppunit-dev \
+    p11-kit \
+    libcurl4-gnutls-dev \
+    libcmocka0 \
+    libcmocka-dev \
+    build-essential \
+    git \
+    pkg-config \
+    gcc \
+    g++ \
+    m4 \
+    wget \
+    liburiparser-dev \
+    libssl-dev \
+    pandoc
+
+RUN apt-get -y install libgcrypt20-dev
+
+RUN git clone https://github.com/tpm2-software/tpm2-tss.git
+RUN git clone https://github.com/tpm2-software/tpm2-abrmd.git
+RUN git clone https://github.com/tpm2-software/tpm2-tools.git
+
+RUN cd tpm2-tss && \
+  git checkout 1.2.0 && \
+  ./bootstrap && \
+  ./configure && \
+  make && \
+  make install
+
+RUN cd tpm2-abrmd && \
+  git checkout 1.1.1 && \
+  useradd --system --user-group tss && \
+  ./bootstrap && \
+  ./configure --with-dbuspolicydir=/etc/dbus-1/system.d \
+    --with-udevrulesdir=/etc/udev/rules.d/ \
+    --with-systemdsystemunitdir=/lib/systemd/system && \
+  make && \
+  make install
+
+RUN cd tpm2-tools && \
+  git checkout 2.1.0 && \
+  ./bootstrap && \
+  ./configure --with-tcti-tabrmd=yes && \
+  make && \
+  make install
+
+RUN echo "/usr/local/lib" > /etc/ld.so.conf.d/tpm2.conf && \
+  ldconfig
+
+ADD entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file