certificates icon indicating copy to clipboard operation
certificates copied to clipboard

Published 20 hours ago verified publisher icon smallstep

Create new docker image with CGO enabled

Open maraino opened this issue 2 years ago • 1 comments

Description

We should add a new docker image where step-ca is built with CGO enabled (e.g. smallstep/step-ca-cgo).

This will allow users to create custom images to support a specific HSM just by inheriting this image and adding the necessary PKCS#11 modules and dependencies. For example, to add support to yubikey you might need to add yubihsm_pkcs11.so, yubihsm_pkcs11.conf, set the environment variable YUBIHSM_PKCS11_CONF, and add any necessary dependencies.

We also need to consider that step-ca images are based on alpine, with musl, instead of libc, but PKCS#11 modules might depend on libc, so we might want to change the base image to be based on Debian or Fedora.

maraino avatar May 04 '22 19:05 maraino

https://github.com/kirei/smallstep-ca-hsm now contains Dockerfiles for CGO containers for Fedora, Debian and Alpine. Feel free to use any of these as input to this issue.

jschlyter avatar May 06 '22 07:05 jschlyter

This was fixed a few weeks ago, and now we have smallstep/step-ca:hsm with the latest version of step-ca with CGO support.

maraino avatar Apr 28 '23 20:04 maraino