enabling more integrations to use specific upstream tags

epiphany/Dockerfile

@@ -1,8 +1,16 @@
+# define the liboqs tag to be used
+ARG LIBOQS_TAG=main
+
+# define the oqsprovider tag to be used
+ARG OQSPROVIDER_TAG=main
+
 # Default location where all binaries wind up:
 ARG OSSLGIODIR=/opt/ossl-gio
 
 # 2-step build: First create binaries
 FROM ubuntu as intermediate
+ARG LIBOQS_TAG
+ARG OQSPROVIDER_TAG
 ARG OSSLGIODIR
 ENV DEBIAN_FRONTEND noninteractive
 
@@ -12,7 +20,7 @@ RUN apt update && apt upgrade -y && apt install -y build-essential clang meson g
 
 WORKDIR /opt
 
-RUN git clone --branch main https://github.com/open-quantum-safe/liboqs.git && git clone --depth 1 --branch master https://github.com/openssl/openssl ossl-src && git clone https://gitlab.gnome.org/GNOME/glib-networking.git && git clone --depth 1 --branch main https://github.com/open-quantum-safe/oqs-provider.git
+RUN git clone --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs.git && git clone --depth 1 --branch master https://github.com/openssl/openssl ossl-src && git clone https://gitlab.gnome.org/GNOME/glib-networking.git && git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git
 
 # make sure the liboqs library is distributable:
 RUN cd liboqs && mkdir build && cd build && cmake -GNinja -DOQS_DIST_BUILD=ON -DCMAKE_INSTALL_PREFIX=/opt/liboqs .. && ninja && ninja install && cd ../..

epiphany/README.md

@@ -11,3 +11,17 @@ This demo is based on work done by [Igor Barshteyn](https://www.linkedin.com/pul
 
 Information how to use the image is [available in the separate file USAGE.md](USAGE.md).
 
+## Build options
+
+The Dockerfile provided allows for significant customization of the image built:
+
+
+### LIBOQS_TAG
+
+Tag of `liboqs` release to be used. Default "main".
+
+### OQSPROVIDER_TAG
+
+Tag of `oqsprovider` release to be used. Default "main".
+
+

h2load/Dockerfile

@@ -3,6 +3,8 @@ FROM alpine as intermediate
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+ARG LIBOQS_TAG=main
+ARG OQSPROVIDER_TAG=main
 ARG INSTALLDIR=/opt/oqssa
 
 # Update image and apt software 
@@ -16,9 +18,9 @@ RUN apk add bash git g++ make cmake ninja autoconf automake libtool \
 WORKDIR /opt
 
 # get all sources
-RUN git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs && \
+RUN git clone --depth 1 --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs && \
     git clone --depth 1 --branch master https://github.com/openssl/openssl.git && \
-    git clone --depth 1 --branch main https://github.com/open-quantum-safe/oqs-provider.git && \
+    git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git && \
     git clone --depth 1 --branch master  https://github.com/nghttp2/nghttp2.git
 
 # build liboqs
@@ -60,4 +62,4 @@ COPY check_algorithms.sh /usr/local/bin
 # copy shared object dependencies and configuration file
 COPY --from=intermediate /opt/lib /usr/local/lib
 COPY --from=intermediate /opt/oqssa/lib64/ossl-modules/oqsprovider.so /opt/oqssa/lib64/ossl-modules/oqsprovider.so
-COPY --from=intermediate /opt/oqssa/ssl/openssl.cnf /opt/oqssa/ssl/openssl.cnf
+COPY --from=intermediate /opt/oqssa/ssl/openssl.cnf /opt/oqssa/ssl/openssl.cnf

ngtcp2/Dockerfile-client

@@ -3,6 +3,8 @@ FROM alpine as intermediate
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+ARG LIBOQS_TAG=main
+ARG OQSPROVIDER_TAG=main
 ARG INSTALLDIR=/opt/oqssa
 
 # Update image and apt software 
@@ -15,9 +17,9 @@ RUN apk add bash git pkgconfig autoconf automake libtool g++ make cmake ninja
 WORKDIR /opt
 
 # get all sources
-RUN git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs && \
+RUN git clone --depth 1 --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs && \
     git clone --depth 1 --branch openssl-3.0.8+quic https://github.com/quictls/openssl.git && \
-    git clone --depth 1 --branch main https://github.com/open-quantum-safe/oqs-provider.git && \
+    git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git && \
     git clone --depth 1 --branch main  https://github.com/ngtcp2/nghttp3 && \
     git clone --depth 1 --branch main https://github.com/ngtcp2/ngtcp2
 

ngtcp2/Dockerfile-server

@@ -3,6 +3,8 @@ FROM alpine as intermediate
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+ARG LIBOQS_TAG=main
+ARG OQSPROVIDER_TAG=main
 ARG INSTALLDIR=/opt/oqssa
 
 # Update image and apt software 
@@ -15,9 +17,9 @@ RUN apk add bash git pkgconfig autoconf automake libtool g++ make cmake ninja
 WORKDIR /opt
 
 # get all sources
-RUN git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs && \
+RUN git clone --depth 1 --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs && \
     git clone --depth 1 --branch openssl-3.0.8+quic https://github.com/quictls/openssl.git && \
-    git clone --depth 1 --branch main https://github.com/open-quantum-safe/oqs-provider.git && \
+    git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git && \
     git clone --depth 1 --branch main  https://github.com/ngtcp2/nghttp3 && \
     git clone --depth 1 --branch main https://github.com/ngtcp2/ngtcp2
 

openlitespeed/Dockerfile-server

@@ -1,6 +1,9 @@
+ARG LIBOQS_TAG=main
 
 FROM ubuntu:focal as builder
 
+ARG LIBOQS_TAG
+
 ENV TZ=Europe/Zurich
 ENV DEBIAN_FRONTEND=noninteractive
 
@@ -22,6 +25,7 @@ COPY build_bssl.sh.patch /opt/
 RUN cd openlitespeed && git apply --reject --whitespace=fix /opt/build.sh.patch 
 
 
+ENV LIBOQS_TAG=${LIBOQS_TAG}
 # Build and install openlitespeed
 RUN cd openlitespeed && ./build.sh &&  ./install.sh
 
@@ -43,4 +47,4 @@ RUN ldconfig
 RUN apt update && apt install -y openssl net-tools
 WORKDIR /root/
 
-COPY serverstart.sh .
+COPY serverstart.sh .

openlitespeed/build_bssl.sh.patch

@@ -11,7 +11,7 @@ index cb7f229..60e0822 100755
 +    echo "Downloading oqs boringssl"
 +    git clone --branch master https://github.com/open-quantum-safe/boringssl.git
 +
-+    git clone --branch main --single-branch --depth 1 https://github.com/open-quantum-safe/liboqs.git
++    git clone --branch $LIBOQS_TAG --single-branch --depth 1 https://github.com/open-quantum-safe/liboqs.git
  fi
 
  if [ -d "go" ]; then
@@ -44,7 +44,7 @@ index cb7f229..60e0822 100755
 +cd ../liboqs && mkdir build-static && cd build-static && cmake -G"Ninja" -DCMAKE_INSTALL_PREFIX=/opt/third-party/src/boringssl/oqs -DOQS_USE_OPENSSL=OFF .. && ninja && ninja install
 +cd .. && mkdir build && cd build && cmake -G"Ninja" -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=/opt/third-party/src/boringssl/oqs -DOQS_USE_OPENSSL=OFF .. && ninja && ninja install
 +
-+cp /opt/third-party/src/liboqs/build/lib/liboqs.so.2 /usr/local/lib && ldconfig
++cp /opt/third-party/src/liboqs/build/lib/liboqs.so /usr/local/lib && ldconfig
 +cd ../../boringssl && mkdir build && cd build
 +
  cmake ../ -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_FLAGS="-fPIC" -DCMAKE_CXX_FLAGS="-fPIC"

openssh/README.md

@@ -67,6 +67,10 @@ Detailed information on how to use the image is available in [the separate file
 
 The Dockerfile provided allows for some customization of the image built. Those build arguments can be used at buildtime via the flag `--build-arg`, e.g. `docker build --build-arg INSTALL_DIR="/some/directory/" -t name-of-image .`.
 
+## LIBOQS_RELEASE
+
+Tag of `liboqs` release to be used. Default "main".
+
 ## INSTALL_DIR
 
 This sets the location of the software installation including the configuration files and host keys inside the docker image.

openvpn/Dockerfile

@@ -1,5 +1,11 @@
 # Multi-stage build: First the full builder image:
 
+# define the liboqs tag to be used
+ARG LIBOQS_TAG=main
+
+# define the oqsprovider tag to be used
+ARG OQSPROVIDER_TAG=main
+
 # Default location where all binaries wind up:
 ARG INSTALLDIR=/opt/oqssa
 
@@ -17,6 +23,8 @@ ARG KEM_ALGLIST="kyber768:p384_kyber768"
 
 FROM debian:bullseye as intermediate
 # Take in all global args
+ARG LIBOQS_TAG
+ARG OQSPROVIDER_TAG
 ARG INSTALLDIR
 ARG LIBOQS_BUILD_DEFINES
 ARG MAKE_DEFINES
@@ -40,9 +48,9 @@ RUN apt install -y  \
 
 # get all sources
 WORKDIR /opt
-RUN git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs && \
+RUN git clone --depth 1 --branch ${LIBOQS_TAG} https://github.com/open-quantum-safe/liboqs && \
     git clone --depth 1 --branch master https://github.com/openssl/openssl.git && \
-    git clone --depth 1 --branch main https://github.com/open-quantum-safe/oqs-provider.git && \
+    git clone --depth 1 --branch ${OQSPROVIDER_TAG} https://github.com/open-quantum-safe/oqs-provider.git && \
     git clone https://github.com/OpenVPN/openvpn.git
 
 # build liboqs

openvpn/README.md

@@ -22,6 +22,14 @@ Complete information how to use the image is [available in the separate file USA
 
 The Dockerfile provided allows for some customization of the image built:
 
+### LIBOQS_TAG
+
+Tag of `liboqs` release to be used. Default "main".
+
+### OQSPROVIDER_TAG
+
+Tag of `oqsprovider` release to be used. Default "main".
+
 ### LIBOQS_BUILD_DEFINES
 
 This permits changing the build options for the underlying library with the quantum safe algorithms. All possible options are documented [here](https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs).