Dockerfile

FROM ubuntu:24.04

RUN apt-get update && apt-get install -y \
    curl \
    udev \
    wget \
    tar \
    libusb-1.0-0 \
    libedit2 \
    libpcsclite1 \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# Create yubihsm-connector user and its home directory
RUN useradd -r -m -s /bin/false yubihsm-connector

# Install YubiHSM SDK
WORKDIR /home/yubihsm-connector
RUN wget https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-2024-09-ubuntu2404-amd64.tar.gz
RUN tar xvf yubihsm2-sdk-2024-09-ubuntu2404-amd64.tar.gz
RUN dpkg -i ./yubihsm2-sdk/libykhsmauth*.deb \
    ./yubihsm2-sdk/libyubihsm-http*.deb \
    ./yubihsm2-sdk/libyubihsm-usb*.deb \
    ./yubihsm2-sdk/libyubihsm1*.deb \
    ./yubihsm2-sdk/yubihsm-connector*.deb \
    ./yubihsm2-sdk/yubihsm-shell*.deb

# Cleanup
RUN rm -rf yubihsm2-sdk*

# Setup udev rules
RUN mkdir -p /etc/udev/rules.d/
COPY 70-yubihsm.rules /etc/udev/rules.d/

COPY yubihsm-connector-config.yaml /etc/yubihsm-connector/yubihsm-connector-config.yaml

# Set proper ownership
RUN chown -R yubihsm-connector:yubihsm-connector /home/yubihsm-connector
RUN chown yubihsm-connector:yubihsm-connector /etc/yubihsm-connector/yubihsm-connector-config.yaml

# Run as yubihsm-connector user
USER yubihsm-connector

CMD ["/usr/bin/yubihsm-connector", "-c", "/etc/yubihsm-connector/yubihsm-connector-config.yaml"]