ci: install patched p11 from source

Patch: OpenSC/libp11#474

Rework docker setup to allow for adding files to the image.
This is not possible when using " - < " and reading from STDIN
because there is no Docker Build Context there which is necessary
for ADD and COPY commands.

Author: ifonajs

.github/actions/build-docker/action.yml

@@ -17,5 +17,5 @@ runs:
     - name: "Build Docker image"
       shell: bash
       run: |
-        docker build -t ${{ inputs.docker_tag }} - < ${{ inputs.docker_file_path }}
+        docker build -t ${{ inputs.docker_tag }} ${{ inputs.docker_file_path }}
 

.github/workflows/ci.yml

@@ -8,10 +8,10 @@ on:
 
 env:
   DOCKER_TAG: buildenv
-  DOCKER_FILE_PATH: ./docker-build-env/Dockerfile
+  DOCKER_FILE_PATH: ./dockerfiles/base
 
   DOCKER_WITH_HSM_TAG: buildenv_with_hsm
-  DOCKER_WITH_HSM_FILE_PATH: ./docker-build-env/Dockerfile-With-HSM
+  DOCKER_WITH_HSM_FILE_PATH: ./dockerfiles/hsm-support
 
   TOKEN_LABEL: token-label
   USER_PIN: 1234

docker-build-env/Dockerfile dockerfiles/base/Dockerfiledocker-build-env/Dockerfile renamed to dockerfiles/base/Dockerfile

@@ -2,14 +2,26 @@ FROM buildenv
 
 # Install MoCOCrW dependencies (except OpenSSL)
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
-        # libp11 engine
-        libengine-pkcs11-openssl \
-        # headers for p11 engine
-        libp11-dev \
         # for pkcs11-tool which we use to create keys in token
         opensc \
         # p11-kit-modules allows loading of libp11 engine without having to edit openssl.cnf
         p11-kit-modules \
         # softhsm2: includes both softhsm2-util and libsofthsm2
         softhsm2 \
+        libtool
         && rm -rf /var/lib/apt/lists/*
+
+ADD keygen.patch /tmp/
+
+RUN cd /tmp && \
+    wget https://github.com/OpenSC/libp11/releases/download/libp11-0.4.12/libp11-0.4.12.tar.gz && \
+    tar xvf libp11-0.4.12.tar.gz && \
+    cd libp11-0.4.12 && \
+    git apply /tmp/keygen.patch && \
+    echo "Successfully patched libp11" && \
+    autoreconf --verbose --install --force && \
+    ./configure --enable-strict && \
+    make -j$(nproc) && \
+    make check && \
+    make install
+