base: do not install openssl

Signed-off-by: zhangzujian <zhangzujian.7@gmail.com>

Author: zhangzujian

dist/images/Dockerfile.base

@@ -105,7 +105,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     apt install -y wget build-essential fakeroot && \
     sleep 15 && \
     apt install -y autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \
-    graphviz iproute2 libcap-ng-dev libdbus-1-dev libnuma-dev libpcap-dev libssl-dev libtool libunbound-dev \
+    graphviz iproute2 libcap-ng-dev libdbus-1-dev libnuma-dev libpcap-dev libtool libunbound-dev \
     pkg-config procps python3-all-dev python3-setuptools python3-sortedcontainers python3-sphinx
 
 RUN cd /usr/src/ovs && \
@@ -140,16 +140,6 @@ RUN cd /usr/src/openbfdd && \
     ./configure --enable-silent-rules && \
     make
 
-ENV OPENSSL_FIPS_LIBDIR=/usr/local/openssl-fips/lib
-ENV LD_LIBRARY_PATH=$OPENSSL_FIPS_LIBDIR:$LD_LIBRARY_PATH
-RUN wget https://www.openssl.org/source/openssl-3.0.13.tar.gz && \
-    tar -xzf openssl-3.0.13.tar.gz && \
-    cd openssl-3.0.13 && \
-    ./config --prefix=/usr/local/openssl-fips --libdir=lib enable-fips && \
-    make -j8 && \
-    make install && \
-    /usr/local/openssl-fips/bin/openssl fipsinstall -module $OPENSSL_FIPS_LIBDIR/ossl-modules/fips.so -out /usr/local/openssl-fips/ssl/fipsmodule.cnf
-
 RUN mkdir /packages/ && \
     mv /usr/src/openbfdd/bfdd-beacon /usr/src/openbfdd/bfdd-control /packages/ && \
     cp /usr/src/openvswitch-*deb /packages && \
@@ -187,7 +177,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
     apt update && apt upgrade -y && apt install ca-certificates python3 hostname libunwind8 netbase \
         ethtool iproute2 ncat libunbound8 procps libatomic1 kmod iptables python3-netifaces python3-sortedcontainers \
-        tcpdump ipvsadm ipset curl uuid-runtime openssl inetutils-ping arping ndisc6 conntrack traceroute iputils-tracepath \
+        tcpdump ipvsadm ipset uuid-runtime inetutils-ping arping ndisc6 conntrack traceroute iputils-tracepath \
         logrotate dnsutils net-tools strongswan strongswan-pki libcharon-extra-plugins libmnl0 \
         libcharon-extauth-plugins libstrongswan-extra-plugins libstrongswan-standard-plugins -y --no-install-recommends && \
         setcap CAP_NET_ADMIN+eip $(readlink -f $(which conntrack)) && \
@@ -244,17 +234,4 @@ RUN --mount=type=bind,target=/packages,from=ovs-builder,source=/packages  \
         dpkg -i --ignore-depends=openvswitch-switch,openvswitch-common /packages/*.ddeb; \
     fi
 
-RUN if [ "$ARCH" = "amd64" ]; then \
-      # env OPENSSL_CONF is only work when user is root, not effect when user is nobody, maybe openssl bug, so we copy openssl binary and libraries to /usr/bin and /usr/lib/x86_64-linux-gnu
-      cp /usr/local/openssl-fips/bin/openssl /usr/bin/openssl && \
-      cp /usr/local/openssl-fips/lib/libssl.so.3 /usr/lib/x86_64-linux-gnu/libssl.so.3 && \
-      cp /usr/local/openssl-fips/lib/libcrypto.so.3 /usr/lib/x86_64-linux-gnu/libcrypto.so.3 && \
-      cp /usr/local/openssl-fips/lib/ossl-modules/fips.so /usr/lib/x86_64-linux-gnu/ossl-modules/; \
-    elif [ "$ARCH" = "arm64" ]; then \
-      cp /usr/local/openssl-fips/bin/openssl /usr/bin/openssl && \
-      cp /usr/local/openssl-fips/lib/libssl.so.3 /usr/lib/aarch64-linux-gnu/libssl.so.3 && \
-      cp /usr/local/openssl-fips/lib/libcrypto.so.3 /usr/lib/aarch64-linux-gnu/libcrypto.so.3 && \
-      cp /usr/local/openssl-fips/lib/ossl-modules/fips.so /usr/lib/aarch64-linux-gnu/ossl-modules/; \
-    fi
-
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]