From 4c91eb9686aeff70eeb44318809e94241726e62c Mon Sep 17 00:00:00 2001
From: "hyunuk.tak" <hyunuk.tak@samsung.com>
Date: Mon, 26 Jul 2021 11:47:43 +0900
Subject: [PATCH 1/3] Add docker image to build with Tizen platform

Signed-off-by: hyunuk.tak <hyunuk.tak@samsung.com>
---
 .../docker/images/chip-build-tizen/Dockerfile | 74 +++++++++++++++++++
 .../docker/images/chip-build-tizen/build.sh   |  1 +
 .../docker/images/chip-build-tizen/run.sh     |  1 +
 .../docker/images/chip-build-tizen/version    |  1 +
 4 files changed, 77 insertions(+)
 create mode 100644 integrations/docker/images/chip-build-tizen/Dockerfile
 create mode 120000 integrations/docker/images/chip-build-tizen/build.sh
 create mode 120000 integrations/docker/images/chip-build-tizen/run.sh
 create mode 120000 integrations/docker/images/chip-build-tizen/version

diff --git a/integrations/docker/images/chip-build-tizen/Dockerfile b/integrations/docker/images/chip-build-tizen/Dockerfile
new file mode 100644
index 00000000000000..1ab0d58f5516fa
--- /dev/null
+++ b/integrations/docker/images/chip-build-tizen/Dockerfile
@@ -0,0 +1,74 @@
+ARG VERSION=latest
+FROM connectedhomeip/chip-build:${VERSION}
+
+# ------------------------------------------------------------------------------
+# Install toolchain
+RUN set -x \
+    && apt-get update \
+    && apt-get install -fy --no-install-recommends obs-build=20180831-3ubuntu1 cpio=2.13+dfsg-2 \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && : # last line
+
+# ------------------------------------------------------------------------------
+# Install tizen SDK
+ENV TIZEN_HOME /opt/tizen_sdk
+ENV TIZEN_ROOTSTRAP_VERSION 6.0
+ENV TIZEN_ROOTSTRAPS mobile-$TIZEN_ROOTSTRAP_VERSION-rs-device.core_0.0.123_ubuntu-64
+ENV DNS_LIBS libnsd-dns-sd.so*
+
+WORKDIR $TIZEN_HOME
+
+RUN set -x \
+    && wget --progress=dot:giga http://download.tizen.org/sdk/tizenstudio/official/binary/$TIZEN_ROOTSTRAPS.zip \
+    && unzip $TIZEN_ROOTSTRAPS.zip \
+    && mv data/platforms/tizen-$TIZEN_ROOTSTRAP_VERSION/mobile/rootstraps/mobile-$TIZEN_ROOTSTRAP_VERSION-device.core/usr . \
+    && mv data/platforms/tizen-$TIZEN_ROOTSTRAP_VERSION/mobile/rootstraps/mobile-$TIZEN_ROOTSTRAP_VERSION-device.core/lib . \
+    && rm -rf usr/lib/$DNS_LIBS \
+    && rm -rf data \
+    && rm -rf mobile-$TIZEN_ROOTSTRAP_VERSION-rs-device.* \
+    && rm pkginfo.manifest \
+    && : # last line
+
+# ------------------------------------------------------------------------------
+# Get tizen packages
+RUN set -x \
+    # Base packages
+    && wget -r -nd --no-parent -q -A 'pcre-devel-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/base/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libffi-devel-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/base/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libmount-devel-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/base/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libblkid-devel-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/base/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libcap-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/base/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'liblzma-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/base/latest/repos/standard/packages/armv7l/ \
+    # Unified packages
+    && wget -r -nd --no-parent -q -A 'vconf-compat-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libcynara-commons-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'cynara-devel-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libcynara-client-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'dbus-1*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'dbus-devel-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'dbus-libs-1*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'glib2-devel-2*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libdns_sd-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'buxton2-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libsystemd-*.armv7l.rpm' http://download.tizen.org/releases/milestone/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'capi-network-nsd-*.armv7l.rpm' http://download.tizen.org/snapshots/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && wget -r -nd --no-parent -q -A 'libnsd-dns-sd-*.armv7l.rpm' http://download.tizen.org/snapshots/tizen/unified/latest/repos/standard/packages/armv7l/ \
+    && unrpm ./*.rpm \
+    && cp usr/lib/pkgconfig/openssl1.1.pc usr/lib/pkgconfig/openssl.pc \
+    && rm usr/lib/libdns_sd.so \
+    && cp usr/lib/libdns_sd.so.878.* usr/lib/libdns_sd.so \
+    && rm ./*.rpm \
+    && : # last line
+
+# ------------------------------------------------------------------------------
+# Get toolchain
+RUN set -x \
+    && wget --progress=dot:giga http://download.tizen.org/sdk/tizenstudio/official/binary/cross-arm-gcc-9.2_0.1.9_ubuntu-64.zip \
+    && unzip cross-arm-gcc-9.2_0.1.9_ubuntu-64.zip \
+    && cp -rf data/tools/arm-linux-gnueabi-gcc-9.2/* . \
+    && rm pkginfo.manifest \
+    && rm changelog \
+    && rm -rf data \
+    && rm cross-arm-gcc-9.2_0.1.9_ubuntu-64.zip \
+    && : # last line
diff --git a/integrations/docker/images/chip-build-tizen/build.sh b/integrations/docker/images/chip-build-tizen/build.sh
new file mode 120000
index 00000000000000..fcb4d4ee75d531
--- /dev/null
+++ b/integrations/docker/images/chip-build-tizen/build.sh
@@ -0,0 +1 @@
+../../build.sh
\ No newline at end of file
diff --git a/integrations/docker/images/chip-build-tizen/run.sh b/integrations/docker/images/chip-build-tizen/run.sh
new file mode 120000
index 00000000000000..ccbd3501b330d9
--- /dev/null
+++ b/integrations/docker/images/chip-build-tizen/run.sh
@@ -0,0 +1 @@
+../../run.sh
\ No newline at end of file
diff --git a/integrations/docker/images/chip-build-tizen/version b/integrations/docker/images/chip-build-tizen/version
new file mode 120000
index 00000000000000..a4280acd348e7f
--- /dev/null
+++ b/integrations/docker/images/chip-build-tizen/version
@@ -0,0 +1 @@
+../chip-build/version
\ No newline at end of file

From fccf7ce276d63a2390eff06ba976a83cb5e97f87 Mon Sep 17 00:00:00 2001
From: "hyunuk.tak" <hyunuk.tak@samsung.com>
Date: Mon, 26 Jul 2021 11:50:11 +0900
Subject: [PATCH 2/3] Update chip-build-vscode image to import Tizen platform
 requirement

Signed-off-by: hyunuk.tak <hyunuk.tak@samsung.com>
---
 integrations/docker/images/chip-build-vscode/Dockerfile | 4 ++++
 integrations/docker/images/chip-build/version           | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/integrations/docker/images/chip-build-vscode/Dockerfile b/integrations/docker/images/chip-build-vscode/Dockerfile
index 714029fd36acbb..e178d425a37ffe 100644
--- a/integrations/docker/images/chip-build-vscode/Dockerfile
+++ b/integrations/docker/images/chip-build-vscode/Dockerfile
@@ -6,6 +6,7 @@ FROM connectedhomeip/chip-build-esp32-qemu:${VERSION} as esp32
 FROM connectedhomeip/chip-build-mbed-os:${VERSION} AS mbedos
 FROM connectedhomeip/chip-build-telink:${VERSION} AS telink
 FROM connectedhomeip/chip-build-infineon:${VERSION} AS p6
+FROM connectedhomeip/chip-build-tizen:${VERSION} AS tizen
 FROM connectedhomeip/chip-build:${VERSION}
 
 # qemu-src copied over because qemu directory contains symlinks to the src
@@ -30,6 +31,8 @@ COPY --from=p6 /opt/ModusToolbox /opt/ModusToolbox
 COPY --from=telink /opt/zephyrproject /opt/telink/zephyrproject
 COPY --from=telink /opt/telink/telink_riscv_linux_toolchain /opt/telink/telink_riscv_linux_toolchain
 
+COPY --from=tizen /opt/tizen_sdk /opt/tizen_sdk
+
 # Telink toolchain dependency. Will be removed as soon as Telink platform
 # migrates to zephyr-sdk toolchain
 RUN dpkg --add-architecture i386 \
@@ -64,3 +67,4 @@ ENV PW_ENVIRONMENT_ROOT=/home/vscode/pigweed/env
 ENV TELINK_ZEPHYR_BASE=/opt/telink/zephyrproject/zephyr
 ENV TELINK_TOOLCHAIN_PATH=/opt/telink/telink_riscv_linux_toolchain/nds32le-elf-mculib-v5f/bin
 ENV CY_TOOLS_PATHS="/opt/ModusToolbox/tools_2.3"
+ENV TIZEN_HOME /opt/tizen_sdk
diff --git a/integrations/docker/images/chip-build/version b/integrations/docker/images/chip-build/version
index ecfab460ab08c1..3f3e54fc64cea2 100644
--- a/integrations/docker/images/chip-build/version
+++ b/integrations/docker/images/chip-build/version
@@ -1 +1 @@
-0.4.36
+0.4.37

From b8013b2fb9e573bd8861a294560def9d97deadbb Mon Sep 17 00:00:00 2001
From: hyunuktak <hyunuk.tak@samsung.com>
Date: Thu, 12 Aug 2021 08:27:41 +0900
Subject: [PATCH 3/3] Run container with a non-root user

It's one way to mitigate the CVE-2019-5736

Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
---
 .../docker/images/chip-build-tizen/Dockerfile   | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/integrations/docker/images/chip-build-tizen/Dockerfile b/integrations/docker/images/chip-build-tizen/Dockerfile
index 1ab0d58f5516fa..873bc713f450a0 100644
--- a/integrations/docker/images/chip-build-tizen/Dockerfile
+++ b/integrations/docker/images/chip-build-tizen/Dockerfile
@@ -1,6 +1,18 @@
 ARG VERSION=latest
 FROM connectedhomeip/chip-build:${VERSION}
 
+# ------------------------------------------------------------------------------
+# Add group/user for tizen
+ARG USER_NAME=tizen
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+ENV USER_HOME /home/$USER_NAME
+
+RUN set -x \
+    && groupadd -g $USER_GID $USER_NAME \
+    && useradd -m $USER_NAME -s /bin/bash -u $USER_UID -g $USER_GID -G sudo -l \
+    && : # last line
+
 # ------------------------------------------------------------------------------
 # Install toolchain
 RUN set -x \
@@ -72,3 +84,8 @@ RUN set -x \
     && rm -rf data \
     && rm cross-arm-gcc-9.2_0.1.9_ubuntu-64.zip \
     && : # last line
+
+# ------------------------------------------------------------------------------
+# Switch to the non-root user
+USER $USER_NAME
+WORKDIR $USER_HOME