From e3a3bcc9437abfc5ee6fb5291ca90f77fba5804d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= Date: Sat, 8 Jan 2022 12:24:56 +0300 Subject: [PATCH] feat: add cosign binary to nerdctl-full MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Batuhan Apaydın Co-authored-by: Furkan Türkal Signed-off-by: Batuhan Apaydın --- Dockerfile | 14 +++++++++++--- Dockerfile.d/SHA256SUMS.d/cosign-v1.5.1 | 2 ++ 2 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 Dockerfile.d/SHA256SUMS.d/cosign-v1.5.1 diff --git a/Dockerfile b/Dockerfile index 31f75b47146..4e6eb418bbc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,6 +36,8 @@ ARG FUSE_OVERLAYFS_VERSION=v1.8 ARG CONTAINERD_FUSE_OVERLAYFS_VERSION=v1.0.4 # Extra deps: IPFS ARG IPFS_VERSION=v0.11.0 +# Extra deps: Cosign +ARG COSIGN_VERSION=v1.5.1 # Test deps ARG GO_VERSION=1.17 @@ -183,7 +185,15 @@ RUN fname="go-ipfs_${IPFS_VERSION}_${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.g tmpout=$(mktemp -d) && \ tar -C ${tmpout} -xzf "${fname}" go-ipfs/ipfs && \ mv ${tmpout}/go-ipfs/ipfs /out/bin/ && \ - echo "- IPFS: ${IPFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md + echo "- IPFS: ${IPFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md \ +ARG COSIGN_VERSION +RUN fname="cosign-${TARGETOS:-linux}-${TARGETARCH:-amd64}" && \ + curl -o "${fname}" -fSL "https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/${fname}" && \ + grep "${fname}" "/SHA256SUMS.d/cosign-${COSIGN_VERSION}" | sha256sum -c && \ + chmod +x $fname && \ + mv $fname cosign && \ + mv cosign /out/bin/ && \ + echo "- cosign: ${COSIGN_VERSION}" >> /out/share/doc/nerdctl-full/README.md \ RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \ echo "## License" >> /out/share/doc/nerdctl-full/README.md && \ @@ -239,8 +249,6 @@ COPY . /go/src/github.com/containerd/nerdctl WORKDIR /go/src/github.com/containerd/nerdctl VOLUME /tmp ENV CGO_ENABLED=0 -# copy cosign binary for integration test -COPY --from=gcr.io/projectsigstore/cosign:v1.3.1@sha256:3cd9b3a866579dc2e0cf2fdea547f4c9a27139276cc373165c26842bc594b8bd /ko-app/cosign /usr/local/bin/cosign # enable offline ipfs for integration test COPY ./Dockerfile.d/test-integration-etc_containerd-stargz-grpc_config.toml /etc/containerd-stargz-grpc/config.toml COPY ./Dockerfile.d/test-integration-ipfs-offline.service /usr/local/lib/systemd/system/ diff --git a/Dockerfile.d/SHA256SUMS.d/cosign-v1.5.1 b/Dockerfile.d/SHA256SUMS.d/cosign-v1.5.1 new file mode 100644 index 00000000000..61e83bcba98 --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/cosign-v1.5.1 @@ -0,0 +1,2 @@ +d1c9d4b5e21511c323c0dfa9123966e1d8b606ee5b939819f8785af8ff7d67b6 cosign-linux-amd64 +8dd2f17f38a39b653e0880247dce6485204f6edfa2b6c2579cf1bfa1c7315a29 cosign-linux-arm64