forked from sigstore/cosign
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Dockerfile.clients.rh
101 lines (86 loc) · 8.67 KB
/
Dockerfile.clients.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Provides the Trusted Artifact Signer CLI binaries, cosign and gitsign
FROM quay.io/securesign/cli-cosign@sha256:6fa39582a3d62a2aa5404397bb638fdd0960f9392db659d033d7bacf70bddfb1 AS cosign
FROM quay.io/securesign/gitsign@sha256:6ab19b6a0ee77a59ac8df3c298c262b7cab6631863141163d919a5130ac7d385 AS gitsign
# Provides the Trusted Artifact Signer CLI binary, fetch-tsa-certs
FROM quay.io/securesign/fetch-tsa-certs@sha256:b04716d9a98d089cf5e229d1cd2969273a7b0e4240f916ec930e4be011d2bdbd as fetch_tsa_certs
# Provides the Trusted Artifact Signer CLI binaries, rekor-cli and ec
FROM quay.io/securesign/rekor-cli@sha256:aa8fb3ab4baedfb2e937eae6fb997d7219dbc542ca2bfc6dbdfd9d4550c4cfba as rekor
FROM registry.redhat.io/rhtas/ec-rhel9:0.5@sha256:815110eec64d0d7fb4af003e86c261234b165bcfde8012f0891eba6c0c419b4e as ec
# Provides the Trusted Artifact Signer CLI binaries trillian-createtree and trillian-updatetree
FROM quay.io/securesign/trillian-createtree@sha256:f66a707e68fb0cdcfcddc318407fe60d72f50a7b605b5db55743eccc14a422ba as trillian-createtree
FROM quay.io/securesign/trillian-updatetree@sha256:1a95a2061b9bc0613087903425d84024ce10e00bc6110303a75637fb15d95d34 as trillian-updatetree
FROM quay.io/securesign/cli-tuftool@sha256:c03e4dfde2f2f8a46d4cb614c30f487eca9314abcfe7170be041c11556fecaef as tuf-tool
FROM registry.access.redhat.com/ubi9/httpd-24@sha256:4207d95b4d0929a2aa58cd9339f24c92e6d6f487985316a5c962a5f3c07e1661
ENV APP_ROOT=/opt/app-root
WORKDIR $APP_ROOT/src/
RUN mkdir -p /var/www/html/clients/darwin && \
mkdir -p /var/www/html/clients/linux && \
mkdir -p /var/www/html/clients/windows
# Copy the cosign binaries from the previous stages
COPY --from=cosign /usr/local/bin/cosign-darwin-amd64.gz /var/www/html/clients/darwin/cosign-amd64.gz
COPY --from=cosign /usr/local/bin/cosign-darwin-arm64.gz /var/www/html/clients/darwin/cosign-arm64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-amd64.gz /var/www/html/clients/linux/cosign-amd64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-arm64.gz /var/www/html/clients/linux/cosign-arm64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-ppc64le.gz /var/www/html/clients/linux/cosign-ppc64le.gz
COPY --from=cosign /usr/local/bin/cosign-linux-s390x.gz /var/www/html/clients/linux/cosign-s390x.gz
COPY --from=cosign /usr/local/bin/cosign-windows-amd64.exe.gz /var/www/html/clients/windows/cosign-amd64.gz
# Copy the gitsign binaries from the previous stages
COPY --from=gitsign /usr/local/bin/gitsign_cli_darwin_amd64.gz /var/www/html/clients/darwin/gitsign-amd64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_darwin_arm64.gz /var/www/html/clients/darwin/gitsign-arm64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_amd64.gz /var/www/html/clients/linux/gitsign-amd64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_arm64.gz /var/www/html/clients/linux/gitsign-arm64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_ppc64le.gz /var/www/html/clients/linux/gitsign-ppc64le.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_s390x.gz /var/www/html/clients/linux/gitsign-s390x.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_windows_amd64.exe.gz /var/www/html/clients/windows/gitsign-amd64.gz
# Copy the rekor binaries from the previous stages
COPY --from=rekor /usr/local/bin/rekor_cli_darwin_amd64.gz /var/www/html/clients/darwin/rekor-cli-amd64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_darwin_arm64.gz /var/www/html/clients/darwin/rekor-cli-arm64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_amd64.gz /var/www/html/clients/linux/rekor-cli-amd64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_arm64.gz /var/www/html/clients/linux/rekor-cli-arm64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_ppc64le.gz /var/www/html/clients/linux/rekor-cli-ppc64le.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_s390x.gz /var/www/html/clients/linux/rekor-cli-s390x.gz
COPY --from=rekor /usr/local/bin/rekor_cli_windows_amd64.exe.gz /var/www/html/clients/windows/rekor-cli-amd64.gz
# Copy the ec binaries from the previous stages
COPY --from=ec /usr/local/bin/ec_darwin_amd64.gz /var/www/html/clients/darwin/ec-amd64.gz
COPY --from=ec /usr/local/bin/ec_darwin_arm64.gz /var/www/html/clients/darwin/ec-arm64.gz
COPY --from=ec /usr/local/bin/ec_linux_amd64.gz /var/www/html/clients/linux/ec-amd64.gz
COPY --from=ec /usr/local/bin/ec_linux_arm64.gz /var/www/html/clients/linux/ec-arm64.gz
COPY --from=ec /usr/local/bin/ec_linux_ppc64le.gz /var/www/html/clients/linux/ec-ppc64le.gz
COPY --from=ec /usr/local/bin/ec_linux_s390x.gz /var/www/html/clients/linux/ec-s390x.gz
COPY --from=ec /usr/local/bin/ec_windows_amd64.exe.gz /var/www/html/clients/windows/ec-amd64.gz
# Copy the fetch-tsa-certs binaries from the previous stages
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_arm64.gz /var/www/html/clients/darwin/fetch-tsa-certs-arm64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_amd64.gz /var/www/html/clients/darwin/fetch-tsa-certs-amd64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_amd64.gz /var/www/html/clients/linux/fetch-tsa-certs-amd64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_arm64.gz /var/www/html/clients/linux/fetch-tsa-certs-arm64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_ppc64le.gz /var/www/html/clients/linux/fetch-tsa-certs-ppc64le.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_s390x.gz /var/www/html/clients/linux/fetch-tsa-certs-s390x.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_windows_amd64.exe.gz /var/www/html/clients/windows/fetch-tsa-certs-amd64.gz
# Copy the trillian-createtree binaries from the previous stages
COPY --from=trillian-createtree /usr/local/bin/createtree-darwin-arm64.gz /var/www/html/clients/darwin/createtree-arm64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-darwin-amd64.gz /var/www/html/clients/darwin/createtree-amd64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-amd64.gz /var/www/html/clients/linux/createtree-amd64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-arm64.gz /var/www/html/clients/linux/createtree-arm64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-ppc64le.gz /var/www/html/clients/linux/createtree-ppc64le.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-s390x.gz /var/www/html/clients/linux/createtree-s390x.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-windows-amd64.exe.gz /var/www/html/clients/windows/createtree-amd64.gz
# Copy the trillian-updatetree binaries from the previous stages
COPY --from=trillian-updatetree /usr/local/bin/updatetree-darwin-arm64.gz /var/www/html/clients/darwin/updatetree-arm64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-darwin-amd64.gz /var/www/html/clients/darwin/updatetree-amd64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-amd64.gz /var/www/html/clients/linux/updatetree-amd64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-arm64.gz /var/www/html/clients/linux/updatetree-arm64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-ppc64le.gz /var/www/html/clients/linux/updatetree-ppc64le.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-s390x.gz /var/www/html/clients/linux/updatetree-s390x.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-windows-amd64.exe.gz /var/www/html/clients/windows/updatetree-amd64.gz
COPY --from=tuf-tool /usr/bin/tuftool /var/www/html/clients/linux/tuftool-amd64
RUN gzip /var/www/html/clients/linux/tuftool-amd64
LABEL \
com.redhat.component="trusted-artifact-signer-serve-cli-container" \
name="trusted-artifact-signer-serve-cli-container" \
version="1.1.0" \
summary="Red Hat serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
description="Serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
io.k8s.description="Serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
io.k8s.display-name="Red Hat serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree" \
io.openshift.tags=" cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree, rhtas, trusted, artifact, signer, sigstore" \
maintainer="[email protected]"