Skip to content
Snippets Groups Projects
Unverified Commit f0a96358 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

Add some verification logic for dockerize 

Since we download the binary each time, we should make sure that it's
trustable. Since there is no signatur by the developer, we do the
cheaper version of simply using a sha256sum.
parent d34d781a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
alpine/Dockerfile
+ 9
5
View file @ f0a96358
......@@ -12,11 +12,15 @@ ENV NODE_ENV=production
# PhantomJS is broken on alpine and crashes CodiMD
ENV CMD_ALLOW_PDF_EXPORT=false
RUN apk add --no-cache --virtual .download wget ca-certificates && \
wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
apk del .download
RUN true \
&& apk add --no-cache --virtual .download wget ca-certificates \
&& echo "dddbf178ecfd55fa6670b01ac08fef63ef9490212426b9fab8a602345409da8f dockerize-alpine-linux-amd64-${DOCKERIZE_VERSION}.tar.gz" > dockerize_checksum \
&& wget https://github.com/jwilder/dockerize/releases/download/${DOCKERIZE_VERSION}/dockerize-alpine-linux-amd64-${DOCKERIZE_VERSION}.tar.gz \
&& sha256sum -c dockerize_checksum \
&& tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-${DOCKERIZE_VERSION}.tar.gz \
&& rm dockerize-linux-amd64-${DOCKERIZE_VERSION}.tar.gz dockerize_checksum \
&& apk del .download \
&& true
ENV GOSU_VERSION 1.11
COPY resources/gosu-gpg.key /tmp/gosu.key
......
debian/Dockerfile
+ 8
3
View file @ f0a96358
......@@ -9,9 +9,14 @@ ENV DEBIAN_FRONTEND noninteractive
ENV DOCKERIZE_VERSION v0.6.1
ENV NODE_ENV=production
RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
RUN true \
&& echo "1fa29cd41a5854fd5423e242f3ea9737a50a8c3bcf852c9e62b9eb02c6ccd370 dockerize-linux-amd64-${DOCKERIZE_VERSION}.tar.gz" > dockerize_checksum \
&& wget https://github.com/jwilder/dockerize/releases/download/${DOCKERIZE_VERSION}/dockerize-linux-amd64-${DOCKERIZE_VERSION}.tar.gz \
&& sha256sum -c dockerize_checksum \
&& tar -C /usr/local/bin -xzvf dockerize-linux-amd64-${DOCKERIZE_VERSION}.tar.gz \
&& rm dockerize-linux-amd64-${DOCKERIZE_VERSION}.tar.gz dockerize_checksum \
&& true
ENV GOSU_VERSION 1.11
COPY resources/gosu-gpg.key /tmp/gosu.key
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment