mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-21 10:09:07 +00:00
Merge pull request #1721 from riyazdf/more-signing-targets
Signing targets for binfmt, rngd, compilers, toybox, tini
This commit is contained in:
Justin Cormack
GitHub
commit
98dfe7ad55
2
Makefile
2
Makefile
@ -5,7 +5,7 @@ all: default
|
||||
VERSION="0.0" # dummy for now
|
||||
GIT_COMMIT=$(shell git rev-list -1 HEAD)
|
||||
|
||||
GO_COMPILE=linuxkit/go-compile:5bf17af781df44f07906099402680b9a661f999b@sha256:0bf523bcebb96ccc525f983a118f1fd8cb5e17dbf90e83044ca71bb983000e70
|
||||
GO_COMPILE=linuxkit/go-compile:5bf17af781df44f07906099402680b9a661f999b
|
||||
|
||||
MOBY?=bin/moby
|
||||
LINUXKIT?=bin/linuxkit
|
||||
|
||||
@ -82,5 +82,7 @@ files:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/binfmt
|
||||
- linuxkit/rngd
|
||||
outputs:
|
||||
- format: kernel+initrd
|
||||
|
||||
@ -63,6 +63,7 @@ services:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/rngd
|
||||
outputs:
|
||||
- format: kernel+initrd
|
||||
- format: gcp-img
|
||||
|
||||
@ -35,5 +35,6 @@ services:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/rngd
|
||||
outputs:
|
||||
- format: kernel+initrd
|
||||
|
||||
@ -43,6 +43,7 @@ services:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/rngd
|
||||
files:
|
||||
- path: root/.ssh/authorized_keys
|
||||
contents: '#your ssh key here'
|
||||
|
||||
@ -43,6 +43,7 @@ services:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/rngd
|
||||
files:
|
||||
- path: root/.ssh/authorized_keys
|
||||
contents: '#your ssh key here'
|
||||
|
||||
@ -45,5 +45,6 @@ services:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/rngd
|
||||
outputs:
|
||||
- format: vmdk
|
||||
|
||||
@ -53,6 +53,8 @@ files:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/binfmt
|
||||
- linuxkit/rngd
|
||||
outputs:
|
||||
- format: kernel+initrd
|
||||
- format: iso-bios
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
default: push
|
||||
|
||||
IMAGE=binfmt
|
||||
BASE=alpine:edge
|
||||
SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
|
||||
DEPS=Dockerfile Makefile main.go $(wildcard etc/binmft.d/*)
|
||||
|
||||
@ -14,7 +15,8 @@ hash: $(DEPS)
|
||||
|
||||
tag: hash
|
||||
docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(docker build --no-cache -t $(IMAGE):build . && \
|
||||
(DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \
|
||||
docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
push: tag
|
||||
@ -23,6 +25,18 @@ push: tag
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
signed-tag: hash
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \
|
||||
docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
sign: signed-tag
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
clean:
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
@ -1,11 +1,12 @@
|
||||
C_COMPILE=linuxkit/c-compile:63b085bbaec1aa7c42a7bd22a4b1c350d900617d@sha256:286e3a729c7a0b1a605ae150235416190f9f430c29b00e65fa50ff73158998e5
|
||||
C_COMPILE=linuxkit/c-compile:63b085bbaec1aa7c42a7bd22a4b1c350d900617d
|
||||
START_STOP_DAEMON=sbin/start-stop-daemon
|
||||
|
||||
default: push
|
||||
|
||||
$(START_STOP_DAEMON): start-stop-daemon.c
|
||||
mkdir -p $(dir $@)
|
||||
tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(C_COMPILE) -o $@ | tar xf -
|
||||
DOCKER_CONTENT_TRUST=1 docker pull $(C_COMPILE)
|
||||
tar cf - $^ | DOCKER_CONTENT_TRUST=1 docker run --rm --net=none --log-driver=none -i $(C_COMPILE) -o $@ | tar xf -
|
||||
|
||||
.PHONY: tag push
|
||||
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
default: push
|
||||
|
||||
IMAGE=rngd
|
||||
BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d
|
||||
SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
|
||||
DEPS=Dockerfile Makefile
|
||||
|
||||
@ -9,8 +10,10 @@ hash: $(DEPS)
|
||||
find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
|
||||
|
||||
tag: hash
|
||||
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
|
||||
docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(docker build --no-cache -t $(IMAGE):build . && \
|
||||
(DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \
|
||||
docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
push: tag
|
||||
@ -19,6 +22,18 @@ push: tag
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
signed-tag: hash
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \
|
||||
docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
sign: signed-tag
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
clean:
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
@ -80,5 +80,7 @@ services:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/binfmt
|
||||
- linuxkit/rngd
|
||||
outputs:
|
||||
- format: kernel+initrd
|
||||
|
||||
@ -43,6 +43,7 @@ services:
|
||||
trust:
|
||||
image:
|
||||
- linuxkit/kernel
|
||||
- linuxkit/rngd
|
||||
outputs:
|
||||
- format: kernel+initrd
|
||||
- format: iso-bios
|
||||
|
||||
@ -23,6 +23,18 @@ tag: hash
|
||||
docker rmi $(IMAGE):build
|
||||
rm -f hash
|
||||
|
||||
signed-tag: hash
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \
|
||||
docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
sign: signed-tag
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
clean:
|
||||
rm -f hash
|
||||
|
||||
|
||||
@ -23,6 +23,18 @@ tag: hash
|
||||
docker rmi $(IMAGE):build
|
||||
rm -f hash
|
||||
|
||||
signed-tag: hash
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \
|
||||
docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
sign: signed-tag
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
clean:
|
||||
rm -f hash
|
||||
|
||||
|
||||
@ -2,10 +2,12 @@
|
||||
default: push
|
||||
|
||||
IMAGE=tini
|
||||
BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d
|
||||
SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
|
||||
DEPS=Dockerfile Makefile
|
||||
|
||||
hash: $(DEPS)
|
||||
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
|
||||
find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
|
||||
|
||||
tag: hash
|
||||
@ -19,6 +21,18 @@ push: tag
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
signed-tag: hash
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \
|
||||
docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
sign: signed-tag
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
clean:
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
@ -2,10 +2,12 @@
|
||||
default: push
|
||||
|
||||
IMAGE=toybox-media
|
||||
BASE=linuxkit/c-compile:f52f485825c890d581e82a62af6906c1d33d8e5d
|
||||
SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8
|
||||
DEPS=Dockerfile Makefile
|
||||
|
||||
hash: $(DEPS)
|
||||
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
|
||||
find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash
|
||||
|
||||
tag: hash
|
||||
@ -19,6 +21,18 @@ push: tag
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
signed-tag: hash
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
(DOCKER_CONTENT_TRUST=1 docker pull $(BASE) && \
|
||||
docker build --no-cache -t $(IMAGE):build . && \
|
||||
docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash))
|
||||
|
||||
sign: signed-tag
|
||||
DOCKER_CONTENT_TRUST=1 docker pull linuxkit/$(IMAGE):$(shell cat hash) || \
|
||||
DOCKER_CONTENT_TRUST=1 docker push linuxkit/$(IMAGE):$(shell cat hash)
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
clean:
|
||||
rm -f hash
|
||||
docker rmi $(IMAGE):build || true
|
||||
|
||||
Loading…
Reference in New Issue
Block a user