From ac5122ced74bd36f9398afe6239e7f2443a3c582 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Fri, 26 May 2017 11:41:49 +0100 Subject: [PATCH] tools: Add Dockerfile to the Alpine base image to calculate the hash The Dockerfile is now an input to the contents of the base image and needs to be included in the hash calculation. Also, make the Makefile, Dockerfile and pacakges file a dependency. Signed-off-by: Rolf Neugebauer --- tools/alpine/Dockerfile | 3 +++ tools/alpine/Makefile | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/alpine/Dockerfile b/tools/alpine/Dockerfile index 1f215c3de..c6ce018fa 100644 --- a/tools/alpine/Dockerfile +++ b/tools/alpine/Dockerfile @@ -3,6 +3,8 @@ FROM alpine:3.6 AS mirror # update base image RUN apk update && apk upgrade -a +# Copy Dockerfile so we can include it in the hash +COPY Dockerfile /Dockerfile COPY packages /tmp/ # mirror packages @@ -42,6 +44,7 @@ COPY --from=mirror /etc/apk/repositories /etc/apk/repositories COPY --from=mirror /etc/apk/keys /etc/apk/keys/ COPY --from=mirror /mirror /mirror/ COPY --from=mirror /go/bin /go/bin/ +COPY --from=mirror /Dockerfile /Dockerfile COPY --from=shellcheck /usr/local/bin/shellcheck /usr/local/bin/shellcheck COPY --from=shellcheck /usr/local/lib/ /usr/local/lib/ diff --git a/tools/alpine/Makefile b/tools/alpine/Makefile index 66871dea6..6769afad4 100644 --- a/tools/alpine/Makefile +++ b/tools/alpine/Makefile @@ -6,10 +6,10 @@ BASE=alpine:3.6 default: push -hash: +hash: Dockerfile Makefile packages DOCKER_CONTENT_TRUST=1 docker pull $(BASE) docker build --no-cache -t $(IMAGE):build . - docker run --rm $(IMAGE):build sh -c 'echo /lib/apk/db/installed $$(find /mirror -name '*.apk' -type f) $$(find /go/bin -type f) | xargs cat | sha1sum' | sed 's/ .*//' > $@ + docker run --rm $(IMAGE):build sh -c 'echo Dockerfile /lib/apk/db/installed $$(find /mirror -name '*.apk' -type f) $$(find /go/bin -type f) | xargs cat | sha1sum' | sed 's/ .*//' > $@ push: hash DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(shell cat hash) || \