github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-27 12:38:11 +00:00
Code Issues Projects Releases Wiki Activity

Use DOCKER_CONTENT_TRUST=1 when pulling library images

Browse Source 
When building the base images always test signatures.

This will be the default at some point.

Add a test that content trust is working.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2016-11-30 09:14:09 +00:00
parent 078f8be56c
commit ae885bd714
10 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
alpine/base/alpine-aws/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=alpine-aws
default: push default: push
hash: Dockerfile hash: Dockerfile
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build - tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c '(pip list && cat /lib/apk/db/installed) | sha1sum' | sed 's/ .*//' > hash docker run --rm $(IMAGE):build sh -c '(pip list && cat /lib/apk/db/installed) | sha1sum' | sed 's/ .*//' > hash

2
alpine/base/alpine-base/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=alpine-base
default: push default: push
hash: Dockerfile repositories hash: Dockerfile repositories
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build - tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash

2
alpine/base/alpine-bios/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=alpine-bios
default: push default: push
hash: hash:
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile make-iso isolinux.cfg | docker build --no-cache -t $(IMAGE):build - tar cf - Dockerfile make-iso isolinux.cfg | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash

2
alpine/base/alpine-build-c/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=alpine-build-c
default: push default: push
hash: hash:
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build - tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash

2
alpine/base/alpine-build-go/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=alpine-build-go
default: push default: push
hash: hash:
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build - tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build -
docker run $(IMAGE):build sh -c 'cat /usr/local/go/bin/go /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash docker run $(IMAGE):build sh -c 'cat /usr/local/go/bin/go /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash

2
alpine/base/alpine-efi/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=alpine-efi
default: push default: push
hash: hash:
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build - tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash

2
alpine/base/alpine-qemu/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=alpine-qemu
default: push default: push
hash: Dockerfile repositories hash: Dockerfile repositories
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build - tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash docker run --rm $(IMAGE):build sha1sum /lib/apk/db/installed | sed 's/ .*//' > hash

2
alpine/base/check-config/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=check-config
default: push default: push
hash: hash:
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build - tar cf - Dockerfile | docker build --no-cache -t $(IMAGE):build -
docker run --entrypoint=/bin/sh $(IMAGE):build -c 'cat /usr/bin/check-config.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash docker run --entrypoint=/bin/sh $(IMAGE):build -c 'cat /usr/bin/check-config.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash

2
alpine/base/qemu-user-static/Makefile
View File

@ -6,7 +6,7 @@ IMAGE=qemu-user-static
default: push default: push
hash: Dockerfile hash: Dockerfile
docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build - tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'apt list --installed 2>/dev/null | sha1sum' | sed 's/ .*//' > hash docker run --rm $(IMAGE):build sh -c 'apt list --installed 2>/dev/null | sha1sum' | sed 's/ .*//' > hash

2
alpine/packages/test/usr/bin/mobytest
View File

@ -7,7 +7,7 @@ diagnostics
docker version docker version
docker info docker info
docker ps docker ps
docker pull alpine DOCKER_CONTENT_TRUST=-1 docker pull alpine
docker run alpine true docker run alpine true
docker pull armhf/alpine docker pull armhf/alpine
docker run armhf/alpine uname -a docker run armhf/alpine uname -a