forked from sigstore/cosign
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathDockerfile.clients.rh
101 lines (86 loc) · 8.67 KB
/
Dockerfile.clients.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Provides the Trusted Artifact Signer CLI binaries, cosign and gitsign
FROM quay.io/securesign/cli-cosign@sha256:3cd261cd4fed03688c6fd3c6161ae1ec69e908bbb6593ec279415414c7422535 AS cosign
FROM quay.io/securesign/gitsign@sha256:7a4a1a6a0ad0bb4e8358e5b2a8858ed5919dd1050b620af73d6293ccabe0d236 AS gitsign
# Provides the Trusted Artifact Signer CLI binary, fetch-tsa-certs
FROM quay.io/securesign/fetch-tsa-certs@sha256:852f883b58759e08ffc7d1eb6aa03b310cad00126a952c78ec6ff6639bba315c as fetch_tsa_certs
# Provides the Trusted Artifact Signer CLI binaries, rekor-cli and ec
FROM quay.io/securesign/rekor-cli@sha256:bc9ab79a853b7bb4c183f4e2ded84cb40fdc3fb7f41e9f7134058a995bda4d1b as rekor
FROM registry.redhat.io/rhtas/ec-rhel9:0.5@sha256:3d330b4c742f584be63cf11e451f7822863a5960976a721e18bd8b2e9f1c0038 as ec
# Provides the Trusted Artifact Signer CLI binaries trillian-createtree and trillian-updatetree
FROM quay.io/securesign/trillian-createtree@sha256:43da71295323660fd9992e3ba2e2ad63ed9f729dbb42401e041ad02c73da718a as trillian-createtree
FROM quay.io/securesign/trillian-updatetree@sha256:213dc852fffa7364d1fc56cac7499d5a9e48ef6b25ae0d0684598470a34f39c9 as trillian-updatetree
FROM quay.io/securesign/cli-tuftool@sha256:5163c2c3f8234a70676bb036dc51986f13d406ae19a478b6d2ee6c401a71ea9f as tuf-tool
FROM registry.access.redhat.com/ubi9/httpd-24@sha256:5a8663a6901f89f9fa430015406b06ace1db22b6c8a17e9663fa1b3f203f1d90
ENV APP_ROOT=/opt/app-root
WORKDIR $APP_ROOT/src/
RUN mkdir -p /var/www/html/clients/darwin && \
mkdir -p /var/www/html/clients/linux && \
mkdir -p /var/www/html/clients/windows
# Copy the cosign binaries from the previous stages
COPY --from=cosign /usr/local/bin/cosign-darwin-amd64.gz /var/www/html/clients/darwin/cosign-amd64.gz
COPY --from=cosign /usr/local/bin/cosign-darwin-arm64.gz /var/www/html/clients/darwin/cosign-arm64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-amd64.gz /var/www/html/clients/linux/cosign-amd64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-arm64.gz /var/www/html/clients/linux/cosign-arm64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-ppc64le.gz /var/www/html/clients/linux/cosign-ppc64le.gz
COPY --from=cosign /usr/local/bin/cosign-linux-s390x.gz /var/www/html/clients/linux/cosign-s390x.gz
COPY --from=cosign /usr/local/bin/cosign-windows-amd64.exe.gz /var/www/html/clients/windows/cosign-amd64.gz
# Copy the gitsign binaries from the previous stages
COPY --from=gitsign /usr/local/bin/gitsign_cli_darwin_amd64.gz /var/www/html/clients/darwin/gitsign-amd64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_darwin_arm64.gz /var/www/html/clients/darwin/gitsign-arm64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_amd64.gz /var/www/html/clients/linux/gitsign-amd64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_arm64.gz /var/www/html/clients/linux/gitsign-arm64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_ppc64le.gz /var/www/html/clients/linux/gitsign-ppc64le.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_s390x.gz /var/www/html/clients/linux/gitsign-s390x.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_windows_amd64.exe.gz /var/www/html/clients/windows/gitsign-amd64.gz
# Copy the rekor binaries from the previous stages
COPY --from=rekor /usr/local/bin/rekor_cli_darwin_amd64.gz /var/www/html/clients/darwin/rekor-cli-amd64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_darwin_arm64.gz /var/www/html/clients/darwin/rekor-cli-arm64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_amd64.gz /var/www/html/clients/linux/rekor-cli-amd64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_arm64.gz /var/www/html/clients/linux/rekor-cli-arm64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_ppc64le.gz /var/www/html/clients/linux/rekor-cli-ppc64le.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_s390x.gz /var/www/html/clients/linux/rekor-cli-s390x.gz
COPY --from=rekor /usr/local/bin/rekor_cli_windows_amd64.exe.gz /var/www/html/clients/windows/rekor-cli-amd64.gz
# Copy the ec binaries from the previous stages
COPY --from=ec /usr/local/bin/ec_darwin_amd64.gz /var/www/html/clients/darwin/ec-amd64.gz
COPY --from=ec /usr/local/bin/ec_darwin_arm64.gz /var/www/html/clients/darwin/ec-arm64.gz
COPY --from=ec /usr/local/bin/ec_linux_amd64.gz /var/www/html/clients/linux/ec-amd64.gz
COPY --from=ec /usr/local/bin/ec_linux_arm64.gz /var/www/html/clients/linux/ec-arm64.gz
COPY --from=ec /usr/local/bin/ec_linux_ppc64le.gz /var/www/html/clients/linux/ec-ppc64le.gz
COPY --from=ec /usr/local/bin/ec_linux_s390x.gz /var/www/html/clients/linux/ec-s390x.gz
COPY --from=ec /usr/local/bin/ec_windows_amd64.exe.gz /var/www/html/clients/windows/ec-amd64.gz
# Copy the fetch-tsa-certs binaries from the previous stages
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_arm64.gz /var/www/html/clients/darwin/fetch-tsa-certs-arm64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_amd64.gz /var/www/html/clients/darwin/fetch-tsa-certs-amd64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_amd64.gz /var/www/html/clients/linux/fetch-tsa-certs-amd64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_arm64.gz /var/www/html/clients/linux/fetch-tsa-certs-arm64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_ppc64le.gz /var/www/html/clients/linux/fetch-tsa-certs-ppc64le.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_s390x.gz /var/www/html/clients/linux/fetch-tsa-certs-s390x.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_windows_amd64.exe.gz /var/www/html/clients/windows/fetch-tsa-certs-amd64.gz
# Copy the trillian-createtree binaries from the previous stages
COPY --from=trillian-createtree /usr/local/bin/createtree-darwin-arm64.gz /var/www/html/clients/darwin/createtree-arm64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-darwin-amd64.gz /var/www/html/clients/darwin/createtree-amd64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-amd64.gz /var/www/html/clients/linux/createtree-amd64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-arm64.gz /var/www/html/clients/linux/createtree-arm64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-ppc64le.gz /var/www/html/clients/linux/createtree-ppc64le.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-s390x.gz /var/www/html/clients/linux/createtree-s390x.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-windows-amd64.exe.gz /var/www/html/clients/windows/createtree-amd64.gz
# Copy the trillian-updatetree binaries from the previous stages
COPY --from=trillian-updatetree /usr/local/bin/updatetree-darwin-arm64.gz /var/www/html/clients/darwin/updatetree-arm64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-darwin-amd64.gz /var/www/html/clients/darwin/updatetree-amd64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-amd64.gz /var/www/html/clients/linux/updatetree-amd64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-arm64.gz /var/www/html/clients/linux/updatetree-arm64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-ppc64le.gz /var/www/html/clients/linux/updatetree-ppc64le.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-s390x.gz /var/www/html/clients/linux/updatetree-s390x.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-windows-amd64.exe.gz /var/www/html/clients/windows/updatetree-amd64.gz
COPY --from=tuf-tool /usr/bin/tuftool /var/www/html/clients/linux/tuftool-amd64
RUN gzip /var/www/html/clients/linux/tuftool-amd64
LABEL \
com.redhat.component="trusted-artifact-signer-serve-cli-container" \
name="trusted-artifact-signer-serve-cli-container" \
version="1.1.0" \
summary="Red Hat serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
description="Serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
io.k8s.description="Serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
io.k8s.display-name="Red Hat serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree" \
io.openshift.tags=" cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree, rhtas, trusted, artifact, signer, sigstore" \
maintainer="trusted-artifact-signer@redhat.com"