forked from sigstore/cosign
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathDockerfile.clients.rh
101 lines (86 loc) · 8.67 KB
/
Dockerfile.clients.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Provides the Trusted Artifact Signer CLI binaries, cosign and gitsign
FROM quay.io/securesign/cli-cosign@sha256:2a2aa8c1a224419be83afe46b0226e168927c19c8bd3f9c4e562e5e5caebb6a9 AS cosign
FROM quay.io/securesign/gitsign@sha256:bef55c43000f266cdb7cf6ea525f7c52f2ee532b7b487ae9752aac31ebded40f AS gitsign
# Provides the Trusted Artifact Signer CLI binary, fetch-tsa-certs
FROM quay.io/securesign/fetch-tsa-certs@sha256:5763e25323050f5afa3655f7efa6b262183627792cdf8c42e64563ac3696d5f7 as fetch_tsa_certs
# Provides the Trusted Artifact Signer CLI binaries, rekor-cli and ec
FROM quay.io/securesign/rekor-cli@sha256:4bd68a4b63c15e5a09127d93a20e98508ce2ce8e4649bea3ab8e30cd83f235b2 as rekor
FROM registry.redhat.io/rhtas/ec-rhel9:0.6@sha256:e7f3cefadd1f4a65f242fb0b86f8083bbb17a91fd65f2ae65d128b7937d3e736 as ec
# Provides the Trusted Artifact Signer CLI binaries trillian-createtree and trillian-updatetree
FROM quay.io/securesign/trillian-createtree@sha256:d9ff8413f1d106cb5084b48b73b205db6dd5ad82818be4111c5cb118d9d135ae as trillian-createtree
FROM quay.io/securesign/trillian-updatetree@sha256:8651f55805f4b32a7ca351caa642b74f88493ca3dfb52ff57cf3c2dbdbf829f7 as trillian-updatetree
FROM quay.io/securesign/cli-tuftool@sha256:d58983d16f1bbfab64239e8fd09324e6de98ba0c193fa9f2747e75225cdd4548 as tuf-tool
FROM registry.access.redhat.com/ubi9/httpd-24@sha256:f762a79eb769614b86bc92bfcfe717722ffb9ca67be8657a8e1908089a7760fc
ENV APP_ROOT=/opt/app-root
WORKDIR $APP_ROOT/src/
RUN mkdir -p /var/www/html/clients/darwin && \
mkdir -p /var/www/html/clients/linux && \
mkdir -p /var/www/html/clients/windows
# Copy the cosign binaries from the previous stages
COPY --from=cosign /usr/local/bin/cosign-darwin-amd64.gz /var/www/html/clients/darwin/cosign-amd64.gz
COPY --from=cosign /usr/local/bin/cosign-darwin-arm64.gz /var/www/html/clients/darwin/cosign-arm64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-amd64.gz /var/www/html/clients/linux/cosign-amd64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-arm64.gz /var/www/html/clients/linux/cosign-arm64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-ppc64le.gz /var/www/html/clients/linux/cosign-ppc64le.gz
COPY --from=cosign /usr/local/bin/cosign-linux-s390x.gz /var/www/html/clients/linux/cosign-s390x.gz
COPY --from=cosign /usr/local/bin/cosign-windows-amd64.exe.gz /var/www/html/clients/windows/cosign-amd64.gz
# Copy the gitsign binaries from the previous stages
COPY --from=gitsign /usr/local/bin/gitsign_cli_darwin_amd64.gz /var/www/html/clients/darwin/gitsign-amd64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_darwin_arm64.gz /var/www/html/clients/darwin/gitsign-arm64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_amd64.gz /var/www/html/clients/linux/gitsign-amd64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_arm64.gz /var/www/html/clients/linux/gitsign-arm64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_ppc64le.gz /var/www/html/clients/linux/gitsign-ppc64le.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_s390x.gz /var/www/html/clients/linux/gitsign-s390x.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_windows_amd64.exe.gz /var/www/html/clients/windows/gitsign-amd64.gz
# Copy the rekor binaries from the previous stages
COPY --from=rekor /usr/local/bin/rekor_cli_darwin_amd64.gz /var/www/html/clients/darwin/rekor-cli-amd64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_darwin_arm64.gz /var/www/html/clients/darwin/rekor-cli-arm64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_amd64.gz /var/www/html/clients/linux/rekor-cli-amd64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_arm64.gz /var/www/html/clients/linux/rekor-cli-arm64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_ppc64le.gz /var/www/html/clients/linux/rekor-cli-ppc64le.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_s390x.gz /var/www/html/clients/linux/rekor-cli-s390x.gz
COPY --from=rekor /usr/local/bin/rekor_cli_windows_amd64.exe.gz /var/www/html/clients/windows/rekor-cli-amd64.gz
# Copy the ec binaries from the previous stages
COPY --from=ec /usr/local/bin/ec_darwin_amd64.gz /var/www/html/clients/darwin/ec-amd64.gz
COPY --from=ec /usr/local/bin/ec_darwin_arm64.gz /var/www/html/clients/darwin/ec-arm64.gz
COPY --from=ec /usr/local/bin/ec_linux_amd64.gz /var/www/html/clients/linux/ec-amd64.gz
COPY --from=ec /usr/local/bin/ec_linux_arm64.gz /var/www/html/clients/linux/ec-arm64.gz
COPY --from=ec /usr/local/bin/ec_linux_ppc64le.gz /var/www/html/clients/linux/ec-ppc64le.gz
COPY --from=ec /usr/local/bin/ec_linux_s390x.gz /var/www/html/clients/linux/ec-s390x.gz
COPY --from=ec /usr/local/bin/ec_windows_amd64.exe.gz /var/www/html/clients/windows/ec-amd64.gz
# Copy the fetch-tsa-certs binaries from the previous stages
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_arm64.gz /var/www/html/clients/darwin/fetch-tsa-certs-arm64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_amd64.gz /var/www/html/clients/darwin/fetch-tsa-certs-amd64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_amd64.gz /var/www/html/clients/linux/fetch-tsa-certs-amd64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_arm64.gz /var/www/html/clients/linux/fetch-tsa-certs-arm64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_ppc64le.gz /var/www/html/clients/linux/fetch-tsa-certs-ppc64le.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_s390x.gz /var/www/html/clients/linux/fetch-tsa-certs-s390x.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_windows_amd64.exe.gz /var/www/html/clients/windows/fetch-tsa-certs-amd64.gz
# Copy the trillian-createtree binaries from the previous stages
COPY --from=trillian-createtree /usr/local/bin/createtree-darwin-arm64.gz /var/www/html/clients/darwin/createtree-arm64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-darwin-amd64.gz /var/www/html/clients/darwin/createtree-amd64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-amd64.gz /var/www/html/clients/linux/createtree-amd64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-arm64.gz /var/www/html/clients/linux/createtree-arm64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-ppc64le.gz /var/www/html/clients/linux/createtree-ppc64le.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-s390x.gz /var/www/html/clients/linux/createtree-s390x.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-windows-amd64.exe.gz /var/www/html/clients/windows/createtree-amd64.gz
# Copy the trillian-updatetree binaries from the previous stages
COPY --from=trillian-updatetree /usr/local/bin/updatetree-darwin-arm64.gz /var/www/html/clients/darwin/updatetree-arm64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-darwin-amd64.gz /var/www/html/clients/darwin/updatetree-amd64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-amd64.gz /var/www/html/clients/linux/updatetree-amd64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-arm64.gz /var/www/html/clients/linux/updatetree-arm64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-ppc64le.gz /var/www/html/clients/linux/updatetree-ppc64le.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-s390x.gz /var/www/html/clients/linux/updatetree-s390x.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-windows-amd64.exe.gz /var/www/html/clients/windows/updatetree-amd64.gz
COPY --from=tuf-tool /usr/bin/tuftool /var/www/html/clients/linux/tuftool-amd64
RUN gzip /var/www/html/clients/linux/tuftool-amd64
LABEL \
com.redhat.component="trusted-artifact-signer-serve-cli-container" \
name="trusted-artifact-signer-serve-cli-container" \
version="1.1.0" \
summary="Red Hat serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
description="Serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
io.k8s.description="Serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
io.k8s.display-name="Red Hat serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree" \
io.openshift.tags=" cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree, rhtas, trusted, artifact, signer, sigstore" \
maintainer="trusted-artifact-signer@redhat.com"