forked from sigstore/cosign
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Dockerfile.clients.rh
101 lines (86 loc) · 8.63 KB
/
Dockerfile.clients.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Provides the Trusted Artifact Signer CLI binaries, cosign and gitsign
FROM quay.io/securesign/cli-cosign@sha256:4ec69652b96c3cfddc813c42a763d81dc82f894c745a33e99deaa92814f4e918 AS cosign
FROM quay.io/securesign/gitsign@sha256:9d95b3eeb2f8c144c2a9e7d9735748448d0a62f0592e336db2682f73f1cb0160 AS gitsign
# Provides the Trusted Artifact Signer CLI binary, fetch-tsa-certs
FROM quay.io/securesign/fetch-tsa-certs@sha256:04ee10dd6f36b7ebca80c0e7badeb5c69d4ae2b37eb1abbea204d1af4eb1d0cc as fetch_tsa_certs
# Provides the Trusted Artifact Signer CLI binaries, rekor-cli and ec
FROM quay.io/securesign/rekor-cli@sha256:0f874a33e5ee36ed6cdb080e1774a6d66d3c095458f8a138b5c0f95fd8f32944 as rekor
FROM registry.redhat.io/rhtas/ec-rhel9:0.5@sha256:815110eec64d0d7fb4af003e86c261234b165bcfde8012f0891eba6c0c419b4e as ec
# Provides the Trusted Artifact Signer CLI binaries trillian-createtree and trillian-updatetree
FROM quay.io/securesign/trillian-createtree@sha256:2a17108678e51bf39d80b3a7fc577ec9c12de10e19286e3e5298fb8cfcf9309c as trillian-createtree
FROM quay.io/securesign/trillian-updatetree@sha256:cae560a63bc4f6aae4c8d5110ca903f52518be7b7db34ddebf29a541f04c6c45 as trillian-updatetree
FROM quay.io/securesign/cli-tuftool:5f0506773f5e6c7b8b4538ba1e47189bc6c2b76c as tuf-tool
FROM registry.access.redhat.com/ubi9/httpd-24@sha256:d073a0a800d9e410f4c0ac5a854bdc88b1382d9757e4c480ede202b477310c8b
ENV APP_ROOT=/opt/app-root
WORKDIR $APP_ROOT/src/
RUN mkdir -p /var/www/html/clients/darwin && \
mkdir -p /var/www/html/clients/linux && \
mkdir -p /var/www/html/clients/windows
# Copy the cosign binaries from the previous stages
COPY --from=cosign /usr/local/bin/cosign-darwin-amd64.gz /var/www/html/clients/darwin/cosign-amd64.gz
COPY --from=cosign /usr/local/bin/cosign-darwin-arm64.gz /var/www/html/clients/darwin/cosign-arm64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-amd64.gz /var/www/html/clients/linux/cosign-amd64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-arm64.gz /var/www/html/clients/linux/cosign-arm64.gz
COPY --from=cosign /usr/local/bin/cosign-linux-ppc64le.gz /var/www/html/clients/linux/cosign-ppc64le.gz
COPY --from=cosign /usr/local/bin/cosign-linux-s390x.gz /var/www/html/clients/linux/cosign-s390x.gz
COPY --from=cosign /usr/local/bin/cosign-windows-amd64.exe.gz /var/www/html/clients/windows/cosign-amd64.gz
# Copy the gitsign binaries from the previous stages
COPY --from=gitsign /usr/local/bin/gitsign_cli_darwin_amd64.gz /var/www/html/clients/darwin/gitsign-amd64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_darwin_arm64.gz /var/www/html/clients/darwin/gitsign-arm64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_amd64.gz /var/www/html/clients/linux/gitsign-amd64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_arm64.gz /var/www/html/clients/linux/gitsign-arm64.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_ppc64le.gz /var/www/html/clients/linux/gitsign-ppc64le.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_linux_s390x.gz /var/www/html/clients/linux/gitsign-s390x.gz
COPY --from=gitsign /usr/local/bin/gitsign_cli_windows_amd64.exe.gz /var/www/html/clients/windows/gitsign-amd64.gz
# Copy the rekor binaries from the previous stages
COPY --from=rekor /usr/local/bin/rekor_cli_darwin_amd64.gz /var/www/html/clients/darwin/rekor-cli-amd64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_darwin_arm64.gz /var/www/html/clients/darwin/rekor-cli-arm64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_amd64.gz /var/www/html/clients/linux/rekor-cli-amd64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_arm64.gz /var/www/html/clients/linux/rekor-cli-arm64.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_ppc64le.gz /var/www/html/clients/linux/rekor-cli-ppc64le.gz
COPY --from=rekor /usr/local/bin/rekor_cli_linux_s390x.gz /var/www/html/clients/linux/rekor-cli-s390x.gz
COPY --from=rekor /usr/local/bin/rekor_cli_windows_amd64.exe.gz /var/www/html/clients/windows/rekor-cli-amd64.gz
# Copy the ec binaries from the previous stages
COPY --from=ec /usr/local/bin/ec_darwin_amd64.gz /var/www/html/clients/darwin/ec-amd64.gz
COPY --from=ec /usr/local/bin/ec_darwin_arm64.gz /var/www/html/clients/darwin/ec-arm64.gz
COPY --from=ec /usr/local/bin/ec_linux_amd64.gz /var/www/html/clients/linux/ec-amd64.gz
COPY --from=ec /usr/local/bin/ec_linux_arm64.gz /var/www/html/clients/linux/ec-arm64.gz
COPY --from=ec /usr/local/bin/ec_linux_ppc64le.gz /var/www/html/clients/linux/ec-ppc64le.gz
COPY --from=ec /usr/local/bin/ec_linux_s390x.gz /var/www/html/clients/linux/ec-s390x.gz
COPY --from=ec /usr/local/bin/ec_windows_amd64.exe.gz /var/www/html/clients/windows/ec-amd64.gz
# Copy the fetch-tsa-certs binaries from the previous stages
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_arm64.gz /var/www/html/clients/darwin/fetch-tsa-certs-arm64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_amd64.gz /var/www/html/clients/darwin/fetch-tsa-certs-amd64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_amd64.gz /var/www/html/clients/linux/fetch-tsa-certs-amd64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_arm64.gz /var/www/html/clients/linux/fetch-tsa-certs-arm64.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_ppc64le.gz /var/www/html/clients/linux/fetch-tsa-certs-ppc64le.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_s390x.gz /var/www/html/clients/linux/fetch-tsa-certs-s390x.gz
COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_windows_amd64.exe.gz /var/www/html/clients/windows/fetch-tsa-certs-amd64.gz
# Copy the trillian-createtree binaries from the previous stages
COPY --from=trillian-createtree /usr/local/bin/createtree-darwin-arm64.gz /var/www/html/clients/darwin/createtree-arm64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-darwin-amd64.gz /var/www/html/clients/darwin/createtree-amd64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-amd64.gz /var/www/html/clients/linux/createtree-amd64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-arm64.gz /var/www/html/clients/linux/createtree-arm64.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-ppc64le.gz /var/www/html/clients/linux/createtree-ppc64le.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-linux-s390x.gz /var/www/html/clients/linux/createtree-s390x.gz
COPY --from=trillian-createtree /usr/local/bin/createtree-windows-amd64.exe.gz /var/www/html/clients/windows/createtree-amd64.gz
# Copy the trillian-updatetree binaries from the previous stages
COPY --from=trillian-updatetree /usr/local/bin/updatetree-darwin-arm64.gz /var/www/html/clients/darwin/updatetree-arm64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-darwin-amd64.gz /var/www/html/clients/darwin/updatetree-amd64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-amd64.gz /var/www/html/clients/linux/updatetree-amd64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-arm64.gz /var/www/html/clients/linux/updatetree-arm64.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-ppc64le.gz /var/www/html/clients/linux/updatetree-ppc64le.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-linux-s390x.gz /var/www/html/clients/linux/updatetree-s390x.gz
COPY --from=trillian-updatetree /usr/local/bin/updatetree-windows-amd64.exe.gz /var/www/html/clients/windows/updatetree-amd64.gz
COPY --from=tuf-tool /usr/bin/tuftool /var/www/html/clients/linux/tuftool-amd64
RUN gzip /var/www/html/clients/linux/tuftool-amd64
LABEL \
com.redhat.component="trusted-artifact-signer-serve-cli-container" \
name="trusted-artifact-signer-serve-cli-container" \
version="1.1.0" \
summary="Red Hat serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
description="Serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
io.k8s.description="Serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree from an HTTP server" \
io.k8s.display-name="Red Hat serves Trusted Artifact Signer CLI binaries cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree" \
io.openshift.tags=" cosign, gitsign, rekor-cli, ec, fetch_tsa_certs, trillian-createtree and trillian-updatetree, rhtas, trusted, artifact, signer, sigstore" \
maintainer="[email protected]"