This is an automated email from the ASF dual-hosted git repository.
chetanm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 67a9a28 Verify checksums of downloaded software in Dockerfiles (#4051)
67a9a28 is described below
commit 67a9a28b7a59e73c876bb2a881c6af141525ba6e
Author: moritzraho <[email protected]>
AuthorDate: Fri Oct 12 09:40:21 2018 +0200
Verify checksums of downloaded software in Dockerfiles (#4051)
Verify sha256 checksum of Swagger and Docker binaries
---
core/controller/Dockerfile | 9 ++++++---
core/invoker/Dockerfile | 4 +++-
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/core/controller/Dockerfile b/core/controller/Dockerfile
index 151444f..85950d9 100644
--- a/core/controller/Dockerfile
+++ b/core/controller/Dockerfile
@@ -5,12 +5,15 @@ FROM scala
ENV UID=1001 \
NOT_ROOT_USER=owuser
+ENV
SWAGGER_UI_DOWNLOAD_SHA256=3d7ef5ddc59e10f132fe99771498f0f1ba7a2cbfb9585f9863d4191a574c96e7
\
+ SWAGGER_UI_VERSION=3.6.0
# Install swagger-ui
-RUN curl -sSL -o swagger-ui-v3.6.0.tar.gz --no-verbose
https://github.com/swagger-api/swagger-ui/archive/v3.6.0.tar.gz && \
+RUN curl -sSL -o swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz --no-verbose
https://github.com/swagger-api/swagger-ui/archive/v${SWAGGER_UI_VERSION}.tar.gz
&& \
+ echo "${SWAGGER_UI_DOWNLOAD_SHA256}
swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz" | sha256sum -c - && \
mkdir swagger-ui && \
- tar zxf swagger-ui-v3.6.0.tar.gz -C /swagger-ui --strip-components=2
swagger-ui-3.6.0/dist && \
- rm swagger-ui-v3.6.0.tar.gz && \
+ tar zxf swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz -C /swagger-ui
--strip-components=2 swagger-ui-${SWAGGER_UI_VERSION}/dist && \
+ rm swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz && \
sed -i s#http://petstore.swagger.io/v2/swagger.json#/api/v1/api-docs#g
/swagger-ui/index.html
# Copy app jars
diff --git a/core/invoker/Dockerfile b/core/invoker/Dockerfile
index ba22363..0ec0526 100644
--- a/core/invoker/Dockerfile
+++ b/core/invoker/Dockerfile
@@ -3,15 +3,17 @@
FROM scala
-ENV DOCKER_VERSION 1.12.0
ENV UID=1001 \
NOT_ROOT_USER=owuser
+ENV DOCKER_VERSION=1.12.0 \
+
DOCKER_DOWNLOAD_SHA256=3dd07f65ea4a7b4c8829f311ab0213bca9ac551b5b24706f3e79a97e22097f8b
RUN apk add --update openssl
# Uncomment to fetch latest version of docker instead: RUN wget -qO-
https://get.docker.com | sh
# Install docker client
RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz
https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz && \
+echo "${DOCKER_DOWNLOAD_SHA256} docker-${DOCKER_VERSION}.tgz" | sha256sum -c
- && \
tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker && \
tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin
docker/docker-runc && \
rm -f docker-${DOCKER_VERSION}.tgz && \
