This is an automated email from the ASF dual-hosted git repository. meonkeys pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/fineract-site.git
commit 44834410107cab46dd78a631f9110d6b7d566afe Author: Adam Monsen <[email protected]> AuthorDate: Thu Mar 12 14:26:21 2026 -0700 verify known good Hugo tarball download checksum mitigates supply chain attacks --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 46fadee..fb6a5ee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,6 +2,7 @@ FROM ubuntu:24.04 ENV DEBIAN_FRONTEND=noninteractive ENV HUGO_VERSION=0.156.0 +ENV HUGO_TARBALL_CHECKSUM=580cae0d9e3e00b1c42ac9fa30f22c9aab9c1cfbe34d71bbf5706c864f9ea1de8acb7ed1844520a5c18427121fe042bc8c26ada737cd691dec1ffc9194a1e33b RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ @@ -13,6 +14,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ RUN curl -fsSL \ -o /tmp/hugo.tar.gz \ "https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.tar.gz"; \ + && echo "$HUGO_TARBALL_CHECKSUM /tmp/hugo.tar.gz" | sha512sum --check \ && tar -xzf /tmp/hugo.tar.gz -C /tmp \ && install -m 0755 /tmp/hugo /usr/local/bin/hugo \ && rm -f /tmp/hugo /tmp/hugo.tar.gz
