[incubator-openwhisk] branch master updated: Verify checksums of downloaded software in Dockerfiles (#4051)

Fri, 12 Oct 2018 00:41:18 -0700 

This is an automated email from the ASF dual-hosted git repository.

chetanm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git


The following commit(s) were added to refs/heads/master by this push:
     new 67a9a28  Verify checksums of downloaded software in Dockerfiles (#4051)
67a9a28 is described below

commit 67a9a28b7a59e73c876bb2a881c6af141525ba6e
Author: moritzraho <raho...@gmail.com>
AuthorDate: Fri Oct 12 09:40:21 2018 +0200

    Verify checksums of downloaded software in Dockerfiles (#4051)
    
    Verify sha256 checksum of Swagger and Docker binaries
---
 core/controller/Dockerfile | 9 ++++++---
 core/invoker/Dockerfile    | 4 +++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/core/controller/Dockerfile b/core/controller/Dockerfile
index 151444f..85950d9 100644
--- a/core/controller/Dockerfile
+++ b/core/controller/Dockerfile
@@ -5,12 +5,15 @@ FROM scala
 
 ENV UID=1001 \
     NOT_ROOT_USER=owuser
+ENV 
SWAGGER_UI_DOWNLOAD_SHA256=3d7ef5ddc59e10f132fe99771498f0f1ba7a2cbfb9585f9863d4191a574c96e7
 \
+    SWAGGER_UI_VERSION=3.6.0
 
 # Install swagger-ui
-RUN curl -sSL -o swagger-ui-v3.6.0.tar.gz --no-verbose 
https://github.com/swagger-api/swagger-ui/archive/v3.6.0.tar.gz && \
+RUN curl -sSL -o swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz --no-verbose 
https://github.com/swagger-api/swagger-ui/archive/v${SWAGGER_UI_VERSION}.tar.gz 
&& \
+    echo "${SWAGGER_UI_DOWNLOAD_SHA256}  
swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz" | sha256sum -c - && \
     mkdir swagger-ui && \
-    tar zxf swagger-ui-v3.6.0.tar.gz -C /swagger-ui --strip-components=2 
swagger-ui-3.6.0/dist && \
-    rm swagger-ui-v3.6.0.tar.gz && \
+    tar zxf swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz -C /swagger-ui 
--strip-components=2 swagger-ui-${SWAGGER_UI_VERSION}/dist && \
+    rm swagger-ui-v${SWAGGER_UI_VERSION}.tar.gz && \
     sed -i s#http://petstore.swagger.io/v2/swagger.json#/api/v1/api-docs#g 
/swagger-ui/index.html
 
 # Copy app jars
diff --git a/core/invoker/Dockerfile b/core/invoker/Dockerfile
index ba22363..0ec0526 100644
--- a/core/invoker/Dockerfile
+++ b/core/invoker/Dockerfile
@@ -3,15 +3,17 @@
 
 FROM scala
 
-ENV DOCKER_VERSION 1.12.0
 ENV UID=1001 \
     NOT_ROOT_USER=owuser
+ENV DOCKER_VERSION=1.12.0 \
+    
DOCKER_DOWNLOAD_SHA256=3dd07f65ea4a7b4c8829f311ab0213bca9ac551b5b24706f3e79a97e22097f8b
 
 RUN apk add --update openssl
 
 # Uncomment to fetch latest version of docker instead: RUN wget -qO- 
https://get.docker.com | sh
 # Install docker client
 RUN curl -sSL -o docker-${DOCKER_VERSION}.tgz 
https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz && \
+echo "${DOCKER_DOWNLOAD_SHA256}  docker-${DOCKER_VERSION}.tgz" | sha256sum -c 
- && \
 tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin 
docker/docker && \
 tar --strip-components 1 -xvzf docker-${DOCKER_VERSION}.tgz -C /usr/bin 
docker/docker-runc && \
 rm -f docker-${DOCKER_VERSION}.tgz && \

Reply via email to