From bda9f0ad1067297368355585ab32dbd1ef304f67 Mon Sep 17 00:00:00 2001 From: Leonard Jonathan Oh Date: Fri, 19 Nov 2021 00:48:59 +0000 Subject: [PATCH] Enhancement: Verify kubectl checksum --- generate/templates/Dockerfile.ps1 | 7 ++++++- variants/v1.14.10-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- variants/v1.15.12-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- variants/v1.16.15-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- variants/v1.17.17-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- variants/v1.18.15-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- variants/v1.19.7-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- variants/v1.20.4-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- variants/v1.21.0-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- variants/v1.22.0-alpine-3.8/Dockerfile | 7 ++++++- .../Dockerfile | 7 ++++++- 19 files changed, 114 insertions(+), 19 deletions(-) diff --git a/generate/templates/Dockerfile.ps1 b/generate/templates/Dockerfile.ps1 index 56d526d..d4143fb 100755 --- a/generate/templates/Dockerfile.ps1 +++ b/generate/templates/Dockerfile.ps1 @@ -5,7 +5,12 @@ ARG BUILDPLATFORM RUN echo "I am running on `$BUILDPLATFORM, building for `$TARGETPLATFORM" # When `$TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/$( $VARIANT['_metadata']['package_version'] )/bin/`$( echo `$TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/$( $VARIANT['_metadata']['package_version'] )/bin/`$( echo `$TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=`$( wget -qO- "`$BIN_URL.sha512" ) \ + && [ -n "`$SHA512" ] \ + && wget -qO- "`$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "`$SHA512" "@ diff --git a/variants/v1.14.10-alpine-3.8/Dockerfile b/variants/v1.14.10-alpine-3.8/Dockerfile index ab6bcd7..7e6054c 100644 --- a/variants/v1.14.10-alpine-3.8/Dockerfile +++ b/variants/v1.14.10-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.14.10/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.14.10/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.14.10-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.14.10-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index e5e7989..0b2936e 100644 --- a/variants/v1.14.10-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.14.10-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.14.10/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.14.10/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw diff --git a/variants/v1.15.12-alpine-3.8/Dockerfile b/variants/v1.15.12-alpine-3.8/Dockerfile index 8e05141..f541ede 100644 --- a/variants/v1.15.12-alpine-3.8/Dockerfile +++ b/variants/v1.15.12-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.15.12/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.15.12/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.15.12-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.15.12-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 25b1015..80117c9 100644 --- a/variants/v1.15.12-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.15.12-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.15.12/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.15.12/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw diff --git a/variants/v1.16.15-alpine-3.8/Dockerfile b/variants/v1.16.15-alpine-3.8/Dockerfile index 9ef457c..a7ba5f4 100644 --- a/variants/v1.16.15-alpine-3.8/Dockerfile +++ b/variants/v1.16.15-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.16.15/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.16.15/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.16.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.16.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index f4928bd..f575f1a 100644 --- a/variants/v1.16.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.16.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.16.15/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.16.15/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw diff --git a/variants/v1.17.17-alpine-3.8/Dockerfile b/variants/v1.17.17-alpine-3.8/Dockerfile index 75d028e..ac8c23b 100644 --- a/variants/v1.17.17-alpine-3.8/Dockerfile +++ b/variants/v1.17.17-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.17.17/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.17.17/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.17.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.17.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 4e02644..c8ad5ea 100644 --- a/variants/v1.17.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.17.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.17.17/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.17.17/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw diff --git a/variants/v1.18.15-alpine-3.8/Dockerfile b/variants/v1.18.15-alpine-3.8/Dockerfile index 8ffd185..c187977 100644 --- a/variants/v1.18.15-alpine-3.8/Dockerfile +++ b/variants/v1.18.15-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.18.15/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.18.15/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.18.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.18.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 4f2c71c..49859a8 100644 --- a/variants/v1.18.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.18.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.18.15/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.18.15/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw diff --git a/variants/v1.19.7-alpine-3.8/Dockerfile b/variants/v1.19.7-alpine-3.8/Dockerfile index af10fea..167e08f 100644 --- a/variants/v1.19.7-alpine-3.8/Dockerfile +++ b/variants/v1.19.7-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.19.7/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.19.7/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.19.7-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.19.7-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 8192e47..230ba9b 100644 --- a/variants/v1.19.7-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.19.7-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.19.7/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.19.7/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw diff --git a/variants/v1.20.4-alpine-3.8/Dockerfile b/variants/v1.20.4-alpine-3.8/Dockerfile index 8b8c009..ae3c7cf 100644 --- a/variants/v1.20.4-alpine-3.8/Dockerfile +++ b/variants/v1.20.4-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.20.4/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.20.4/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.20.4-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.20.4-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 68946c5..90eccdc 100644 --- a/variants/v1.20.4-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.20.4-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.20.4/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.20.4/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw diff --git a/variants/v1.21.0-alpine-3.8/Dockerfile b/variants/v1.21.0-alpine-3.8/Dockerfile index 0f8da22..ac4594b 100644 --- a/variants/v1.21.0-alpine-3.8/Dockerfile +++ b/variants/v1.21.0-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.21.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.21.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 2c01afe..99bef25 100644 --- a/variants/v1.21.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.21.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw diff --git a/variants/v1.22.0-alpine-3.8/Dockerfile b/variants/v1.22.0-alpine-3.8/Dockerfile index be76e9c..af946f1 100644 --- a/variants/v1.22.0-alpine-3.8/Dockerfile +++ b/variants/v1.22.0-alpine-3.8/Dockerfile @@ -4,6 +4,11 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.22.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.22.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" CMD [ "/usr/local/bin/kubectl" ] diff --git a/variants/v1.22.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.22.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index d513b4d..17e0b5c 100644 --- a/variants/v1.22.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.22.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -4,7 +4,12 @@ ARG BUILDPLATFORM RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" # When $TARGETPLATFORM is linux/arm/v7, strip out the '/v6' or '/v7' from it -RUN wget -qO- https://storage.googleapis.com/kubernetes-release/release/v1.22.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl > /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl +RUN BIN_URL=https://storage.googleapis.com/kubernetes-release/release/v1.22.0/bin/$( echo $TARGETPLATFORM | sed 's@/v[67]$@@' )/kubectl \ + && SHA512=$( wget -qO- "$BIN_URL.sha512" ) \ + && [ -n "$SHA512" ] \ + && wget -qO- "$BIN_URL" > /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && sha512sum /usr/local/bin/kubectl | grep "$SHA512" # From: https://github.com/nginxinc/docker-nginx/blob/1.17.0/stable/alpine/Dockerfile # Bring in gettext so we can get `envsubst`, then throw