forked from awslabs/tough
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathDockerfile.tuffer
More file actions
29 lines (21 loc) · 1.26 KB
/
Dockerfile.tuffer
File metadata and controls
29 lines (21 loc) · 1.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
FROM registry.redhat.io/ubi9/go-toolset:latest@sha256:0f4f6f7868962aa75dddfe4230b664bdf77071e92c43c70c824c58450e37693f as builder
ENV CGO_ENABLED=1 \
GOEXPERIMENT=strictfipsruntime
USER root
RUN dnf install -y perl gcc openssl openssl-devel cmake gcc-c++ git curl-minimal unzip cyrus-sasl-devel rust cargo
RUN mkdir /tmp/tuftool
COPY . /tmp/tuftool
RUN cd /tmp/tuftool && cargo build --release --features fips
FROM registry.access.redhat.com/ubi9/ubi:latest@sha256:9e6e193bfc3596a84d2a32f42d6b1552398ec9735b9a4e893a0fc3c6fbccb381 as deploy
COPY --from=builder /tmp/tuftool/target/release/tuftool /usr/bin/
COPY licenses/LICENSE-APACHE /licenses/license.txt
COPY rhtas/tuf-repo-init.sh /usr/bin/
ENTRYPOINT ["/usr/bin/tuf-repo-init.sh"]
USER 65532:65532
LABEL description ="Tuffer is a utility application used for generating an initial trust root for RHTAS"
LABEL io.k8s.description="Tuffer is a utility application used for generating an initial trust root for RHTAS"
LABEL io.k8s.display-name="Tuffer container image for Red Hat Trusted Artifact Signer"
LABEL io.openshift.tags="Tuffer Trusted Artifact Signer"
LABEL summary="Provides the tuf-repo-init script for generating an initial trust root for RHTAS"
LABEL com.redhat.component="tuffer"
LABEL name="rhtas/tuffer-rhel9"