Skip to content

Commit

Permalink
fix: improve checksum validation
Browse files Browse the repository at this point in the history
  • Loading branch information
plyr4 committed Aug 19, 2024
1 parent b0399b5 commit 0998100
Showing 1 changed file with 8 additions and 10 deletions.
18 changes: 8 additions & 10 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,16 @@ FROM alpine:latest@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef

ARG TERRAFORM_VERSION

ENV TERRAFORM_ZIP="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip"
ENV CHECKSUM_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS"
ENV CHECKSUM_FILE="SHA256SUMS"
ENV TERRAFORM_RELEASE_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}"
ENV TERRAFORM_ZIP_FILENAME="terraform_${TERRAFORM_VERSION}_linux_amd64.zip"
ENV TERRAFORM_CHECKSUMS_FILENAME="terraform_${TERRAFORM_VERSION}_SHA256SUMS"

# download and verify the Terraform binary
RUN wget -q "${TERRAFORM_ZIP}" -O terraform.zip && \
wget -q "${CHECKSUM_URL}" -O "${CHECKSUM_FILE}" && \
EXPECTED_CHECKSUM=$(grep "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" "${CHECKSUM_FILE}" | awk '{ print $1 }') && \
ACTUAL_CHECKSUM=$(sha256sum terraform.zip | awk '{ print $1 }') && \
if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]; then echo "Checksum verification failed"; exit 1; fi && \
unzip terraform.zip -d /bin && \
rm -f terraform.zip "${CHECKSUM_FILE}"
RUN wget -q "${TERRAFORM_RELEASE_URL}/${TERRAFORM_ZIP_FILENAME}" -O "${TERRAFORM_ZIP_FILENAME}" && \
wget -q "${TERRAFORM_RELEASE_URL}/${TERRAFORM_CHECKSUMS_FILENAME}" -O "${TERRAFORM_CHECKSUMS_FILENAME}" && \
cat "${TERRAFORM_CHECKSUMS_FILENAME}" | grep "${TERRAFORM_ZIP_FILENAME}" | sha256sum -c && \
unzip "${TERRAFORM_ZIP_FILENAME}" -d /bin && \
rm -f "${TERRAFORM_ZIP_FILENAME}" "${TERRAFORM_CHECKSUMS_FILENAME}"

##############################################################################
## docker build --no-cache --target certs -t vela-terraform:certs . ##
Expand Down

0 comments on commit 0998100

Please sign in to comment.