From 099810069fd56346101c2b49f21435edd42a11cc Mon Sep 17 00:00:00 2001 From: davidvader Date: Mon, 19 Aug 2024 15:07:00 -0500 Subject: [PATCH] fix: improve checksum validation --- Dockerfile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7ae5a59..8b04011 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,18 +13,16 @@ FROM alpine:latest@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef ARG TERRAFORM_VERSION -ENV TERRAFORM_ZIP="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -ENV CHECKSUM_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS" -ENV CHECKSUM_FILE="SHA256SUMS" +ENV TERRAFORM_RELEASE_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}" +ENV TERRAFORM_ZIP_FILENAME="terraform_${TERRAFORM_VERSION}_linux_amd64.zip" +ENV TERRAFORM_CHECKSUMS_FILENAME="terraform_${TERRAFORM_VERSION}_SHA256SUMS" # download and verify the Terraform binary -RUN wget -q "${TERRAFORM_ZIP}" -O terraform.zip && \ - wget -q "${CHECKSUM_URL}" -O "${CHECKSUM_FILE}" && \ - EXPECTED_CHECKSUM=$(grep "terraform_${TERRAFORM_VERSION}_linux_amd64.zip" "${CHECKSUM_FILE}" | awk '{ print $1 }') && \ - ACTUAL_CHECKSUM=$(sha256sum terraform.zip | awk '{ print $1 }') && \ - if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]; then echo "Checksum verification failed"; exit 1; fi && \ - unzip terraform.zip -d /bin && \ - rm -f terraform.zip "${CHECKSUM_FILE}" +RUN wget -q "${TERRAFORM_RELEASE_URL}/${TERRAFORM_ZIP_FILENAME}" -O "${TERRAFORM_ZIP_FILENAME}" && \ + wget -q "${TERRAFORM_RELEASE_URL}/${TERRAFORM_CHECKSUMS_FILENAME}" -O "${TERRAFORM_CHECKSUMS_FILENAME}" && \ + cat "${TERRAFORM_CHECKSUMS_FILENAME}" | grep "${TERRAFORM_ZIP_FILENAME}" | sha256sum -c && \ + unzip "${TERRAFORM_ZIP_FILENAME}" -d /bin && \ + rm -f "${TERRAFORM_ZIP_FILENAME}" "${TERRAFORM_CHECKSUMS_FILENAME}" ############################################################################## ## docker build --no-cache --target certs -t vela-terraform:certs . ##