Merge the Dockerfile for reproducible builds #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
- Set the SOURCE_DATE_EPOCH in Dockerfile - Checkout to specific tag Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
jepio
reviewed
Oct 22, 2024
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
chewi
force-pushed
the
sayan/add-dockerfile
branch
from
458c591
to
3651e74
Compare
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
t-lo
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
| Company/tax register entries or equivalent: | ||
| (a link to the organization entry in your jurisdiction's register will do) | ||
|
|
||
| Cloud Native Computing Foundation |
There was a problem hiding this comment.
Lets get the legal data for CNCF in here
jepio
reviewed
Nov 14, 2024
| Subject: C=XX, O=MyCompany, Inc., CN=MyCompany, Inc. | ||
| ``` | ||
|
|
||
| N/A |
There was a problem hiding this comment.
Lets register with the Microsoft Dev Center and fetch this certificate
jepio
reviewed
Nov 14, 2024
| @@ -86,34 +119,39 @@ Make sure that you've verified that your build process uses that file as a sourc | |||
|
|
|||
| A short guide on verifying public keys and signatures should be available in the [docs](./docs/) directory. | |||
| ******************************************************************************* | |||
| [your text here] | |||
| Yes, These binaries created from the 15.8 release tar. Please refer to | |||
| the ebuild for source: https://github.com/flatcar/scripts/blob/main/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild#L9 | |||
There was a problem hiding this comment.
Could you add a second link to the Manifest next to the ebuild, that has the sha512 checksum
There was a problem hiding this comment.
and can we reference release tags instead of "main" in such links.
There was a problem hiding this comment.
@jepio The PR was merged after the last release, so we don't have shim-15.8-r2 in the release tags.
jepio
reviewed
Nov 14, 2024
|
|
||
| ******************************************************************************* | ||
| ### URL for a repo that contains the exact code which was built to result in your binary: | ||
| Hint: If you attach all the patches and modifications that are being used to your application, you can point to the URL of your application here (*`https://github.com/YOUR_ORGANIZATION/shim-review`*). | ||
|
|
||
| You can also point to your custom git servers, where the code is hosted. | ||
| ******************************************************************************* | ||
| [your url here] | ||
| The repo is [here](https://github.com/flatcar/scripts/). The shim ebuild can be found [here](https://github.com/flatcar/scripts/blob/main/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild). |
There was a problem hiding this comment.
can we reference a release tag that has the final ebuild?
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
jepio
reviewed
Nov 14, 2024
Co-authored-by: Thilo Fromm <thilo.alexander@gmail.com> Co-authored-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
Co-authored-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
It's non-standard. Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
sayanchowdhury
force-pushed
the
sayan/add-dockerfile
branch
from
18c13ec
to
077ae24
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.