forked from sigstore/scaffolding
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Dockerfile.fulcio-createcerts.rh
30 lines (24 loc) · 1.42 KB
/
Dockerfile.fulcio-createcerts.rh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Build the createcerts binary
FROM registry.redhat.io/rhel9/go-toolset@sha256:04be9e51263ab743cbcb778921b23527a3e35d493136fd353a90670d84ac457f AS build-env
WORKDIR /createcerts
RUN git config --global --add safe.directory /createcerts
COPY . .
RUN CGO_ENABLED=0 go mod vendor
RUN CGO_ENABLED=0 go build -o createcerts -mod=readonly -trimpath ./cmd/fulcio/createcerts
# Install server
FROM registry.access.redhat.com/ubi9-minimal@sha256:8b6978d555746877c73f52375f60fd7b6fd27d6aca000eaed27d0995303c13de
COPY --from=build-env /createcerts/createcerts /usr/local/bin/createcerts
RUN chown root:0 /usr/local/bin/createcerts && chmod g+wx /usr/local/bin/createcerts
# Configure home directory
ENV HOME=/home
RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME}
WORKDIR ${HOME}
LABEL description="The createcerts job creates a self-signed certificate, along with private/public keys, and a password used to encrypt the private key."
LABEL io.k8s.description="The createcerts job creates a self-signed certificate, along with private/public keys, and a password used to encrypt the private key."
LABEL io.k8s.display-name="createcerts job container image for Red Hat trusted artifact signer."
LABEL io.openshift.tags="createcerts, Red Hat trusted artifact signer."
LABEL summary="Provides the createcerts binary."
LABEL com.redhat.component="createcerts"
LABEL name="createcerts"
# Set the binary as the entrypoint of the container
ENTRYPOINT ["createcerts"]