diff --git a/Dockerfile b/Dockerfile index c937a930af4..e0fc7f004ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ WORKDIR /cosign COPY . . USER root RUN git config --global --add safe.directory /cosign -RUN GOFLAGS="" make cosign +RUN make cosign # Install Cosign -FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:0dfa71a7ec2caf445e7ac6b7422ae67f3518960bd6dbf62a7b77fa7a6cfc02b1 +FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:b40f52aa68b29634ff45429ee804afbaa61b33de29ae775568933c71610f07a4 LABEL description="Cosign is a container signing tool that leverages simple, secure, and auditable signatures based on simple primitives and best practices." LABEL io.k8s.description="Cosign is a container signing tool that leverages simple, secure, and auditable signatures based on simple primitives and best practices." @@ -27,4 +27,4 @@ RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME} WORKDIR ${HOME} # Makes sure the container stays running -CMD ["tail", "-f", "/dev/null"] +CMD ["tail", "-f", "/dev/null"] \ No newline at end of file diff --git a/redhat/overlays/Dockerfile b/redhat/overlays/Dockerfile new file mode 100644 index 00000000000..e0fc7f004ae --- /dev/null +++ b/redhat/overlays/Dockerfile @@ -0,0 +1,30 @@ +# Build stage +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder AS build-env + +WORKDIR /cosign +COPY . . +USER root +RUN git config --global --add safe.directory /cosign +RUN make cosign + +# Install Cosign +FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:b40f52aa68b29634ff45429ee804afbaa61b33de29ae775568933c71610f07a4 + +LABEL description="Cosign is a container signing tool that leverages simple, secure, and auditable signatures based on simple primitives and best practices." +LABEL io.k8s.description="Cosign is a container signing tool that leverages simple, secure, and auditable signatures based on simple primitives and best practices." +LABEL io.k8s.display-name="Cosign container image for Red Hat Trusted Signer" +LABEL io.openshift.tags="cosign trusted-signer" +LABEL summary="Provides the cosign CLI binary for signing and verifying container images." +LABEL com.redhat.component="cosign" + +COPY --from=build-env /cosign/cosign /usr/local/bin/cosign +RUN chown root:0 /usr/local/bin/cosign && chmod g+wx /usr/local/bin/cosign + +#Configure home directory +ENV HOME=/home +RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME} + +WORKDIR ${HOME} + +# Makes sure the container stays running +CMD ["tail", "-f", "/dev/null"] \ No newline at end of file