From 7ae92494d1a1e84977a5b3d2658dba673e35d275 Mon Sep 17 00:00:00 2001 From: Alexei Ledenev Date: Wed, 18 May 2016 12:10:39 +0300 Subject: [PATCH] verify hash for downloaded Bats archive --- bats.Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/bats.Dockerfile b/bats.Dockerfile index af980b9..224bebe 100644 --- a/bats.Dockerfile +++ b/bats.Dockerfile @@ -6,6 +6,7 @@ MAINTAINER Alexei Ledenev ENV VERSION 1.11.1 ENV BATS_VERSION 0.4.0 +ENV BATS_SHA_256 480d8d64f1681eee78d1002527f3f06e1ac01e173b761bc73d0cf33f4dc1d8d7 LABEL docker_bench_security=true @@ -13,6 +14,13 @@ RUN apk --update add curl bash \ && rm -rf /var/lib/apt/lists/* \ && rm /var/cache/apk/* +RUN curl -o "/tmp/v${BATS_VERSION}.tar.gz" -LS "https://github.com/sstephenson/bats/archive/v${BATS_VERSION}.tar.gz" && \ + echo "${BATS_SHA_256} v${BATS_VERSION}.tar.gz" > /tmp/v${BATS_VERSION}.tar.gz.sha256 && \ + cd /tmp && sha256sum -c v${BATS_VERSION}.tar.gz.sha256 && \ + tar -xvzf "/tmp/v${BATS_VERSION}.tar.gz" -C /tmp/ && \ + bash "/tmp/bats-${BATS_VERSION}/install.sh" /usr/local && \ + rm -rf /tmp/* + RUN curl -o "/tmp/docker-$VERSION.tgz" -LS "https://get.docker.com/builds/Linux/x86_64/docker-$VERSION.tgz" && \ curl -o "/tmp/docker-$VERSION.tgz.sha256" -LS "https://get.docker.com/builds/Linux/x86_64/docker-$VERSION.tgz.sha256" && \ cd /tmp && sha256sum -c docker-$VERSION.tgz.sha256 && \ @@ -20,10 +28,6 @@ RUN curl -o "/tmp/docker-$VERSION.tgz" -LS "https://get.docker.com/builds/Linux/ chmod u+x /tmp/docker/docker && mv /tmp/docker/docker /usr/bin/ && \ rm -rf /tmp/* -RUN curl -o "/tmp/v${BATS_VERSION}.tar.gz" -LS "https://github.com/sstephenson/bats/archive/v${BATS_VERSION}.tar.gz" && \ - tar -xvzf "/tmp/v${BATS_VERSION}.tar.gz" -C /tmp/ && \ - bash "/tmp/bats-${BATS_VERSION}/install.sh" /usr/local && \ - rm -rf /tmp/* RUN mkdir /docker-bench-security