Merged in CLIP-1872-integrate-sha256-check (pull request #163)

CLIP-1872: Verify sha256 checksum after downloading tar.gz.

* CLIP-1872: Verify sha256 checksum after downloading tar.gz.

* CLIP-1872: Ignored cd in hadolint.


Approved-by: Eugene Ivantsov
This commit is contained in:
Yifei Zhang 2024-05-02 04:55:11 +00:00
parent 8dce9d328c
commit d5e389ccd6
3 changed files with 11 additions and 2 deletions

View File

@ -1,5 +1,6 @@
ignored:
- DL3002 # root user in UBI Dockerfile
- DL3003 # cd in the RUN instruction
- DL3005 # Package upgrades
- DL3017 # Package upgrades
- DL3006 # Version tagging

View File

@ -42,7 +42,11 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
&& useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} --shell /bin/bash ${RUN_USER} \
&& echo PATH=$PATH > /etc/environment \
&& mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& curl -fsSL ${DOWNLOAD_URL} -o /tmp/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz \
&& curl -fsSL ${DOWNLOAD_URL}.sha256 -o /tmp/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz.sha256 \
&& set -e; cd /tmp && sha256sum -c atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz.sha256 \
&& tar -xf /tmp/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& rm /tmp/atlassian-confluence* \
&& chmod -R 550 ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R ${RUN_USER}:root ${CONFLUENCE_INSTALL_DIR}/ \
&& for dir in logs temp work; do \

View File

@ -42,7 +42,11 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
&& useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} --shell /bin/bash ${RUN_USER} \
&& echo PATH=$PATH > /etc/environment \
&& mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& curl -fsSL ${DOWNLOAD_URL} -o /tmp/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz \
&& curl -fsSL ${DOWNLOAD_URL}.sha256 -o /tmp/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz.sha256 \
&& set -e; cd /tmp && sha256sum -c atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz.sha256 \
&& tar -xf /tmp/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& rm /tmp/atlassian-confluence* \
&& chmod -R 550 ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R ${RUN_USER}:root ${CONFLUENCE_INSTALL_DIR}/ \
&& for dir in logs temp work; do \