Skip to content

Commit

Permalink
Added attestation for Gosu
Browse files Browse the repository at this point in the history
  • Loading branch information
LaurentGoderre committed Oct 13, 2023
1 parent e83b98d commit 55a1ef9
Show file tree
Hide file tree
Showing 10 changed files with 63 additions and 9 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
.jq-template.awk
.template-helper-functions.jq
3 changes: 2 additions & 1 deletion 5.7/Dockerfile.oracle

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion 8.0/Dockerfile.debian

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion 8.0/Dockerfile.oracle

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions apply-templates.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,13 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk'
fi

jqf='.template-helper-functions.jq'
if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
jqf="$BASHBREW_SCRIPTS/template-helper-functions.jq"
elif [ "$BASH_SOURCE" -nt "$jqf" ]; then
wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq'
fi

if [ "$#" -eq 0 ]; then
versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)"
eval "set -- $versions"
Expand Down
3 changes: 2 additions & 1 deletion innovation/Dockerfile.oracle
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ RUN set -eux; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
chmod +x /usr/local/bin/gosu; \
gosu --version; \
gosu nobody true
gosu nobody true; \
echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"gosu-sbom","packages":[{"name":"gosu","versionInfo":"1.16","SPDXID":"SPDXRef-Package--gosu","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/gosu@1.16?os_name=oraclelinux&os_version=8-slim"}],"licenseDeclared":"Apache-2.0"}]}' > /usr/local/gosu.spdx.json

RUN set -eux; \
microdnf install -y \
Expand Down
18 changes: 16 additions & 2 deletions template/Dockerfile.debian
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{ include ".template-helper-functions" -}}
FROM debian:{{ .debian.suite }}-slim

# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
Expand All @@ -7,7 +8,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends gnupg && rm -rf

# add gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.16
ENV GOSU_VERSION {{ .gosu.version }}
RUN set -eux; \
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
Expand All @@ -26,7 +27,20 @@ RUN set -eux; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
chmod +x /usr/local/bin/gosu; \
gosu --version; \
gosu nobody true
gosu nobody true; \
echo '{{
{
name: "gosu",
version: .gosu.version,
params: {
os_name: "debian",
os_version: .debian.suite
},
licenses: [
"Apache-2.0"
]
} | sbom | tostring
}}' > /usr/local/gosu.spdx.json

RUN mkdir /docker-entrypoint-initdb.d

Expand Down
18 changes: 16 additions & 2 deletions template/Dockerfile.oracle
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{
include ".template-helper-functions";
def dnf:
if .oracle.variant | startswith("7") then
"yum"
Expand All @@ -21,7 +22,7 @@ RUN set -eux; \

# add gosu for easy step-down from root
# https://github.com/tianon/gosu/releases
ENV GOSU_VERSION 1.16
ENV GOSU_VERSION {{ .gosu.version }}
RUN set -eux; \
# TODO find a better userspace architecture detection method than querying the kernel
arch="$(uname -m)"; \
Expand All @@ -38,7 +39,20 @@ RUN set -eux; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
chmod +x /usr/local/bin/gosu; \
gosu --version; \
gosu nobody true
gosu nobody true; \
echo '{{
{
name: "gosu",
version: .gosu.version,
params: {
os_name: "oraclelinux",
os_version: .oracle.variant
},
licenses: [
"Apache-2.0"
]
} | sbom | tostring
}}' > /usr/local/gosu.spdx.json

RUN set -eux; \
{{ if .oracle.variant | startswith("7") then ( -}}
Expand Down
9 changes: 9 additions & 0 deletions versions.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
{
"5.7": {
"gosu": {
"version": "1.16"
},
"mysql-shell": {
"version": "8.0.34-1.el7"
},
Expand All @@ -20,6 +23,9 @@
"suite": "bullseye",
"version": "8.0.34-1debian11"
},
"gosu": {
"version": "1.16"
},
"mysql-shell": {
"version": "8.0.34-1.el8"
},
Expand All @@ -34,6 +40,9 @@
"version": "8.0.34"
},
"innovation": {
"gosu": {
"version": "1.16"
},
"mysql-shell": {
"version": "8.0.34-1.el8"
},
Expand Down
7 changes: 6 additions & 1 deletion versions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ declare -A bashbrewArchToRpmArch=(
[arm64v8]='aarch64'
)

gosuVersion='1.16'

fetch_rpm_versions() {
local repo="$1"; shift
local arch="$1"; shift
Expand Down Expand Up @@ -144,7 +146,7 @@ for version in "${versions[@]}"; do
echo >&2 "error: Oracle and Debian version mismatch! ('$oracleBaseVersion' vs '$baseVersion')"
exit 1
fi
export baseVersion rpmVersion shellVersion oracleVariant
export baseVersion rpmVersion shellVersion oracleVariant gosuVersion
doc="$(jq <<<"$doc" -c '
. += {
version: env.baseVersion,
Expand All @@ -155,6 +157,9 @@ for version in "${versions[@]}"; do
"mysql-shell": {
version: env.shellVersion,
},
"gosu": {
version: env.gosuVersion
}
}
')"

Expand Down

0 comments on commit 55a1ef9

Please sign in to comment.