trillian/Dockerfile.cli-stack.rh at main · securesign/trillian · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
FROM --platform=linux/amd64   quay.io/securesign/trillian-createtree@sha256:5a68980e9d21a069c9f4bdbc6dfdd9407d6138d017cff0efb416af51934685ba AS createtree-amd64
FROM --platform=linux/arm64   quay.io/securesign/trillian-createtree@sha256:5b049b00784ec200422bf9cc928e7086fea3cae2e5113a17cb8b6d203b08ca84 AS createtree-arm64
FROM --platform=linux/ppc64le quay.io/securesign/trillian-createtree@sha256:eceefaa91f9599fa4b37c9ba46a5263e816e4f56f78723eda7363400931e44fe AS createtree-ppc64le
FROM --platform=linux/s390x   quay.io/securesign/trillian-createtree@sha256:a82138334c60a3a44d1731fa6b569c34bb16b2afc6e0eb5996e4973764e5668b AS createtree-s390x

FROM --platform=linux/amd64   quay.io/securesign/trillian-updatetree@sha256:ff700ac49dae17f88eb8a06d6898cb02b934bc7f043dbbcc60058c4db5b6f802 AS updatetree-amd64
FROM --platform=linux/arm64   quay.io/securesign/trillian-updatetree@sha256:f95dae9f0a73496a83d11af721ba3775b414b6389dc07eb484b80fa299d8d999 AS updatetree-arm64
FROM --platform=linux/ppc64le quay.io/securesign/trillian-updatetree@sha256:02247a33df9109b5c4598730d0a61546ab766f3dee9bfa270b99acd331b86a1d AS updatetree-ppc64le
FROM --platform=linux/s390x   quay.io/securesign/trillian-updatetree@sha256:d316d332bb6c106b18ba6f7b1ca4bbda5d0fc376c29b978323c55da75c5650df AS updatetree-s390x

FROM registry.redhat.io/ubi9/go-toolset:9.7-1777898790@sha256:59ec4752cf86f0d0dd240b9e29c64d6ee560c28fc986171e126db1db216a246a AS packager
USER root
RUN mkdir -p /binaries

# createtree: Native Linux binaries from each arch variant
COPY --from=createtree-amd64 /usr/local/bin/createtree.gz /tmp/createtree.gz
RUN gzip -d /tmp/createtree.gz && \
    tar -czf /binaries/createtree_linux_amd64.tar.gz -C /tmp createtree && \
    rm /tmp/createtree

COPY --from=createtree-arm64 /usr/local/bin/createtree.gz /tmp/createtree.gz
RUN gzip -d /tmp/createtree.gz && \
    tar -czf /binaries/createtree_linux_arm64.tar.gz -C /tmp createtree && \
    rm /tmp/createtree

COPY --from=createtree-ppc64le /usr/local/bin/createtree.gz /tmp/createtree.gz
RUN gzip -d /tmp/createtree.gz && \
    tar -czf /binaries/createtree_linux_ppc64le.tar.gz -C /tmp createtree && \
    rm /tmp/createtree

COPY --from=createtree-s390x /usr/local/bin/createtree.gz /tmp/createtree.gz
RUN gzip -d /tmp/createtree.gz && \
    tar -czf /binaries/createtree_linux_s390x.tar.gz -C /tmp createtree && \
    rm /tmp/createtree

# createtree: Cross-compiled binaries
COPY --from=createtree-amd64 /usr/local/bin/createtree-darwin-amd64.gz /tmp/createtree-darwin-amd64.gz
RUN gzip -d /tmp/createtree-darwin-amd64.gz && \
    tar -czf /binaries/createtree_darwin_amd64.tar.gz -C /tmp createtree-darwin-amd64 && \
    rm /tmp/createtree-darwin-amd64

COPY --from=createtree-amd64 /usr/local/bin/createtree-darwin-arm64.gz /tmp/createtree-darwin-arm64.gz
RUN gzip -d /tmp/createtree-darwin-arm64.gz && \
    tar -czf /binaries/createtree_darwin_arm64.tar.gz -C /tmp createtree-darwin-arm64 && \
    rm /tmp/createtree-darwin-arm64

COPY --from=createtree-amd64 /usr/local/bin/createtree-windows-amd64.exe.gz /tmp/createtree-windows-amd64.exe.gz
RUN gzip -d /tmp/createtree-windows-amd64.exe.gz && \
    tar -czf /binaries/createtree_windows_amd64.tar.gz -C /tmp createtree-windows-amd64.exe && \
    rm /tmp/createtree-windows-amd64.exe

# updatetree: Native Linux binaries from each arch variant
COPY --from=updatetree-amd64 /usr/local/bin/updatetree.gz /tmp/updatetree.gz
RUN gzip -d /tmp/updatetree.gz && \
    tar -czf /binaries/updatetree_linux_amd64.tar.gz -C /tmp updatetree && \
    rm /tmp/updatetree

COPY --from=updatetree-arm64 /usr/local/bin/updatetree.gz /tmp/updatetree.gz
RUN gzip -d /tmp/updatetree.gz && \
    tar -czf /binaries/updatetree_linux_arm64.tar.gz -C /tmp updatetree && \
    rm /tmp/updatetree

COPY --from=updatetree-ppc64le /usr/local/bin/updatetree.gz /tmp/updatetree.gz
RUN gzip -d /tmp/updatetree.gz && \
    tar -czf /binaries/updatetree_linux_ppc64le.tar.gz -C /tmp updatetree && \
    rm /tmp/updatetree

COPY --from=updatetree-s390x /usr/local/bin/updatetree.gz /tmp/updatetree.gz
RUN gzip -d /tmp/updatetree.gz && \
    tar -czf /binaries/updatetree_linux_s390x.tar.gz -C /tmp updatetree && \
    rm /tmp/updatetree

# updatetree: Cross-compiled binaries
COPY --from=updatetree-amd64 /usr/local/bin/updatetree-darwin-amd64.gz /tmp/updatetree-darwin-amd64.gz
RUN gzip -d /tmp/updatetree-darwin-amd64.gz && \
    tar -czf /binaries/updatetree_darwin_amd64.tar.gz -C /tmp updatetree-darwin-amd64 && \
    rm /tmp/updatetree-darwin-amd64

COPY --from=updatetree-amd64 /usr/local/bin/updatetree-darwin-arm64.gz /tmp/updatetree-darwin-arm64.gz
RUN gzip -d /tmp/updatetree-darwin-arm64.gz && \
    tar -czf /binaries/updatetree_darwin_arm64.tar.gz -C /tmp updatetree-darwin-arm64 && \
    rm /tmp/updatetree-darwin-arm64

COPY --from=updatetree-amd64 /usr/local/bin/updatetree-windows-amd64.exe.gz /tmp/updatetree-windows-amd64.exe.gz
RUN gzip -d /tmp/updatetree-windows-amd64.exe.gz && \
    tar -czf /binaries/updatetree_windows_amd64.tar.gz -C /tmp updatetree-windows-amd64.exe && \
    rm /tmp/updatetree-windows-amd64.exe

# Final minimal image with all binaries
FROM registry.redhat.io/ubi9/ubi-minimal@sha256:8d0a8fb39ec907e8ca62cdd24b62a63ca49a30fe465798a360741fde58437a23

LABEL description="Flat image containing createtree and updatetree CLI binaries for all platforms and architectures"
LABEL io.k8s.description="Flat image containing createtree and updatetree CLI binaries for all platforms and architectures"
LABEL io.opencontainers.image.description="Flat image containing createtree and updatetree CLI binaries for all platforms and architectures"
LABEL io.k8s.display-name="Trillian CLI stack image for Red Hat Trusted Artifact Signer"
LABEL io.openshift.tags="trillian createtree updatetree trusted-artifact-signer cli-stack"
LABEL summary="Provides all trillian CLI binaries (createtree, updatetree) as tar.gz archives for CDN distribution."
LABEL com.redhat.component="trillian-cli-stack"

COPY --from=packager /binaries/ /binaries/
COPY --from=createtree-amd64 /licenses/ /licenses/

RUN chown -R root:0 /binaries && chmod -R g+r /binaries

USER 65532:65532