CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Version back to sig files

Browse Source
This commit is contained in:
Mike Reeves
2020-11-12 11:53:30 -05:00
parent 7f491545fa
commit cbca2d702f
3 changed files with 56 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/common/tools/sbin/so-image-common
View File

@@ -106,7 +106,7 @@ update_docker_containers() {
docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION
# Get signature
curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i.sig --output $SIGNPATH/$i.sig
curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$VERSION/$i:$VERSION.sig --output $SIGNPATH/$i:$VERSION.sig
if [[ $? -ne 0 ]]; then
echo "Unable to pull signature file for $i:$VERSION"
exit 1
@@ -114,14 +114,14 @@ update_docker_containers() {
# Dump our hash values
DOCKERINSPECT=$(docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION)
echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i.txt
echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i.txt
echo "$DOCKERINSPECT" | jq ".[0].RepoDigests[] | select(. | contains(\"$CONTAINER_REGISTRY\"))" > $SIGNPATH/$i:$VERSION.txt
echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$i:$VERSION.txt
if [[ $? -ne 0 ]]; then
echo "Unable to inspect $i:$VERSION"
exit 1
fi
GPGTEST=$(gpg --verify $SIGNPATH/$i.sig $SIGNPATH/$i.txt 2>&1)
GPGTEST=$(gpg --verify $SIGNPATH/$i:$VERSION.sig $SIGNPATH/$i:$VERSION.txt 2>&1)
if [[ $? -eq 0 ]]; then
# Tag it with the new registry destination
docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION