Building Images Locally

1. Download Resources

fetch-manifest-resources

Given a valid hardening manifest:

resources:
- filename: etcd.tar.gz
  url: https://github.com/etcd-io/etcd/releases/download/v3.5.4/etcd-v3.5.4-linux-amd64.tar.gz
  validation:
    type: sha256
    value: b1091166153df1ee0bb29b47fb1943ef0ddf0cd5d07a8fe69827580a08134def

This tool parses the hardening_manifest.yaml and for each URL in resources attempts to:

Validate the url
Fetch the url with retries and support for large file streaming
Rename the file to filename and store in the same directory as hardening_manifest.yaml
Validates the checksum value
make build
docker run --rm -v $PWD:/work -it fetch-resources:latest where $PWD is the local directory where your hardening_manifest.yaml lives.

Tip

Add an alias to the fetch-resources command in your $SHELL profile

~/.zshrc

alias fetch='docker run --rm -v ${PWD}:/work -it fetch-resources:latest'

docker login -u <username> -p <token> registry1.dso.mil

3. Build

After downloading any resources in the hardening_manifest.yaml, you can build normally.

docker build . -t <image:tag>

Building Images Locally

1. Download Resources

fetch-manifest-resources

2. Login to Registry1

3. Build