Skip to content

Building Images Locally

1. Download Resources


Given a valid hardening manifest:

- filename: etcd.tar.gz
    type: sha256
    value: b1091166153df1ee0bb29b47fb1943ef0ddf0cd5d07a8fe69827580a08134def
This tool parses the hardening_manifest.yaml and for each URL in resources attempts to:

  • Validate the url
  • Fetch the url with retries and support for large file streaming
  • Rename the file to filename and store in the same directory as hardening_manifest.yaml
  • Validates the checksum value

  • make build

  • docker run --rm -v $PWD:/work -it fetch-resources:latest where $PWD is the local directory where your hardening_manifest.yaml lives.


Add an alias to the fetch-resources command in your $SHELL profile

alias fetch='docker run --rm -v ${PWD}:/work -it fetch-resources:latest'

2. Login to Registry1

docker login -u <username> -p <token>

3. Build

After downloading any resources in the hardening_manifest.yaml, you can build normally.

docker build . -t <image:tag>