Skip to content

Building Images Locally

1. Download Resources

fetch-manifest-resources

Given a valid hardening manifest:

resources:
- filename: etcd.tar.gz
  url: https://github.com/etcd-io/etcd/releases/download/v3.5.4/etcd-v3.5.4-linux-amd64.tar.gz
  validation:
    type: sha256
    value: b1091166153df1ee0bb29b47fb1943ef0ddf0cd5d07a8fe69827580a08134def
This tool parses the hardening_manifest.yaml and for each URL in resources attempts to:

  • Validate the url
  • Fetch the url with retries and support for large file streaming
  • Rename the file to filename and store in the same directory as hardening_manifest.yaml
  • Validates the checksum value

  • make build

  • docker run --rm -v $PWD:/work -it fetch-resources:latest where $PWD is the local directory where your hardening_manifest.yaml lives.

Tip

Add an alias to the fetch-resources command in your $SHELL profile

~/.zshrc
alias fetch='docker run --rm -v ${PWD}:/work -it fetch-resources:latest'

2. Login to Registry1

docker login -u <username> -p <token> registry1.dso.mil

3. Build

After downloading any resources in the hardening_manifest.yaml, you can build normally.

docker build . -t <image:tag>