Building Images Locally
1. Download Resources
fetch-manifest-resources
Given a valid hardening manifest:
resources:
- filename: etcd.tar.gz
url: https://github.com/etcd-io/etcd/releases/download/v3.5.4/etcd-v3.5.4-linux-amd64.tar.gz
validation:
type: sha256
value: b1091166153df1ee0bb29b47fb1943ef0ddf0cd5d07a8fe69827580a08134def
resources
attempts to:
- Validate the
url
- Fetch the
url
with retries and support for large file streaming - Rename the file to
filename
and store in the same directory ashardening_manifest.yaml
-
Validates the checksum
value
-
make build
docker run --rm -v $PWD:/work -it fetch-resources:latest
where$PWD
is the local directory where your hardening_manifest.yaml lives.
Tip
Add an alias to the fetch-resources command in your $SHELL
profile
~/.zshrc
alias fetch='docker run --rm -v ${PWD}:/work -it fetch-resources:latest'
2. Login to Registry1
docker login -u <username> -p <token> registry1.dso.mil
3. Build
After downloading any resources in the hardening_manifest.yaml
, you can build normally.
docker build . -t <image:tag>