Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Verify scanned keys in same build step as scan #1908

Merged
merged 1 commit into from
Apr 8, 2019
Merged

Verify scanned keys in same build step as scan #1908

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions docker/Dockerfile.flux
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,10 @@ RUN apk add --no-cache openssh ca-certificates tini 'git>=2.3.0' gnupg

# Add git hosts to known hosts file so we can use
# StrickHostKeyChecking with git+ssh
RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts

# Verify newly added known_hosts (man-in-middle mitigation)
ADD ./verify_known_hosts.sh /home/flux/verify_known_hosts.sh
RUN sh /home/flux/verify_known_hosts.sh /etc/ssh/ssh_known_hosts && rm /home/flux/verify_known_hosts.sh
RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts && \
sh /home/flux/verify_known_hosts.sh /etc/ssh/ssh_known_hosts && \
rm /home/flux/verify_known_hosts.sh

# Add default SSH config, which points at the private key we'll mount
COPY ./ssh_config /etc/ssh/ssh_config
Expand Down
10 changes: 5 additions & 5 deletions docker/Dockerfile.helm-operator
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@ RUN apk add --no-cache openssh ca-certificates tini 'git>=2.3.0'

# Add git hosts to known hosts file so we can use
# StrickHostKeyChecking with git+ssh
RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts
ADD ./verify_known_hosts.sh /home/flux/verify_known_hosts.sh
RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts && \
sh /home/flux/verify_known_hosts.sh /etc/ssh/ssh_known_hosts && \
rm /home/flux/verify_known_hosts.sh

# Add default SSH config, which points at the private key we'll mount
COPY ./ssh_config /etc/ssh/ssh_config

# Verify newly added known_hosts (man-in-middle mitigation)
ADD ./verify_known_hosts.sh /home/flux/verify_known_hosts.sh
RUN sh /home/flux/verify_known_hosts.sh /etc/ssh/ssh_known_hosts && rm /home/flux/verify_known_hosts.sh

COPY ./kubectl /usr/local/bin/
# The Helm client is included as a convenience for troubleshooting
COPY ./helm /usr/local/bin/
Expand Down