How to do shasum checks in Dockerfile

Mar 11, 2021 · 1 min read · Dockerfile · shasum · sha256sum · security · Docker ·

Share on:

The shasum check is recommended to ensure the binary you are installing and using has not been changed by attackers. Its especially very important in CI/CD tools where automation is used to download tools from public internet.

 1FROM golang:1.16 as builder
 2
 3.
 4.
 5.
 6
 7RUN wget -O /path/to/binary https://url/to/binary.bin
 8RUN echo "sha-sum-for-binary /path/to/binary" | sha256sum --check
 9
10.
11.
12.
13

e.g.

 1FROM golang:1.16 as builder
 2
 3.
 4.
 5.
 6
 7RUN wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64
 8RUN echo "e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df /usr/local/bin/dumb-init" | sha256sum --check
 9
10.
11.
12.
13