How to do shasum checks in Dockerfile
The shasum
check is recommended to ensure the binary you are installing and using has not been changed by attackers. Its especially very important in CI/CD tools where automation is used to download tools from public internet.
1FROM golang:1.16 as builder
2
3.
4.
5.
6
7RUN wget -O /path/to/binary https://url/to/binary.bin
8RUN echo "sha-sum-for-binary /path/to/binary" | sha256sum --check
9
10.
11.
12.
13
e.g.
1FROM golang:1.16 as builder
2
3.
4.
5.
6
7RUN wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64
8RUN echo "e874b55f3279ca41415d290c512a7ba9d08f98041b28ae7c2acb19a545f1c4df /usr/local/bin/dumb-init" | sha256sum --check
9
10.
11.
12.
13