Skip to content

Instantly share code, notes, and snippets.

@mmastoras
Last active January 24, 2020 21:57
Show Gist options
  • Save mmastoras/1f141618e80d56218c0a1ae94c842558 to your computer and use it in GitHub Desktop.
Save mmastoras/1f141618e80d56218c0a1ae94c842558 to your computer and use it in GitHub Desktop.
Hashicorp verify sigs
# Used by hashicorp
FROM debian:buster-slim
ARG CONSUL_VERSION=1.6.2
ARG VAULT_VERSION=1.3.2
ENV BIN_DIR=/bin
# Install required packages
RUN set -eux && \
apt-get update && \
DEBIAN_FRONTEND=noninteractive \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
dirmngr \
gnupg \
jq \
netcat \
wget \
unzip && \
rm -rf /var/lib/apt/lists/*
# import trust
COPY hashicorp.asc /
COPY hashicorp.trust /
RUN gpg --import hashicorp.asc && \
gpg --import-ownertrust hashicorp.trust && \
rm hashicorp.asc && \
rm hashicorp.trust
# Download consul cli and verify signatures
RUN wget -q https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip && \
curl -Os https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS && \
curl -Os https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS.sig && \
gpg --verify consul_${CONSUL_VERSION}_SHA256SUMS.sig consul_${CONSUL_VERSION}_SHA256SUMS && \
sha256sum --ignore-missing -c consul_${CONSUL_VERSION}_SHA256SUMS && \
unzip consul_${CONSUL_VERSION}_linux_amd64.zip && \
mv consul $BIN_DIR/. && \
rm -f consul_${CONSUL_VERSION}_linux_amd64.zip
# Download vault cli and verify signatures
RUN wget -q https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip && \
curl -Os https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS && \
curl -Os https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS.sig && \
gpg --verify vault_${VAULT_VERSION}_SHA256SUMS.sig vault_${VAULT_VERSION}_SHA256SUMS && \
sha256sum --ignore-missing -c vault_${VAULT_VERSION}_SHA256SUMS && \
unzip vault_${VAULT_VERSION}_linux_amd64.zip && \
mv vault $BIN_DIR/. && \
rm -f vault_${VAULT_VERSION}_linux_amd64.zip && \
rm -f vault_${VERSION}_SHA256SUMS && \
rm -f vault_${VERSION}_SHA256SUMS.sig
CMD /bin/bash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment