diff --git a/eng/docker-tools/CHANGELOG.md b/eng/docker-tools/CHANGELOG.md new file mode 100644 index 0000000000..7903acd810 --- /dev/null +++ b/eng/docker-tools/CHANGELOG.md @@ -0,0 +1,76 @@ +# Docker Tools / ImageBuilder Changelog + +All breaking changes and new features in `eng/docker-tools` will be documented in this file. + +--- + +## 2026-02-19: Separate Registry Endpoints from Authentication + +- Pull request: [#1945](https://github.com/dotnet/docker-tools/pull/1945) +- Issue: [#1914](https://github.com/dotnet/docker-tools/issues/1914) + +Authentication details (`serviceConnection`, `resourceGroup`, `subscription`) have been moved from individual registry endpoints into a centralized `RegistryAuthentication` list. +This fixes an issue where ACR authentication could fail when multiple service connections existed for the same registry. + +**Before:** Each registry endpoint embedded its own authentication: + +```yaml +publishConfig: + BuildRegistry: + server: $(acr.server) + repoPrefix: "my-prefix/" + resourceGroup: $(resourceGroup) + subscription: $(subscription) + serviceConnection: + name: $(serviceConnectionName) + id: $(serviceConnection.id) + clientId: $(serviceConnection.clientId) + tenantId: $(tenant) + PublishRegistry: + server: $(acr.server) + repoPrefix: "publish/" + resourceGroup: $(resourceGroup) + subscription: $(subscription) + serviceConnection: + name: $(publishServiceConnectionName) + id: $(publishServiceConnection.id) + clientId: $(publishServiceConnection.clientId) + tenantId: $(tenant) +``` + +**After:** Registry endpoints only contain `server` and `repoPrefix`. Authentication is centralized: + +```yaml +publishConfig: + BuildRegistry: + server: $(acr.server) + repoPrefix: "my-prefix/" + PublishRegistry: + server: $(acr.server) + repoPrefix: "publish/" + RegistryAuthentication: + - server: $(acr.server) + resourceGroup: $(resourceGroup) + subscription: $(subscription) + serviceConnection: + name: $(serviceConnectionName) + id: $(serviceConnection.id) + clientId: $(serviceConnection.clientId) + tenantId: $(tenant) +``` + +How to update: +- Update any publishConfig parameters to match the new structure. + - Multiple registries can share authentication. If two registries use the same ACR server, only one entry is needed in `RegistryAuthentication`. + - The new structure should match [ImageBuilder's Configuration Model](https://github.com/dotnet/docker-tools/tree/a82572386854f15af441c50c6efa698a627e9f2b/src/ImageBuilder/Configuration). +- Update service connection setup (if using `setup-service-connections.yml`): + - The template now supports looking up service connections from `publishConfig.RegistryAuthentication` + - Use the new `usesRegistries` parameter to specify which registries need auth setup: + ```yaml + - template: eng/docker-tools/templates/stages/setup-service-connections.yml + parameters: + publishConfig: ${{ variables.publishConfig }} + usesRegistries: + - $(buildRegistry.server) + - $(publishRegistry.server) + ``` diff --git a/eng/docker-tools/templates/jobs/build-images.yml b/eng/docker-tools/templates/jobs/build-images.yml index db9b4f7fd8..025d3c8d00 100644 --- a/eng/docker-tools/templates/jobs/build-images.yml +++ b/eng/docker-tools/templates/jobs/build-images.yml @@ -91,8 +91,6 @@ jobs: --architecture $(architecture) --retry --digests-out-var 'builtImages' - --acr-subscription '${{ parameters.publishConfig.BuildRegistry.subscription }}' - --acr-resource-group '${{ parameters.publishConfig.BuildRegistry.resourceGroup }}' $(manifestVariables) $(imageBuilderBuildArgs) - template: /eng/docker-tools/templates/steps/publish-artifact.yml@self diff --git a/eng/docker-tools/templates/jobs/publish.yml b/eng/docker-tools/templates/jobs/publish.yml index 98e29f4a76..b86ec1ee2d 100644 --- a/eng/docker-tools/templates/jobs/publish.yml +++ b/eng/docker-tools/templates/jobs/publish.yml @@ -97,8 +97,6 @@ jobs: internalProjectName: ${{ parameters.internalProjectName }} args: >- copyAcrImages - '${{ parameters.publishConfig.BuildRegistry.subscription }}' - '${{ parameters.publishConfig.BuildRegistry.resourceGroup }}' '${{ parameters.publishConfig.BuildRegistry.repoPrefix }}' '${{ parameters.publishConfig.BuildRegistry.server }}' --os-type '*' diff --git a/eng/docker-tools/templates/stages/build-and-test.yml b/eng/docker-tools/templates/stages/build-and-test.yml index 3f7118ab3a..1e39a998ea 100644 --- a/eng/docker-tools/templates/stages/build-and-test.yml +++ b/eng/docker-tools/templates/stages/build-and-test.yml @@ -3,11 +3,13 @@ parameters: testMatrixType: platformVersionedOs buildMatrixCustomBuildLegGroupArgs: "" testMatrixCustomBuildLegGroupArgs: "" - customCopyBaseImagesInitSteps: [] - customGenerateMatrixInitSteps: [] # Custom steps to set up ImageBuilder instead of pulling from MCR (e.g., bootstrap from source). # Runs before ImageBuilder pull. If non-empty, skips the default ImageBuilder pull. customInitSteps: [] + # Custom steps that run after ImageBuilder is set up but before copy-base-images runs. + customCopyBaseImagesInitSteps: [] + # Custom steps that run after ImageBuilder is set up but before matrix generation runs. + customGenerateMatrixInitSteps: [] # Custom steps that run after ImageBuilder is set up but before the build starts. # Use for build-specific initialization (e.g., setting variables, additional setup). customBuildInitSteps: [] diff --git a/eng/docker-tools/templates/stages/dotnet/publish-config-nonprod.yml b/eng/docker-tools/templates/stages/dotnet/publish-config-nonprod.yml index 424f3aaf5d..6f3e4995d6 100644 --- a/eng/docker-tools/templates/stages/dotnet/publish-config-nonprod.yml +++ b/eng/docker-tools/templates/stages/dotnet/publish-config-nonprod.yml @@ -53,35 +53,44 @@ stages: InternalMirrorRegistry: server: $(acr-staging-test.server) repoPrefix: $(internalMirrorRepoPrefix) - resourceGroup: $(testResourceGroup) - subscription: $(testSubscription) - serviceConnection: - name: $(internal-mirror-test.serviceConnectionName) - id: $(internal-mirror-test.serviceConnection.id) - clientId: $(internal-mirror-test.serviceConnection.clientId) - tenantId: $(testTenant) PublicMirrorRegistry: server: $(public-mirror.server) repoPrefix: $(publicMirrorRepoPrefix) - resourceGroup: $(public-mirror.resourceGroup) - subscription: $(public-mirror.subscription) - serviceConnection: - name: $(public-mirror.serviceConnectionName) - id: $(public-mirror.serviceConnection.id) - tenantId: $(public-mirror.serviceConnection.tenantId) - clientId: $(public-mirror.serviceConnection.clientId) BuildRegistry: server: $(acr-staging-test.server) - resourceGroup: $(testResourceGroup) - subscription: $(testSubscription) repoPrefix: "${{ parameters.stagingRepoPrefix }}${{ parameters.sourceBuildPipelineRunId }}/" - serviceConnection: - name: $(build-test.serviceConnectionName) - id: $(build-test.serviceConnection.id) - clientId: $(build-test.serviceConnection.clientId) - tenantId: $(testTenant) + + PublishRegistry: + server: $(acr-test.server) + repoPrefix: "${{ parameters.publishRepoPrefix }}" + + RegistryAuthentication: + - server: $(acr-staging-test.server) + resourceGroup: $(testResourceGroup) + subscription: $(testSubscription) + serviceConnection: + name: $(build-test.serviceConnectionName) + id: $(build-test.serviceConnection.id) + clientId: $(build-test.serviceConnection.clientId) + tenantId: $(testTenant) + - server: $(public-mirror.server) + resourceGroup: $(public-mirror.resourceGroup) + subscription: $(public-mirror.subscription) + serviceConnection: + name: $(public-mirror.serviceConnectionName) + id: $(public-mirror.serviceConnection.id) + tenantId: $(public-mirror.serviceConnection.tenantId) + clientId: $(public-mirror.serviceConnection.clientId) + - server: $(acr-test.server) + resourceGroup: $(testResourceGroup) + subscription: $(testSubscription) + serviceConnection: + name: $(publish-test.serviceConnectionName) + id: $(publish-test.serviceConnection.id) + clientId: $(publish-test.serviceConnection.clientId) + tenantId: $(testTenant) cleanServiceConnection: name: $(clean-test.serviceConnectionName) @@ -94,14 +103,3 @@ stages: id: $(test-nonprod.serviceConnection.id) clientId: $(test-nonprod.serviceConnection.clientId) tenantId: $(testTenant) - - PublishRegistry: - server: $(acr-test.server) - resourceGroup: $(testResourceGroup) - subscription: $(testSubscription) - repoPrefix: "${{ parameters.publishRepoPrefix }}" - serviceConnection: - name: $(publish-test.serviceConnectionName) - id: $(publish-test.serviceConnection.id) - clientId: $(publish-test.serviceConnection.clientId) - tenantId: $(testTenant) diff --git a/eng/docker-tools/templates/stages/dotnet/publish-config-prod.yml b/eng/docker-tools/templates/stages/dotnet/publish-config-prod.yml index 7f9a4e0071..24746b3aea 100644 --- a/eng/docker-tools/templates/stages/dotnet/publish-config-prod.yml +++ b/eng/docker-tools/templates/stages/dotnet/publish-config-prod.yml @@ -53,35 +53,44 @@ stages: InternalMirrorRegistry: server: $(acr-staging.server) repoPrefix: $(internalMirrorRepoPrefix) - resourceGroup: $(acr-staging.resourceGroup) - subscription: $(acr-staging.subscription) - serviceConnection: - name: $(internal-mirror.serviceConnectionName) - id: $(internal-mirror.serviceConnection.id) - clientId: $(internal-mirror.serviceConnection.clientId) - tenantId: $(internal-mirror.serviceConnection.tenantId) PublicMirrorRegistry: server: $(public-mirror.server) repoPrefix: $(publicMirrorRepoPrefix) - resourceGroup: $(public-mirror.resourceGroup) - subscription: $(public-mirror.subscription) - serviceConnection: - name: $(public-mirror.serviceConnectionName) - id: $(public-mirror.serviceConnection.id) - tenantId: $(public-mirror.serviceConnection.tenantId) - clientId: $(public-mirror.serviceConnection.clientId) BuildRegistry: server: $(acr-staging.server) - resourceGroup: $(acr-staging.resourceGroup) - subscription: $(acr-staging.subscription) repoPrefix: "${{ parameters.stagingRepoPrefix }}${{ parameters.sourceBuildPipelineRunId }}/" - serviceConnection: - name: $(build.serviceConnectionName) - id: $(build.serviceConnection.id) - clientId: $(build.serviceConnection.clientId) - tenantId: $(build.serviceConnection.tenantId) + + PublishRegistry: + server: $(acr.server) + repoPrefix: "${{ parameters.publishRepoPrefix }}" + + RegistryAuthentication: + - server: $(acr-staging.server) + resourceGroup: $(acr-staging.resourceGroup) + subscription: $(acr-staging.subscription) + serviceConnection: + name: $(build.serviceConnectionName) + id: $(build.serviceConnection.id) + clientId: $(build.serviceConnection.clientId) + tenantId: $(build.serviceConnection.tenantId) + - server: $(public-mirror.server) + resourceGroup: $(public-mirror.resourceGroup) + subscription: $(public-mirror.subscription) + serviceConnection: + name: $(public-mirror.serviceConnectionName) + id: $(public-mirror.serviceConnection.id) + tenantId: $(public-mirror.serviceConnection.tenantId) + clientId: $(public-mirror.serviceConnection.clientId) + - server: $(acr.server) + resourceGroup: $(acr.resourceGroup) + subscription: $(acr.subscription) + serviceConnection: + name: $(publish.serviceConnectionName) + id: $(publish.serviceConnection.id) + clientId: $(publish.serviceConnection.clientId) + tenantId: $(publish.serviceConnection.tenantId) cleanServiceConnection: name: $(clean.serviceConnectionName) @@ -94,14 +103,3 @@ stages: id: $(test.serviceConnection.id) clientId: $(test.serviceConnection.clientId) tenantId: $(test.serviceConnection.tenantId) - - PublishRegistry: - server: $(acr.server) - resourceGroup: $(acr.resourceGroup) - subscription: $(acr.subscription) - repoPrefix: "${{ parameters.publishRepoPrefix }}" - serviceConnection: - name: $(publish.serviceConnectionName) - id: $(publish.serviceConnection.id) - clientId: $(publish.serviceConnection.clientId) - tenantId: $(publish.serviceConnection.tenantId) diff --git a/eng/docker-tools/templates/stages/setup-service-connections.yml b/eng/docker-tools/templates/stages/setup-service-connections.yml index 2ef74e90c5..405bc703ac 100644 --- a/eng/docker-tools/templates/stages/setup-service-connections.yml +++ b/eng/docker-tools/templates/stages/setup-service-connections.yml @@ -3,6 +3,10 @@ # it is declared in this stage's parameters, even if your pipeline has already # been granted access to the service connection. This stage also does not need # to complete before the service connection is used. +# +# There are two ways to specify service connections: +# - Pass `serviceConnections` directly (list of {name: string} objects) +# - Pass `publishConfig` + `registries` to look up auth from RegistryAuthentication parameters: - name: pool type: object @@ -10,14 +14,26 @@ parameters: name: $(default1ESInternalPoolName) image: $(default1ESInternalPoolImage) os: linux -# serviceConnections object shape: -# - name: string + +# Explicit list of service connections to initialize +# Shape: [{ name: string }] - name: serviceConnections type: object default: [] -stages: +# List of registry servers that need authentication. These will be looked up in +# publishConfig.RegistryAuthentication. +# Make sure to provide the publishConfig parameter. +- name: usesRegistries + type: object + default: [] +# Look up service connections from publishConfig based on registries +# The publish configuration containing RegistryAuthentication entries. +- name: publishConfig + type: object + default: {} +stages: - stage: SetupServiceConnectionsStage displayName: Setup service connections jobs: @@ -27,6 +43,8 @@ stages: pool: ${{ parameters.pool }} steps: - checkout: none + + # Direct service connections list - ${{ each serviceConnection in parameters.serviceConnections }}: - task: AzureCLI@2 displayName: Setup ${{ serviceConnection.name }} @@ -36,3 +54,15 @@ stages: scriptLocation: inlineScript inlineScript: | az account show + + # Setup registry service connections + - ${{ if gt(length(parameters.usesRegistries), 0) }}: + - ${{ each auth in parameters.publishConfig.RegistryAuthentication }}: + - ${{ if containsValue(parameters.usesRegistries, auth.server) }}: + - task: AzureCLI@2 + displayName: Setup ${{ auth.serviceConnection.name }} + inputs: + azureSubscription: ${{ auth.serviceConnection.name }} + scriptType: pscore + scriptLocation: inlineScript + inlineScript: az account show diff --git a/eng/docker-tools/templates/steps/clean-acr-images.yml b/eng/docker-tools/templates/steps/clean-acr-images.yml index 65b8ceffac..2f4b53ade1 100644 --- a/eng/docker-tools/templates/steps/clean-acr-images.yml +++ b/eng/docker-tools/templates/steps/clean-acr-images.yml @@ -5,7 +5,6 @@ parameters: age: null customArgs: "--dry-run" internalProjectName: null - publishConfig: null steps: - template: /eng/docker-tools/templates/steps/run-imagebuilder.yml@self parameters: @@ -20,8 +19,6 @@ steps: args: >- cleanAcrImages ${{ parameters.repo }} - ${{ parameters.acr.subscription }} - ${{ parameters.acr.resourceGroup }} ${{ parameters.acr.server }} --action ${{ parameters.action }} --age ${{ parameters.age }} diff --git a/eng/docker-tools/templates/steps/copy-base-images.yml b/eng/docker-tools/templates/steps/copy-base-images.yml index 0e9e09f688..6664c8f9af 100644 --- a/eng/docker-tools/templates/steps/copy-base-images.yml +++ b/eng/docker-tools/templates/steps/copy-base-images.yml @@ -3,8 +3,6 @@ parameters: type: object default: server: "" - subscription: "" - resourceGroup: "" repoPrefix: "" - name: additionalOptions type: string @@ -29,8 +27,6 @@ steps: # error args: >- copyBaseImages - '${{ parameters.acr.subscription }}' - '${{ parameters.acr.resourceGroup }}' $(dockerHubRegistryCreds) $(customCopyBaseImagesArgs) --repo-prefix '${{ parameters.acr.repoPrefix }}' diff --git a/eng/docker-tools/templates/variables/docker-images.yml b/eng/docker-tools/templates/variables/docker-images.yml index b932703539..86b50eb984 100644 --- a/eng/docker-tools/templates/variables/docker-images.yml +++ b/eng/docker-tools/templates/variables/docker-images.yml @@ -1,5 +1,5 @@ variables: - imageNames.imageBuilderName: mcr.microsoft.com/dotnet-buildtools/image-builder:2887966 + imageNames.imageBuilderName: mcr.microsoft.com/dotnet-buildtools/image-builder:2914488 imageNames.imageBuilder: $(imageNames.imageBuilderName) imageNames.imageBuilder.withrepo: imagebuilder-withrepo:$(Build.BuildId)-$(System.JobId) imageNames.testRunner: mcr.microsoft.com/dotnet-buildtools/prereqs:azurelinux3.0-docker-testrunner diff --git a/eng/pipelines/stages/build-and-test.yml b/eng/pipelines/stages/build-and-test.yml index 5f7547ce73..da30d979f5 100644 --- a/eng/pipelines/stages/build-and-test.yml +++ b/eng/pipelines/stages/build-and-test.yml @@ -44,11 +44,13 @@ stages: - ${{ if parameters.isStandaloneBuild }}: - template: /eng/docker-tools/templates/stages/setup-service-connections.yml@self parameters: + publishConfig: ${{ parameters.publishConfig }} + usesRegistries: + - ${{ parameters.publishConfig.InternalMirrorRegistry.server }} + - ${{ parameters.publishConfig.BuildRegistry.server }} serviceConnections: - - name: ${{ parameters.publishConfig.InternalMirrorRegistry.serviceConnection.name }} - - name: ${{ parameters.publishConfig.BuildRegistry.serviceConnection.name }} - - ${{ if parameters.storageAccountServiceConnection }}: - - name: ${{ parameters.storageAccountServiceConnection.name }} + - ${{ if parameters.storageAccountServiceConnection }}: + - name: ${{ parameters.storageAccountServiceConnection.name }} - template: /eng/docker-tools/templates/stages/dotnet/build-and-test.yml@self parameters: diff --git a/eng/pipelines/stages/build-test-publish-repo.yml b/eng/pipelines/stages/build-test-publish-repo.yml index 7e1d04893a..d6790b0d8a 100644 --- a/eng/pipelines/stages/build-test-publish-repo.yml +++ b/eng/pipelines/stages/build-test-publish-repo.yml @@ -36,12 +36,14 @@ stages: - ${{ if ne(variables['Build.Reason'], 'PullRequest') }}: - template: /eng/docker-tools/templates/stages/setup-service-connections.yml@self parameters: + publishConfig: ${{ parameters.publishConfig }} + usesRegistries: + - ${{ parameters.publishConfig.InternalMirrorRegistry.server }} + - ${{ parameters.publishConfig.BuildRegistry.server }} + - ${{ parameters.publishConfig.PublishRegistry.server }} serviceConnections: - - name: ${{ parameters.publishConfig.InternalMirrorRegistry.serviceConnection.name }} - - name: ${{ parameters.publishConfig.BuildRegistry.serviceConnection.name }} - - name: ${{ parameters.publishConfig.PublishRegistry.serviceConnection.name }} - - ${{ each serviceConnection in parameters.additionalServiceConnections }}: - - name: ${{ serviceConnection.name }} + - ${{ each serviceConnection in parameters.additionalServiceConnections }}: + - name: ${{ serviceConnection.name }} - template: /eng/pipelines/stages/build-and-test.yml@self parameters: diff --git a/eng/pipelines/stages/publish.yml b/eng/pipelines/stages/publish.yml index f4d20bb028..d80fb09a4c 100644 --- a/eng/pipelines/stages/publish.yml +++ b/eng/pipelines/stages/publish.yml @@ -39,10 +39,12 @@ stages: - ${{ if parameters.isStandalonePublish }}: - template: /eng/docker-tools/templates/stages/setup-service-connections.yml@self parameters: + publishConfig: ${{ parameters.publishConfig }} + usesRegistries: + - ${{ parameters.publishConfig.PublishRegistry.server }} serviceConnections: - - name: ${{ parameters.publishConfig.PublishRegistry.serviceConnection.name }} - - ${{ each serviceConnection in parameters.additionalServiceConnections }}: - - name: ${{ serviceConnection.name }} + - ${{ each serviceConnection in parameters.additionalServiceConnections }}: + - name: ${{ serviceConnection.name }} - template: /eng/docker-tools/templates/stages/dotnet/publish.yml@self parameters: diff --git a/manifest.versions.json b/manifest.versions.json index 5e119333c7..9e7ae1f774 100644 --- a/manifest.versions.json +++ b/manifest.versions.json @@ -40,7 +40,7 @@ "aspnet|11.0|build-version": "11.0.0-preview.2.26122.107", "aspnet-composite|11.0|build-version": "$(aspnet|11.0|build-version)", - "chisel|latest|build-version": "v1.3.0", + "chisel|latest|build-version": "v1.4.0", "chisel|latest|x64|url": "https://github.com/canonical/chisel/releases/download/$(chisel|latest|build-version)/chisel_$(chisel|latest|build-version)_linux_amd64.tar.gz", "chisel|latest|arm|url": "https://github.com/canonical/chisel/releases/download/$(chisel|latest|build-version)/chisel_$(chisel|latest|build-version)_linux_arm.tar.gz", "chisel|latest|arm64|url": "https://github.com/canonical/chisel/releases/download/$(chisel|latest|build-version)/chisel_$(chisel|latest|build-version)_linux_arm64.tar.gz", @@ -57,9 +57,9 @@ "chisel|8.0|arm|url": "$(chisel|latest|arm|url)", "chisel|8.0|arm64|url": "$(chisel|latest|arm64|url)", - "chisel|latest|x64|sha384": "8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9", - "chisel|latest|arm|sha384": "fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb", - "chisel|latest|arm64|sha384": "5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b", + "chisel|latest|x64|sha384": "e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820", + "chisel|latest|arm|sha384": "5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997", + "chisel|latest|arm64|sha384": "bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff", "chisel|10.0|x64|sha384": "$(chisel|latest|x64|sha384)", "chisel|10.0|arm|sha384": "$(chisel|latest|arm|sha384)", "chisel|10.0|arm64|sha384": "$(chisel|latest|arm64|sha384)", diff --git a/src/runtime-deps/10.0/noble-chiseled-extra/amd64/Dockerfile b/src/runtime-deps/10.0/noble-chiseled-extra/amd64/Dockerfile index ecd88fc7b9..dc3fcfbddd 100644 --- a/src/runtime-deps/10.0/noble-chiseled-extra/amd64/Dockerfile +++ b/src/runtime-deps/10.0/noble-chiseled-extra/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/10.0/noble-chiseled-extra/arm32v7/Dockerfile b/src/runtime-deps/10.0/noble-chiseled-extra/arm32v7/Dockerfile index d976820ebf..5262c18285 100644 --- a/src/runtime-deps/10.0/noble-chiseled-extra/arm32v7/Dockerfile +++ b/src/runtime-deps/10.0/noble-chiseled-extra/arm32v7/Dockerfile @@ -2,8 +2,8 @@ FROM arm32v7/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm.tar.gz \ - && chisel_sha384='fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm.tar.gz \ + && chisel_sha384='5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/10.0/noble-chiseled-extra/arm64v8/Dockerfile b/src/runtime-deps/10.0/noble-chiseled-extra/arm64v8/Dockerfile index 4f29219fe8..8cc5fb8aa9 100644 --- a/src/runtime-deps/10.0/noble-chiseled-extra/arm64v8/Dockerfile +++ b/src/runtime-deps/10.0/noble-chiseled-extra/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/10.0/noble-chiseled/amd64/Dockerfile b/src/runtime-deps/10.0/noble-chiseled/amd64/Dockerfile index 87acfe8b95..f90b04e781 100644 --- a/src/runtime-deps/10.0/noble-chiseled/amd64/Dockerfile +++ b/src/runtime-deps/10.0/noble-chiseled/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/10.0/noble-chiseled/arm32v7/Dockerfile b/src/runtime-deps/10.0/noble-chiseled/arm32v7/Dockerfile index 2be7ef5c00..44d7ba3d19 100644 --- a/src/runtime-deps/10.0/noble-chiseled/arm32v7/Dockerfile +++ b/src/runtime-deps/10.0/noble-chiseled/arm32v7/Dockerfile @@ -2,8 +2,8 @@ FROM arm32v7/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm.tar.gz \ - && chisel_sha384='fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm.tar.gz \ + && chisel_sha384='5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/10.0/noble-chiseled/arm64v8/Dockerfile b/src/runtime-deps/10.0/noble-chiseled/arm64v8/Dockerfile index 89c07ffc2a..1fc9cd3bbd 100644 --- a/src/runtime-deps/10.0/noble-chiseled/arm64v8/Dockerfile +++ b/src/runtime-deps/10.0/noble-chiseled/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/11.0/resolute-chiseled-extra/amd64/Dockerfile b/src/runtime-deps/11.0/resolute-chiseled-extra/amd64/Dockerfile index b17a1d4d25..38ed23f6ed 100644 --- a/src/runtime-deps/11.0/resolute-chiseled-extra/amd64/Dockerfile +++ b/src/runtime-deps/11.0/resolute-chiseled-extra/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:resolute-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/11.0/resolute-chiseled-extra/arm32v7/Dockerfile b/src/runtime-deps/11.0/resolute-chiseled-extra/arm32v7/Dockerfile index 0feaa21282..a8dda02219 100644 --- a/src/runtime-deps/11.0/resolute-chiseled-extra/arm32v7/Dockerfile +++ b/src/runtime-deps/11.0/resolute-chiseled-extra/arm32v7/Dockerfile @@ -2,8 +2,8 @@ FROM arm32v7/buildpack-deps:resolute-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm.tar.gz \ - && chisel_sha384='fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm.tar.gz \ + && chisel_sha384='5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/11.0/resolute-chiseled-extra/arm64v8/Dockerfile b/src/runtime-deps/11.0/resolute-chiseled-extra/arm64v8/Dockerfile index 8ee322b566..ba9b908175 100644 --- a/src/runtime-deps/11.0/resolute-chiseled-extra/arm64v8/Dockerfile +++ b/src/runtime-deps/11.0/resolute-chiseled-extra/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:resolute-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/11.0/resolute-chiseled/amd64/Dockerfile b/src/runtime-deps/11.0/resolute-chiseled/amd64/Dockerfile index 7a8ed94923..28afbaad16 100644 --- a/src/runtime-deps/11.0/resolute-chiseled/amd64/Dockerfile +++ b/src/runtime-deps/11.0/resolute-chiseled/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:resolute-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/11.0/resolute-chiseled/arm32v7/Dockerfile b/src/runtime-deps/11.0/resolute-chiseled/arm32v7/Dockerfile index fe1a5034ad..52af504cac 100644 --- a/src/runtime-deps/11.0/resolute-chiseled/arm32v7/Dockerfile +++ b/src/runtime-deps/11.0/resolute-chiseled/arm32v7/Dockerfile @@ -2,8 +2,8 @@ FROM arm32v7/buildpack-deps:resolute-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm.tar.gz \ - && chisel_sha384='fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm.tar.gz \ + && chisel_sha384='5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/11.0/resolute-chiseled/arm64v8/Dockerfile b/src/runtime-deps/11.0/resolute-chiseled/arm64v8/Dockerfile index dc37fc9eda..056a58c8af 100644 --- a/src/runtime-deps/11.0/resolute-chiseled/arm64v8/Dockerfile +++ b/src/runtime-deps/11.0/resolute-chiseled/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:resolute-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/jammy-chiseled-extra/amd64/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled-extra/amd64/Dockerfile index 89ab3cfdee..41b5d0dd78 100644 --- a/src/runtime-deps/8.0/jammy-chiseled-extra/amd64/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled-extra/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:jammy-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/jammy-chiseled-extra/arm32v7/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled-extra/arm32v7/Dockerfile index 4d92f68d55..c40ae936b7 100644 --- a/src/runtime-deps/8.0/jammy-chiseled-extra/arm32v7/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled-extra/arm32v7/Dockerfile @@ -2,8 +2,8 @@ FROM arm32v7/buildpack-deps:jammy-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm.tar.gz \ - && chisel_sha384='fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm.tar.gz \ + && chisel_sha384='5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/jammy-chiseled-extra/arm64v8/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled-extra/arm64v8/Dockerfile index 90d5f25667..28000e1292 100644 --- a/src/runtime-deps/8.0/jammy-chiseled-extra/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled-extra/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:jammy-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile index 776dc1716c..596bfef5ac 100644 --- a/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:jammy-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile index c53fae522f..6b35b91350 100644 --- a/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled/arm32v7/Dockerfile @@ -2,8 +2,8 @@ FROM arm32v7/buildpack-deps:jammy-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm.tar.gz \ - && chisel_sha384='fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm.tar.gz \ + && chisel_sha384='5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile b/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile index 2ee96e6036..8695b8ad56 100644 --- a/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/jammy-chiseled/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:jammy-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/noble-chiseled-extra/amd64/Dockerfile b/src/runtime-deps/8.0/noble-chiseled-extra/amd64/Dockerfile index a28669965e..ab75350aff 100644 --- a/src/runtime-deps/8.0/noble-chiseled-extra/amd64/Dockerfile +++ b/src/runtime-deps/8.0/noble-chiseled-extra/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/noble-chiseled-extra/arm64v8/Dockerfile b/src/runtime-deps/8.0/noble-chiseled-extra/arm64v8/Dockerfile index 4a649d715e..65100c6972 100644 --- a/src/runtime-deps/8.0/noble-chiseled-extra/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/noble-chiseled-extra/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/noble-chiseled/amd64/Dockerfile b/src/runtime-deps/8.0/noble-chiseled/amd64/Dockerfile index fc83967ae2..9231d2cb40 100644 --- a/src/runtime-deps/8.0/noble-chiseled/amd64/Dockerfile +++ b/src/runtime-deps/8.0/noble-chiseled/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/8.0/noble-chiseled/arm64v8/Dockerfile b/src/runtime-deps/8.0/noble-chiseled/arm64v8/Dockerfile index 0899e2dbc0..ec57c4a390 100644 --- a/src/runtime-deps/8.0/noble-chiseled/arm64v8/Dockerfile +++ b/src/runtime-deps/8.0/noble-chiseled/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/9.0/noble-chiseled-extra/amd64/Dockerfile b/src/runtime-deps/9.0/noble-chiseled-extra/amd64/Dockerfile index c2eba0f2e5..32b8cb1d0a 100644 --- a/src/runtime-deps/9.0/noble-chiseled-extra/amd64/Dockerfile +++ b/src/runtime-deps/9.0/noble-chiseled-extra/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/9.0/noble-chiseled-extra/arm32v7/Dockerfile b/src/runtime-deps/9.0/noble-chiseled-extra/arm32v7/Dockerfile index 7b3e2f7cb7..baaada2774 100644 --- a/src/runtime-deps/9.0/noble-chiseled-extra/arm32v7/Dockerfile +++ b/src/runtime-deps/9.0/noble-chiseled-extra/arm32v7/Dockerfile @@ -2,8 +2,8 @@ FROM arm32v7/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm.tar.gz \ - && chisel_sha384='fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm.tar.gz \ + && chisel_sha384='5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/9.0/noble-chiseled-extra/arm64v8/Dockerfile b/src/runtime-deps/9.0/noble-chiseled-extra/arm64v8/Dockerfile index bd8f972aae..7795689056 100644 --- a/src/runtime-deps/9.0/noble-chiseled-extra/arm64v8/Dockerfile +++ b/src/runtime-deps/9.0/noble-chiseled-extra/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/9.0/noble-chiseled/amd64/Dockerfile b/src/runtime-deps/9.0/noble-chiseled/amd64/Dockerfile index 5ea4b670ea..7b8e8fa174 100644 --- a/src/runtime-deps/9.0/noble-chiseled/amd64/Dockerfile +++ b/src/runtime-deps/9.0/noble-chiseled/amd64/Dockerfile @@ -2,8 +2,8 @@ FROM amd64/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_amd64.tar.gz \ - && chisel_sha384='8a5a6831251828fcd9ce8c9a47fca941d8763b7c80c16da784e2b1bf830ba606ab848f3886ce5945a3c2fc5e719c77e9' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_amd64.tar.gz \ + && chisel_sha384='e6d3210880eab61524dd83768278afffeb42ec49820b4263a2c5d9f5898c07ee3cbcb4699bae7878370c965b32527820' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/9.0/noble-chiseled/arm32v7/Dockerfile b/src/runtime-deps/9.0/noble-chiseled/arm32v7/Dockerfile index 9ed51b529c..ff70121fe8 100644 --- a/src/runtime-deps/9.0/noble-chiseled/arm32v7/Dockerfile +++ b/src/runtime-deps/9.0/noble-chiseled/arm32v7/Dockerfile @@ -2,8 +2,8 @@ FROM arm32v7/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm.tar.gz \ - && chisel_sha384='fbfabeea4adabd7c3f7fc5b9bd09636200d68091ad3fa4cf901fd5567285b60fb0c8a4bc54e558bac3921ecf9679e7fb' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm.tar.gz \ + && chisel_sha384='5edcb99020507325747b00314b85b6cf321238b99ebd5f3e6fe9f2315723c54f1b18fe066f5f9d55fe79bf1862d70997' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/src/runtime-deps/9.0/noble-chiseled/arm64v8/Dockerfile b/src/runtime-deps/9.0/noble-chiseled/arm64v8/Dockerfile index 70b9f3f4e3..6c98e890a0 100644 --- a/src/runtime-deps/9.0/noble-chiseled/arm64v8/Dockerfile +++ b/src/runtime-deps/9.0/noble-chiseled/arm64v8/Dockerfile @@ -2,8 +2,8 @@ FROM arm64v8/buildpack-deps:noble-curl AS chisel RUN apt-get update && apt-get install -y file -RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.3.0/chisel_v1.3.0_linux_arm64.tar.gz \ - && chisel_sha384='5e5ae3083ecb59c314fbee290263ccc7417016798943fb533f01737918d38c35d21d683c5fe89e6fd3488af90ec7c83b' \ +RUN curl --fail --show-error --location --output chisel.tar.gz https://github.com/canonical/chisel/releases/download/v1.4.0/chisel_v1.4.0_linux_arm64.tar.gz \ + && chisel_sha384='bc2caf1fac6463982ff0770ae5e7aa51f37307d281c1ca56d3ef9068c30434b254dc72739f7d2689a2e7975923eff1ff' \ && echo "$chisel_sha384 chisel.tar.gz" | sha384sum -c - \ && tar --gzip --extract --no-same-owner --file chisel.tar.gz --directory /usr/bin/ \ && rm chisel.tar.gz \ diff --git a/tests/Microsoft.DotNet.Docker.Tests/ProductImageTests.cs b/tests/Microsoft.DotNet.Docker.Tests/ProductImageTests.cs index e49d92bbfe..668b9f86c8 100644 --- a/tests/Microsoft.DotNet.Docker.Tests/ProductImageTests.cs +++ b/tests/Microsoft.DotNet.Docker.Tests/ProductImageTests.cs @@ -47,6 +47,13 @@ protected void VerifyCommonInsecureFiles(ProductImageData imageData) return; } + if (imageData.OS.IsUnstable) + { + OutputHelper.WriteLine("Skipping insecure files check for unstable OS." + + " Remove this check when https://github.com/dotnet/dotnet-docker/issues/7054 is resolved."); + return; + } + string rootFsPath = imageData.IsDistroless ? "/rootfs" : "/"; string worldWritableDirectoriesWithoutStickyBitCmd = $@"find {rootFsPath} -xdev -type d \( -perm -0002 -a ! -perm -1000 \)";