diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3673752..351b073 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,3 @@ -# Copyright (C) 2023 James Fuller, , et al. -# -# SPDX-License-Identifier: curl +# Copyright (C) 2023 James Fuller, , et al. +# +# SPDX-License-Identifier: curl diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index ce25164..d8efd1e 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -26,4 +26,4 @@ Send your suggestions using one of these methods: 3. as an [issue](https://github.com/curl/curl-container/issues) -/ The curl-container team! \ No newline at end of file +/ The curl-container team! diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index 5dade27..e006ab4 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -1,48 +1,95 @@ name: build_ci_multi_images -on: + +'on': pull_request: - types: [ opened, synchronize, reopened, labeled, unlabeled ] + types: [opened, synchronize, reopened, labeled, unlabeled] branches: - main -permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true -env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} +permissions: {} jobs: - build_multi_ci: - name: ${{ matrix.build.name }} + verify_secrets_ghcr: + name: 'Verify credentials' + runs-on: 'ubuntu-latest' + steps: + # upside: it logs out and aims to delete creds ~/.docker/config.json + # downside: extra dependency, uses -p instead of --password-stdin + - name: 'login ghcr.io (actor, via action)' + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 + with: + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io/${{ github.repository_owner }} + + - name: 'login ghcr.io (actor, direct)' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + podman --version + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + docker --version + echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + + - name: 'login ghcr.io (repo owner, direct)' + env: + REGISTRY_USER: '${{ github.repository_owner }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + IMAGE_REGISTRY: 'ghcr.io/${{ github.repository_owner }}' + run: | + podman --version + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "${IMAGE_REGISTRY}" + docker --version + echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "${IMAGE_REGISTRY}" + + verify_secrets_registries: + name: 'Verify credentials (docker hub, quay)' runs-on: 'ubuntu-latest' - permissions: - contents: read - packages: write - strategy: - fail-fast: false - matrix: - install_latest: [ true ] + if: ${{ github.secret_source == 'Actions' }} steps: - - name: "login docker hub" + - name: 'login docker hub' + env: + DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' + DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' run: | - podman login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} docker.io - docker login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} - - name: "login quay.io" + echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io + echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + + - name: 'login quay.io' + env: + QUAY_USER: '${{ secrets.QUAY_USER }}' + QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' + run: | + echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io + echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + + build_multi_ci: + name: 'build_multi_ci' + runs-on: 'ubuntu-latest' + steps: + - name: 'install dev deps' run: | - podman login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo rm -f /var/lib/man-db/auto-update + sudo apt-get -o Dpkg::Use-Pty=0 install -y \ + qemu-user-static buildah less git make podman clamav clamav-freshclam + + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - - run: | - sudo apt-get update - sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam - name: 'install dev deps' - - run: buildah unshare make branch_or_ref=master release_tag=master multibuild - name: 'build multi image' - - run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test - name: 'test image' - - run: make image_name=localhost/curl-multi:master scan - name: 'security scan image' + - name: 'build multi image' + run: buildah unshare make branch_or_ref=master release_tag=master multibuild + - name: 'test image' + run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test + - name: 'install scan prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + make image_name=localhost/curl-multi:master scan diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index 0edb16d..224f062 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -1,52 +1,56 @@ name: build_latest_release_multi_images -on: + +'on': push: tags: - '*' -permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.sha }} + cancel-in-progress: true -env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} +permissions: {} jobs: build_multi_latest_release_tag: name: ${{ matrix.build.name }} runs-on: 'ubuntu-latest' permissions: - contents: read - packages: write + packages: write # To create/update container on ghcr.io strategy: fail-fast: false matrix: - install_latest: [ true ] + install_latest: [true] steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false tag_name: ${{ github.ref }} - - name: Log in to ghcr.io + - name: 'login ghcr.io' uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 with: - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - registry: ${{ env.IMAGE_REGISTRY }} - - name: "login docker hub" + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io/${{ github.repository_owner }} + - name: 'login docker hub' + env: + DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' + DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' run: | - podman login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} docker.io - docker login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} - - name: "login quay.io" + echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io + echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'login quay.io' + env: + QUAY_USER: '${{ secrets.QUAY_USER }}' + QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' + run: | + echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io + echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'install dev deps' run: | - podman login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - - run: | sudo apt-get update sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam - name: 'install dev deps' - - name: Sets env vars + - name: 'set env vars' run: | release_tag_redirect=$(curl -s https://github.com/curl/curl/releases/latest -w'%{redirect_url}\n' -o /dev/null) latest_release_ref=$(basename ${release_tag_redirect}) @@ -54,29 +58,33 @@ jobs: rel=${latest_release_ref:5} release_image_tag="${rel//_/.}" echo "REL=$release_image_tag" >> $GITHUB_ENV - - run: buildah unshare make branch_or_ref=$TAG_REF release_tag=$REL multibuild - name: 'build multi image' - - run: buildah unshare make dist_name=localhost/curl-multi release_tag=$REL test - name: 'test image' - - run: make image_name=localhost/curl-multi:${REL} scan - name: 'security scan image' - - run: | + - name: 'build multi image' + run: buildah unshare make branch_or_ref=$TAG_REF release_tag=$REL multibuild + - name: 'test image' + run: buildah unshare make dist_name=localhost/curl-multi release_tag=$REL test + - name: 'install scan prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + make image_name=localhost/curl-multi:${REL} scan + - name: 'push images to github registry' + run: | buildah manifest push --format v2s2 --all curl-multi:$REL "docker://ghcr.io/curl/curl-container/curl-multi:${REL}" buildah manifest push --format v2s2 --all curl-base-multi:$REL "docker://ghcr.io/curl/curl-container/curl-base-multi:${REL}" - name: 'push images to github registry' - - name: Install Cosign + - name: 'install Cosign' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: Write signing key to disk (only needed for `cosign sign --key`) - run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - - name: Sign images with sigstore key + - name: 'write signing key to disk (only needed for `cosign sign --key`)' + env: + COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' + run: echo "${COSIGN_PRIVATE_KEY}" > cosign.key + - name: 'sign images with sigstore key' + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-multi:$REL cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base-multi:$REL - env: - COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} - - name: Write public key to disk - run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub - - name: Verify image with public key + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:$REL cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:$REL @@ -86,15 +94,15 @@ jobs: buildah manifest push --format v2s2 --all localhost/curl-multi:$REL "docker://docker.io/curlimages/curl:latest" buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://docker.io/curlimages/curl-base:${REL}" buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://docker.io/curlimages/curl-base:latest" - - name: Sign images with a sigstore key + - name: 'sign images with a sigstore key' + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | cosign sign -y --key cosign.key docker.io/curlimages/curl:$REL cosign sign -y --key cosign.key docker.io/curlimages/curl:latest cosign sign -y --key cosign.key docker.io/curlimages/curl-base:$REL cosign sign -y --key cosign.key docker.io/curlimages/curl-base:latest - env: - COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} - - name: Verify image + - name: 'verify image with public key' run: | cosign verify --key cosign.pub docker.io/curlimages/curl:$REL cosign verify --key cosign.pub docker.io/curlimages/curl:latest @@ -106,17 +114,17 @@ jobs: buildah manifest push --format v2s2 --all localhost/curl-multi:$REL "docker://quay.io/curl/curl:latest" buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://quay.io/curl/curl-base:${REL}" buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://quay.io/curl/curl-base:latest" - - name: Sign images with a sigstore key + - name: 'sign images with a sigstore key' + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | cosign sign -y --key cosign.key quay.io/curl/curl:$REL cosign sign -y --key cosign.key quay.io/curl/curl:latest cosign sign -y --key cosign.key quay.io/curl/curl-base:$REL cosign sign -y --key cosign.key quay.io/curl/curl-base:latest - env: - COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} - - name: Verify image + - name: 'verify image with public key' run: | cosign verify --key cosign.pub quay.io/curl/curl:$REL cosign verify --key cosign.pub quay.io/curl/curl:latest cosign verify --key cosign.pub quay.io/curl/curl-base:$REL - cosign verify --key cosign.pub quay.io/curl/curl-base:latest \ No newline at end of file + cosign verify --key cosign.pub quay.io/curl/curl-base:latest diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index a196694..fd7226e 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -1,80 +1,87 @@ name: build_master_images -on: + +'on': schedule: - cron: '30 2 * * * ' push: branches: - - main + - main -permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.sha }} + cancel-in-progress: true -env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} +permissions: {} jobs: build_master: name: ${{ matrix.build.name }} runs-on: 'ubuntu-latest' permissions: - contents: read - packages: write + packages: write # To create/update container on ghcr.io strategy: fail-fast: false matrix: - install_latest: [ true ] + install_latest: [true] steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - ref: "main" - - name: Log in to ghcr.io + ref: 'main' + - name: 'login ghcr.io' uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 with: - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - registry: ${{ env.IMAGE_REGISTRY }} - - name: "login docker hub" + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io/${{ github.repository_owner }} + - name: 'login docker hub' + env: + DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' + DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' + run: | + echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io + echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'login quay.io' + env: + QUAY_USER: '${{ secrets.QUAY_USER }}' + QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' run: | - podman login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} docker.io - docker login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} - - name: "login quay.io" + echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io + echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'install dev deps' run: | - podman login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - - run: | sudo apt-get update sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam - name: 'install dev deps' - - run: buildah unshare make branch_or_ref=master release_tag=master build_ref_images - name: 'build master images' - - run: buildah unshare make dist_name=localhost/curl release_tag=master test - name: 'test image' - - run: make image_name=localhost/curl:master scan - name: 'security scan image' - - run: | + - name: 'build master images' + run: buildah unshare make branch_or_ref=master release_tag=master build_ref_images + - name: 'test image' + run: buildah unshare make dist_name=localhost/curl release_tag=master test + - name: 'install scan prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + make image_name=localhost/curl:master scan + - name: 'push images to github registry' + run: | buildah push curl-dev:master "docker://ghcr.io/curl/curl-container/curl-dev:master" buildah push curl-base:master "docker://ghcr.io/curl/curl-container/curl-base:master" buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master" - name: 'push images to github registry' - - name: Install Cosign + - name: 'install Cosign' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: Write signing key to disk (only needed for `cosign sign --key`) - run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - - name: Sign image with a key + - name: 'write signing key to disk (only needed for `cosign sign --key`)' + env: + COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' + run: echo "${COSIGN_PRIVATE_KEY}" > cosign.key + - name: 'sign image with a key' + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-dev:master cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base:master cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl:master - env: - COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} - - name: Write public key to disk - run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub - - name: Verify image with public key + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev:master cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base:master cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master - diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 246e230..96b2e54 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -1,93 +1,97 @@ name: build_dev_master_images -on: + +'on': schedule: # Runs every day - cron: '30 2 * * * ' push: branches: - - main + - main -permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.sha }} + cancel-in-progress: true -env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} +permissions: {} jobs: build_dev_master: name: ${{ matrix.build.name }} runs-on: 'ubuntu-latest' permissions: - contents: read - packages: write + packages: write # To create/update container on ghcr.io strategy: fail-fast: false matrix: - install_latest: [ true ] + install_latest: [true] steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - ref: "main" - - name: Log in to ghcr.io + ref: 'main' + - name: 'login ghcr.io' uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 with: - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - registry: ${{ env.IMAGE_REGISTRY }} - - name: "login docker hub" + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io/${{ github.repository_owner }} + - name: 'login docker hub' + env: + DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' + DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' run: | - podman login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} docker.io - docker login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} - - name: "login quay.io" + echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io + echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'login quay.io' + env: + QUAY_USER: '${{ secrets.QUAY_USER }}' + QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' + run: | + echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io + echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'install dev deps' run: | - podman login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - - run: | sudo apt-get update sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam - name: 'install dev deps' - - run: buildah unshare make branch_or_ref=master release_tag=master build_debian - name: 'build debian dev image' - - run: make image_name=localhost/curl-dev-debian:master scan - name: 'security scan image' - - run: | + - name: 'build debian dev image' + run: buildah unshare make branch_or_ref=master release_tag=master build_debian + - name: 'install scan prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + make image_name=localhost/curl-dev-debian:master scan + - name: 'push images to github registry' + run: | buildah push curl-dev-debian:master "docker://ghcr.io/curl/curl-container/curl-dev-debian:master" - name: 'push images to github registry' - - name: Install Cosign + - name: 'install Cosign' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: Write signing key to disk (only needed for `cosign sign --key`) - run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - - name: Sign image with a key + - name: 'write signing key to disk (only needed for `cosign sign --key`)' + env: + COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' + run: echo "${COSIGN_PRIVATE_KEY}" > cosign.key + - name: 'sign image with a key' + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-dev-debian:master - env: - COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} - - name: Write public key to disk - run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub - - name: Verify image with public key + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev-debian:master - - run: buildah unshare make branch_or_ref=master release_tag=master build_fedora - name: 'build fedora dev image' - - run: make image_name=localhost/curl-dev-fedora:master scan - name: 'security scan image' - - run: | + - name: 'build fedora dev image' + run: buildah unshare make branch_or_ref=master release_tag=master build_fedora + - name: 'security scan image' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + make image_name=localhost/curl-dev-fedora:master scan + - name: 'push images to github registry' + run: | buildah push curl-dev-fedora:master "docker://ghcr.io/curl/curl-container/curl-dev-fedora:master" - name: 'push images to github registry' - - name: Install Cosign - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: Write signing key to disk (only needed for `cosign sign --key`) - run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - - name: Sign image with a key + - name: 'sign image with a key' + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-dev-fedora:master - env: - COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} - - name: Write public key to disk - run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub - - name: Verify image with public key + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev-fedora:master diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index b038561..e5d8f9e 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -1,76 +1,84 @@ name: build_master_multi_images -on: + +'on': schedule: - cron: '30 2 * * * ' push: branches: - - main + - main -permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.sha }} + cancel-in-progress: true -env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} +permissions: {} jobs: build_multi_master: name: ${{ matrix.build.name }} runs-on: 'ubuntu-latest' permissions: - contents: read - packages: write + packages: write # To create/update container on ghcr.io strategy: fail-fast: false matrix: - install_latest: [ true ] + install_latest: [true] steps: - - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - ref: "main" - - name: Log in to ghcr.io + ref: 'main' + - name: 'login ghcr.io' uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 with: - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - registry: ${{ env.IMAGE_REGISTRY }} - - name: "login docker hub" + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io/${{ github.repository_owner }} + - name: 'login docker hub' + env: + DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' + DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' + run: | + echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io + echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'login quay.io' + env: + QUAY_USER: '${{ secrets.QUAY_USER }}' + QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' run: | - podman login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} docker.io - docker login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} - - name: "login quay.io" + echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io + echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'install dev deps' run: | - podman login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - docker login -u ${{secrets.QUAY_USER}} -p ${{secrets.QUAY_TOKEN}} quay.io - - run: | sudo apt-get update sudo apt-get -y install qemu-user-static buildah less git make podman clamav clamav-freshclam - name: 'install dev deps' - - run: buildah unshare make branch_or_ref=master release_tag=master multibuild - name: 'build multi image' - - run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test - name: 'test image' - - run: make image_name=localhost/curl-multi:master scan - name: 'security scan image' - - run: | + - name: 'build multi image' + run: buildah unshare make branch_or_ref=master release_tag=master multibuild + - name: 'test image' + run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test + - name: 'install scan prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + make image_name=localhost/curl-multi:master scan + - name: 'push multi images to github registry' + run: | buildah manifest push --all --format v2s2 localhost/curl-base-multi:master "docker://ghcr.io/curl/curl-container/curl-base-multi:master" buildah manifest push --all --format v2s2 localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master" - name: 'push multi images to github registry' - - name: Install Cosign + - name: 'install Cosign' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: Write signing key to disk (only needed for `cosign sign --key`) - run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - - name: Sign image with a key + - name: 'write signing key to disk (only needed for `cosign sign --key`)' + env: + COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' + run: echo "${COSIGN_PRIVATE_KEY}" > cosign.key + - name: 'sign image with a key' + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-multi:master cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base-multi:master - env: - COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} - - name: Write public key to disk - run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub - - name: Verify image with public key + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:master - cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:master \ No newline at end of file + cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:master diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml new file mode 100644 index 0000000..f0c2eff --- /dev/null +++ b/.github/workflows/checksrc.yml @@ -0,0 +1,44 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'Source' + +'on': + push: + branches: + - main + pull_request: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + linters: + name: 'spellcheck, linters' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: 'install prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install zizmor typos-cli + + - name: 'zizmor GHA' + env: + GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + zizmor --pedantic .github/workflows/*.yml + + - name: 'typos' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + typos --version + typos diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ceab04c..8bc901a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,7 +11,8 @@ name: 'CodeQL' - cron: '0 0 * * 4' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true permissions: {} diff --git a/.gitignore b/.gitignore index 6b75623..e04276f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ .idea -venv \ No newline at end of file +venv diff --git a/CHANGELOG.md b/CHANGELOG.md index 594c303..3b4a2d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -121,7 +121,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - fix entrypoint perms ## [8.1.2-2] - 2023-06-08 -### Added +### Added - curl-dev-fedora:master - curl-dev-debian:master ### Changed @@ -138,4 +138,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - created [curl-container repo](https://github.com/curl/curl-container/pull/1) ### Changed -- generate [curl:8.1.2 release](https://github.com/curl/curl/releases/tag/curl-8_1_2) images on [alpine 3.18.0](https://alpinelinux.org/posts/Alpine-3.18.0-released.html) +- generate [curl:8.1.2 release](https://github.com/curl/curl/releases/tag/curl-8_1_2) images on [alpine 3.18.0](https://alpinelinux.org/posts/Alpine-3.18.0-released.html) diff --git a/Makefile b/Makefile index 807629c..a20cb23 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` -# default setttings for official curl images +# default settings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora base=docker.io/alpine:3.22.1 @@ -83,16 +83,23 @@ feature-test: # # > make image_name=localhost/curl:master scan # +# Requires: grype trivy +# +# One way to install them: +# curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin +# curl -sSfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo bash -s -- -b /usr/local/bin v0.32.0 +# scan: podman save -o image.tar ${image_name} # Run clamav on image.tar # freshclam clamscan image.tar # run grype on image.tar - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin && grype image.tar + grype --version + grype image.tar # run trivy on image.tar systemctl --user enable --now podman.socket | true - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo bash -s -- -b /usr/local/bin v0.32.0 + trivy --version trivy image --input image.tar rm image.tar diff --git a/README.md b/README.md index 113f65d..3294784 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # Curl Container -[![build_master_multi_images](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml) +[![build_master_multi_images](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml) [![build_latest_release_multi_images](https://github.com/curl/curl-container/actions/workflows/build_latest_release_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_latest_release_multi.yml) -This repository contains infrastructure/code that generates, tests and distributes the Official curl docker images +This repository contains infrastructure/code that generates, tests and distributes the Official curl docker images available from the following registries: * [quay.io](https://quay.io/curl/curl): curl images distributed by Quay.io * [docker.io](https://hub.docker.com/r/curlimages/curl): curl images distributed by docker.io @@ -57,21 +57,21 @@ or [Jim Fuller](jim.fuller@webcomposite.com) directly. The following images are available via [github packages](https://github.com/orgs/curl/packages). Master branch built regularly: -* **curl-dev:master** - curl-dev **master** branch +* **curl-dev:master** - curl-dev **master** branch * **curl-base:master** - curl-base **master** branch * **curl:master** - curl **master** branch * **curl-multi:master** - curl multiarch **master** branch * **curl-base-multi:master** - curl-base multiarch **master** branch A set of special case images built regularly: -* **curl-exp:master** - curl **master** branch built enabling expiremental features +* **curl-exp:master** - curl **master** branch built enabling experimental features Platform specific dev images built daily: * **curl-dev:master** - alpine based development environment * **curl-dev-debian:master** - debian based development environment * **curl-dev-fedora:master** - fedora based development environment -To use any of these development images; +To use any of these development images; ``` > podman run -it -v /Users/exampleuser/src/curl:/src/curl ghcr.io/curl/curl-container/curl-dev-debian:master zsh > ./buildconf @@ -79,16 +79,16 @@ To use any of these development images; > make ``` -**Note**- dev images are not specifically scanned for vulnerabilities and we currently _pin_ to latest which +**Note**- dev images are not specifically scanned for vulnerabilities and we currently _pin_ to latest which always has vulns ... **use at your own risk**. Perhaps we could consider _pinning_ to a later 'vintage'. ## Dependencies Either of the following are required to use images: -* [podman](https://podman.io/getting-started/) +* [podman](https://podman.io/getting-started/) * [docker](https://docs.docker.com/get-docker/) -The following are required to build or release images: +The following are required to build or release images: * [buildah](https://buildah.io/): used for composing dev/build images * [qemu-user-static](https://github.com/multiarch/qemu-user-static): used for building multiarch images @@ -106,4 +106,3 @@ The release process is as follows: * raise prep PR, review and merge * create [new release](https://github.com/curl/curl-container/releases/new) with new tag ( ex. 8.1.2 ) based on previously created branch * new tag will trigger CI for publishing to quay/docker - diff --git a/adrs/01-design.md b/adrs/01-design.md index 61fe57a..e68f2e9 100644 --- a/adrs/01-design.md +++ b/adrs/01-design.md @@ -24,13 +24,13 @@ One other goal is to ensure this infrastructure is not overly dependent on any s ## Container Build Design -Using [buildah](https://buildah.io/), we can create reusable and parameterised set of scripts building a hiearchy of +Using [buildah](https://buildah.io/), we can create reusable and parameterised set of scripts building a hierarchy of container images. ```commandline -├─ dev image: instant development image. -│ ├─ base image: curl base image to be used in docker inheritance. -│ │ ├─ curl image: curl 'appliance' image. ++- dev image: instant development image. +| +- base image: curl base image to be used in docker inheritance. +| | +- curl image: curl 'appliance' image. ``` Where the dev image can be used as an 'instant' development environment for building curl. The base image is intended @@ -58,7 +58,7 @@ Design and create container image build process using [buildah](https://buildah. Add CHANGELOG.md and automated release process based on tag. -Use [sigstore](https://www.sigstore.dev/) for signing and verifying fo all images generated by this process +Use [sigstore](https://www.sigstore.dev/) for signing and verifying of all images generated by this process Ensure both podman and docker work equally well. @@ -69,8 +69,8 @@ Enhance testing We could keep the status quo (eg. ugly bash/makefile) though it is hard to maintain... also current release process is completely opaque and non automated. -We could have opted for other container build frameworks/language or other adjuncts (ex. [skopeo](https://github.com/containers/skopeo)) ... +We could have opted for other container build frameworks/language or other adjuncts (ex. [skopeo](https://github.com/containers/skopeo)) ... buildah seemed to have the right set of features and mature ... perhaps in the future we will have even more choices. Presumably we could have gone full 'code as infrastructure' and invoke buildah programmatically ... opted for shell scripts -for simplicity. \ No newline at end of file +for simplicity. diff --git a/cosign.pub b/cosign.pub index d487706..240c70c 100644 --- a/cosign.pub +++ b/cosign.pub @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwFTRXl79xRiAFa5ZX4aZ7Vkdqmji 5WY0zqc3bd6B08CsNftlYsu2gAqdWm0IlzoQpi2Zi5C437RTg/DgLQ6Bkg== ------END PUBLIC KEY----- \ No newline at end of file +-----END PUBLIC KEY----- diff --git a/create_dev_image.sh b/create_dev_image.sh index 3762284..8f4e90f 100755 --- a/create_dev_image.sh +++ b/create_dev_image.sh @@ -77,7 +77,7 @@ fi # build curl buildah run $bdr autoreconf -fi -buildah run $bdr ./configure ${build_opts} +buildah run $bdr ./configure --disable-dependency-tracking ${build_opts} buildah run $bdr make -j$(nproc) # run tests @@ -95,4 +95,3 @@ buildah config --label org.opencontainers.image.licenses="MIT" $bdr # commit image buildah commit $bdr "${image_name}" # --disable-compression false --squash --sign-by --tls-verify - diff --git a/create_multi.sh b/create_multi.sh index 76b7615..c25dba3 100755 --- a/create_multi.sh +++ b/create_multi.sh @@ -27,10 +27,9 @@ buildah manifest create curl-multi:${release_tag} for IMGTAG in "linux/386" "linux/arm/v7" "linux/amd64" "linux/arm64" "linux/ppc64le" ; do pathname="${IMGTAG////-}" echo "building $IMGTAG : $pathname" - ./create_dev_image.sh "$IMGTAG" ${base} ${compiler} "$dev_deps" "$build_opts" ${branch_or_ref} curl-dev-${pathname}:${release_tag} 0 - ./create_base_image.sh "$IMGTAG" ${base} localhost/curl-dev-${pathname}:${release_tag} "$base_deps" curl-base-${pathname}:${release_tag} ${release_tag} - buildah manifest add curl-base-multi:${release_tag} localhost/curl-base-${pathname}:${release_tag}; - ./create_appliance_image.sh "$IMGTAG" localhost/curl-base-${pathname}:${release_tag} curl-${pathname}:${release_tag} ${release_tag} - buildah manifest add curl-multi:${release_tag} localhost/curl-${pathname}:${release_tag}; + ./create_dev_image.sh "$IMGTAG" ${base} ${compiler} "$dev_deps" "$build_opts" ${branch_or_ref} curl-dev-${pathname}:${release_tag} 0 + ./create_base_image.sh "$IMGTAG" ${base} localhost/curl-dev-${pathname}:${release_tag} "$base_deps" curl-base-${pathname}:${release_tag} ${release_tag} + buildah manifest add curl-base-multi:${release_tag} localhost/curl-base-${pathname}:${release_tag}; + ./create_appliance_image.sh "$IMGTAG" localhost/curl-base-${pathname}:${release_tag} curl-${pathname}:${release_tag} ${release_tag} + buildah manifest add curl-multi:${release_tag} localhost/curl-${pathname}:${release_tag}; done - diff --git a/dev-compose.yml b/dev-compose.yml index 37df637..9f655bf 100644 --- a/dev-compose.yml +++ b/dev-compose.yml @@ -1,19 +1,17 @@ version: '3' services: - - buildah-service: - container_name: buildah-service - build: - context: . - dockerfile: Containerfile - image: buildah-service - privileged: true - stdin_open: true - tty: true - environment: - DEBUG: 1 - volumes: - - $HOME/src/curl-container:/opt/app-root/src - - $HOME/src/curl:/opt/app-root/curl - + buildah-service: + container_name: buildah-service + build: + context: . + dockerfile: Containerfile + image: buildah-service + privileged: true + stdin_open: true + tty: true + environment: + DEBUG: 1 + volumes: + - $HOME/src/curl-container:/opt/app-root/src + - $HOME/src/curl:/opt/app-root/curl diff --git a/etc/entrypoint.sh b/etc/entrypoint.sh index cccf6c5..b3e9776 100755 --- a/etc/entrypoint.sh +++ b/etc/entrypoint.sh @@ -11,4 +11,4 @@ if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then set -- curl "$@" fi -exec "$@" \ No newline at end of file +exec "$@" diff --git a/tests/steps/features.py b/tests/steps/features.py index 9e9635b..c6e4bb7 100644 --- a/tests/steps/features.py +++ b/tests/steps/features.py @@ -21,4 +21,3 @@ def invoke_podman_image(context, image): cmd = f"podman run -it {image} -V".split() p = subprocess.run(cmd,capture_output=True, text=True) assert p.returncode == 0 - diff --git a/tests/test_image.sh b/tests/test_image.sh index 01d39db..0cb484e 100755 --- a/tests/test_image.sh +++ b/tests/test_image.sh @@ -25,19 +25,19 @@ ctrmnt=$(buildah mount $ctr) # check file exists if [[ ! -f "$ctrmnt/usr/bin/curl" ]]; then - echo "/usr/bin/curl does not exist." + echo "/usr/bin/curl does not exist." fi if [[ ! -f "$ctrmnt/usr/lib/libcurl.so.4.8.0" ]]; then - echo "/usr/lib/libcurl.so.4.8.0 does not exist." + echo "/usr/lib/libcurl.so.4.8.0 does not exist." fi # check symlink exists and is not broken if [ ! -L "$ctrmnt/usr/lib/libcurl.so.4" ] && [ ! -e "$ctrmnt/usr/lib/libcurl.so.4" ]; then - echo "/usr/lib/libcurl.so.4 symlink does not exist or is broken." + echo "/usr/lib/libcurl.so.4 symlink does not exist or is broken." fi if [ ! -L "$ctrmnt/usr/lib/libcurl.so" ] && [ ! -e "$ctrmnt/usr/lib/libcurl.so" ]; then - echo "/usr/lib/libcurl.so symlink does not exist or is broken." + echo "/usr/lib/libcurl.so symlink does not exist or is broken." fi # test running curl -buildah run $ctr /usr/bin/curl -V \ No newline at end of file +buildah run $ctr /usr/bin/curl -V