Closed
Bug 1273332
Opened 8 years ago
Closed 8 years ago
Generate a docker-image-shasum256.txt file in CI
Categories
(Firefox :: Normandy Server, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: mythmon, Unassigned)
References
(Blocks 1 open bug)
Details
"CI builds should generate a docker-image-shasum256.txt (example) file containing only the sha256 hash for the docker image." https://github.com/mozilla-services/Dockerflow#optional-recommendations This will help us trace the path from developer code (in signed git commits) to deployed services (which deploy from Docker images that have certain sha256 sums).
Comment 1•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/normandy https://github.com/mozilla/normandy/commit/3f538c2dbbdf4e1c023d174c4ff21b32dc0c78a0 Add docker-image-shasum256.txt to CI artifacts Fixes bug 1273332
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment 2•8 years ago
|
||
This turned out to be misguided. It's been removed from the Dockerflow spec.
Reporter | ||
Comment 3•8 years ago
|
||
I still see this recommendation in the link provided in comment 0. Is there somewhere else I should be looking? What was misguided about this? Is there an alternate suggestion for assuring that the Docker images we deploy are the ones we built?
Flags: needinfo?(bwong)
Comment 4•8 years ago
|
||
My bad. I just merged: https://github.com/mozilla-services/Dockerflow/pull/24
Flags: needinfo?(bwong)
Reporter | ||
Comment 5•8 years ago
|
||
Is there an alternate suggestion for assuring that the Docker images we deploy are the ones we intended?
Flags: needinfo?(bwong)
Comment 6•8 years ago
|
||
AFAIK, the only way to verify is to compare the digest hash from a `docker pull` to the one created by the `docker push`. I wrote a script that we use in cloudops to verify dockerflow compliant images before deploying them. I copy/pasted it here: https://gist.github.com/mostlygeek/ced06ba017cb4834a4484123ee065574
Flags: needinfo?(bwong)
Updated•6 years ago
|
Product: Shield → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•