&& apt-get update \
&& apt-get install -y openssl --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
+ # smoke test
+ && openssl version \
&& useradd --home-dir ${USER_HOME_DIR} \
--create-home \
--shell /bin/bash \
&& java --version
ARG MAVEN_VERSION=3.8.6
-ARG SHA=f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
ENV MAVEN_HOME /usr/share/maven
ENV M2_HOME ${MAVEN_HOME}
RUN set -ex \
&& apt-get update \
- && apt-get install -y ca-certificates curl procps --no-install-recommends \
+ && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
+ && curl -fsSL --compressed https://downloads.apache.org/maven/KEYS | gpg --import \
+ && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+ && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+ && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
&& mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
- && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
- && echo "${SHA} /tmp/apache-maven.tar.gz" | sha512sum -c - \
- && tar -xzf /tmp/apache-maven.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
- && rm -f /tmp/apache-maven.tar.gz \
+ && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+ && rm -f apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+ && chmod --recursive a+w ${MAVEN_HOME}/conf/* \
&& ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
- && chmod --recursive a+w "${MAVEN_HOME}"/conf/* \
- && apt-get remove --purge --autoremove -y ca-certificates curl \
+ && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \
# smoke test
&& mvn --version
-ARG MBT_VERSION=1.2.18
+ARG MBT_VERSION=1.2.19
RUN set -ex \
&& npm install -g --unsafe-perm mbt@${MBT_VERSION} \
## Diff from [devxci](https://github.com/SAP/cloud-mta-build-tool)
-* latest versions of node16/sapmachine/maven
+* latest versions of node/sapmachine/maven
* python 2->3
-* source integrity, source authentication, etc.
-* build debug logs
+* SAP security policy compliance: binaries authentication and integrity check
+* build debug
+* build stopped at any error => no corrupted images can be pushed
* smoke tests
-* version handling compliant with renovate for automated upgrade
Ref: https://github.com/SAP/cloud-mta-build-tool#the-cloud-mta-build-tool-images-deprecated
repositories / mbt-docker.git / commitdiff
