Mirror
/
MinIO
mirror of https://github.com/minio/minio.git
2
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11323 Commits
4 Branches
520 Tags
175 MiB
Tree: RELEASE.20
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'RELEASE.20'
${ noResults }
MinIO/Dockerfile.release.fips

59 lines
2.3 KiB
Raw Permalink Normal View History

switch minio container base image to ubi-mciro (#18329) This commit changes the container base image from ubi-minimal to ubi-micro. The docker build process happens now in two stages. The build stage: - downloads the latest CA certificate bundle - downloads MinIO binary (for requested version/os/arch) - downloads MinIO binary signature and verifies it using minisign Then it creates an image based on ubi-micro with just the minio binary was downloaded and verified during the build stage. The build stage is simplified to just verifying the minisign signature. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2 years ago
build containers to ship FIPS compatible MinIO
4 years ago
switch minio container base image to ubi-mciro (#18329) This commit changes the container base image from ubi-minimal to ubi-micro. The docker build process happens now in two stages. The build stage: - downloads the latest CA certificate bundle - downloads MinIO binary (for requested version/os/arch) - downloads MinIO binary signature and verifies it using minisign Then it creates an image based on ubi-micro with just the minio binary was downloaded and verified during the build stage. The build stage is simplified to just verifying the minisign signature. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2 years ago
use latest minisign release (#18614)
2 years ago
switch minio container base image to ubi-mciro (#18329) This commit changes the container base image from ubi-minimal to ubi-micro. The docker build process happens now in two stages. The build stage: - downloads the latest CA certificate bundle - downloads MinIO binary (for requested version/os/arch) - downloads MinIO binary signature and verifies it using minisign Then it creates an image based on ubi-micro with just the minio binary was downloaded and verified during the build stage. The build stage is simplified to just verifying the minisign signature. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2 years ago
add curl to hotfix, release.fips
1 year ago
switch minio container base image to ubi-mciro (#18329) This commit changes the container base image from ubi-minimal to ubi-micro. The docker build process happens now in two stages. The build stage: - downloads the latest CA certificate bundle - downloads MinIO binary (for requested version/os/arch) - downloads MinIO binary signature and verifies it using minisign Then it creates an image based on ubi-micro with just the minio binary was downloaded and verified during the build stage. The build stage is simplified to just verifying the minisign signature. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2 years ago
use the latest UBI image (#18497)
2 years ago
build containers to ship FIPS compatible MinIO
4 years ago
Allow MinIO to load configurations from env file (#12706) docker-entrypoint.sh will load configuration values from 'config.env' file, this is useful when MinIO is deployed in Kubernetes environments and want to avoid reading secrets from environment variables Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
4 years ago
switch minio container base image to ubi-mciro (#18329) This commit changes the container base image from ubi-minimal to ubi-micro. The docker build process happens now in two stages. The build stage: - downloads the latest CA certificate bundle - downloads MinIO binary (for requested version/os/arch) - downloads MinIO binary signature and verifies it using minisign Then it creates an image based on ubi-micro with just the minio binary was downloaded and verified during the build stage. The build stage is simplified to just verifying the minisign signature. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2 years ago
add curl to hotfix, release.fips
1 year ago
build containers to ship FIPS compatible MinIO
4 years ago
switch minio container base image to ubi-mciro (#18329) This commit changes the container base image from ubi-minimal to ubi-micro. The docker build process happens now in two stages. The build stage: - downloads the latest CA certificate bundle - downloads MinIO binary (for requested version/os/arch) - downloads MinIO binary signature and verifies it using minisign Then it creates an image based on ubi-micro with just the minio binary was downloaded and verified during the build stage. The build stage is simplified to just verifying the minisign signature. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2 years ago
build containers to ship FIPS compatible MinIO
4 years ago
switch minio container base image to ubi-mciro (#18329) This commit changes the container base image from ubi-minimal to ubi-micro. The docker build process happens now in two stages. The build stage: - downloads the latest CA certificate bundle - downloads MinIO binary (for requested version/os/arch) - downloads MinIO binary signature and verifies it using minisign Then it creates an image based on ubi-micro with just the minio binary was downloaded and verified during the build stage. The build stage is simplified to just verifying the minisign signature. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2 years ago
build containers to ship FIPS compatible MinIO
4 years ago
  1. FROM golang:1.21-alpine as build
  3. ARG TARGETARCH
  4. ARG RELEASE
  6. ENV GOPATH /go
  7. ENV CGO_ENABLED 0
  9. # Install curl and minisign
  10. RUN apk add -U --no-cache ca-certificates && \
  11. apk add -U --no-cache curl && \
  12. go install aead.dev/minisign/cmd/minisign@v0.2.1
  14. # Download minio binary and signature file
  15. RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips -o /go/bin/minio && \
  16. curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips.minisig -o /go/bin/minio.minisig && \
  17. chmod +x /go/bin/minio
  19. RUN if [ "$TARGETARCH" = "amd64" ]; then \
  20. curl -L -s -q https://github.com/moparisthebest/static-curl/releases/latest/download/curl-${TARGETARCH} -o /go/bin/curl; \
  21. chmod +x /go/bin/curl; \
  22. fi
  24. # Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN"
  25. RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
  27. FROM registry.access.redhat.com/ubi9/ubi-micro:latest
  29. ARG RELEASE
  31. LABEL name="MinIO" \
  32. vendor="MinIO Inc <dev@min.io>" \
  33. maintainer="MinIO Inc <dev@min.io>" \
  34. version="${RELEASE}" \
  35. release="${RELEASE}" \
  36. summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
  37. description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
  39. ENV MINIO_ACCESS_KEY_FILE=access_key \
  40. MINIO_SECRET_KEY_FILE=secret_key \
  41. MINIO_ROOT_USER_FILE=access_key \
  42. MINIO_ROOT_PASSWORD_FILE=secret_key \
  43. MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
  44. MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \
  45. MINIO_CONFIG_ENV_FILE=config.env
  47. COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
  48. COPY --from=build /go/bin/minio /usr/bin/minio
  49. COPY --from=build /go/bin/cur* /usr/bin/
  51. COPY CREDITS /licenses/CREDITS
  52. COPY LICENSE /licenses/LICENSE
  53. COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
  55. EXPOSE 9000
  56. VOLUME ["/data"]
  58. ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
  59. CMD ["minio"]