switch minio container base image to ubi-mciro (#18329)

This commit changes the container base image from ubi-minimal to ubi-micro. The docker build process happens now in two stages. The build stage: - downloads the latest CA certificate bundle - downloads MinIO binary (for requested version/os/arch) - downloads MinIO binary signature and verifies it using minisign Then it creates an image based on ubi-micro with just the minio binary was downloaded and verified during the build stage. The build stage is simplified to just verifying the minisign signature. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2025-11-07 12:52:58 -05:00 · 2023-10-28 21:19:49 +02:00
parent c2fedb4c3f
commit 3aa3d9cf14
5 changed files with 93 additions and 109 deletions
--- a/dockerscripts/verify-minio.sh
+++ b/dockerscripts/verify-minio.sh
@@ -1,31 +0,0 @@
-#!/bin/sh
-#
-
-set -e
-
-if [ ! -x "/opt/bin/minio" ]; then
-	echo "minio executable binary not found refusing to proceed"
-	exit 1
-fi
-
-verify_sha256sum() {
-	echo "verifying binary checksum"
-	echo "$(awk '{print $1}' /opt/bin/minio.sha256sum)  /opt/bin/minio" | sha256sum -c
-}
-
-verify_signature() {
-	if [ "${TARGETARCH}" = "arm" ]; then
-		echo "ignoring verification of binary signature"
-		return
-	fi
-	echo "verifying binary signature"
-	minisign -VQm /opt/bin/minio -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
-}
-
-main() {
-	verify_sha256sum
-
-	verify_signature
-}
-
-main "$@"