Skip to content

Commit 566471f

Browse files
committed
fix: make policy-server binary auditable
When creating the policy-server image, build using `cargo auditable`. This will enrich the `policy-server` binary with its bill of material. Fixes #971 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
1 parent 50467ce commit 566471f

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

Dockerfile

+4-2
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,8 @@ RUN mkdir /usr/src/policy-server
1313
WORKDIR /usr/src/policy-server
1414
COPY ./ ./
1515

16-
RUN cargo install --target aarch64-unknown-linux-musl --path .
16+
RUN cargo install cargo-auditable
17+
RUN cargo auditable install --target aarch64-unknown-linux-musl --path .
1718

1819
FROM --platform=${BUILDPLATFORM} ghcr.io/cross-rs/x86_64-unknown-linux-musl:0.2.5 AS build-amd64
1920
ARG BUILDPLATFORM
@@ -30,7 +31,8 @@ RUN mkdir /usr/src/policy-server
3031
WORKDIR /usr/src/policy-server
3132
COPY ./ ./
3233

33-
RUN cargo install --target x86_64-unknown-linux-musl --path .
34+
RUN cargo install cargo-auditable
35+
RUN cargo auditable install --target x86_64-unknown-linux-musl --path .
3436

3537
FROM --platform=$BUILDPLATFORM alpine AS cfg
3638
RUN echo "policy-server:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd

0 commit comments

Comments
 (0)