From 9d89c25593c81b4b67bfce34c65237f92170f446 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 14 Aug 2024 20:22:06 +0200 Subject: [PATCH] keyprovider: Pin a specific version of skopeo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The dependency on skopeo is quite fragile as there are several versions of the project that would generate an encrypted image with a gzip header that Confidential Containers simply cannot deal with. For now, let's use f64a376, from Aug 14th 2024 as, empirically, we know that it works. We must have tests implemented in order to cover the documentation we provide, and whether it works or not. Signed-off-by: Fabiano FidĂȘncio --- attestation-agent/docker/Dockerfile.keyprovider | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/attestation-agent/docker/Dockerfile.keyprovider b/attestation-agent/docker/Dockerfile.keyprovider index bdd5a5a73..274d4891b 100644 --- a/attestation-agent/docker/Dockerfile.keyprovider +++ b/attestation-agent/docker/Dockerfile.keyprovider @@ -26,7 +26,13 @@ RUN apt-get update && apt-get install -y \ pkg-config RUN git clone https://github.com/containers/skopeo $GOPATH/src/github.com/containers/skopeo WORKDIR $GOPATH/src/github.com/containers/skopeo -RUN git checkout v1.14.1 +# The dependency on skopeo is quite fragile as there are several versions of +# the project that would generate an encrypted image with a gzip header that +# Confidential Containers simply cannot deal with. +# +# For now, let's use f64a376, from Aug 14th 2024 as, empirically, we know that +# it works. +RUN git reset --hard f64a376 ENV DISABLE_DOCS=1 RUN make bin/skopeo RUN make install