Dockerfile: Carry oe-git-proxy locally

This imports revision aa9b9dc9a9 from https://git.yoctoproject.org/git/poky to avoid fetching it - and having to add the missing content validation to prevent supply-chain attacks. Reported-by: Raphael Lisicki <raphael.lisicki@siemens.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2021-08-28 11:01:59 +02:00
parent 9732ec16f2
commit 6a97879ad0
2 changed files with 188 additions and 2 deletions
--- a/3
+++ b/3
@@ -26,8 +26,7 @@ RUN apt-get install --no-install-recommends -y \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

-RUN wget -nv -O /usr/bin/oe-git-proxy "http://git.yoctoproject.org/cgit/cgit.cgi/poky/plain/scripts/oe-git-proxy" && \
-    chmod +x /usr/bin/oe-git-proxy
+COPY contrib/oe-git-proxy /usr/local/bin/
 ENV GIT_PROXY_COMMAND="oe-git-proxy" \
    NO_PROXY="*"