From b07c58aa05bb29568626bfa7aee6f3f2c69ac72a Mon Sep 17 00:00:00 2001
From: Ramon de Klein <mail@ramondeklein.nl>
Date: Thu, 15 Aug 2024 17:48:04 +0200
Subject: [PATCH] Add signature and SHA to the Docker images (#20270)

add signature and SHA to the Docker images
---
 Dockerfile.hotfix          | 10 ++++++++--
 Dockerfile.release         | 10 ++++++++--
 Dockerfile.release.fips    |  5 ++++-
 Dockerfile.release.old_cpu | 10 ++++++++--
 4 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/Dockerfile.hotfix b/Dockerfile.hotfix
index a9ce448c7..9018049e1 100644
--- a/Dockerfile.hotfix
+++ b/Dockerfile.hotfix
@@ -11,14 +11,16 @@ RUN apk add -U --no-cache ca-certificates && \
     apk add -U --no-cache curl && \
     go install aead.dev/minisign/cmd/minisign@v0.2.1
 
-# Download minio binary and signature file
+# Download minio binary and signature files
 RUN curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \
     curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \
+    curl -s -q https://dl.min.io/server/minio/hotfixes/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \
     chmod +x /go/bin/minio
 
-# Download mc binary and signature file
+# Download mc binary and signature files
 RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \
     curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \
+    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.sha256sum -o /go/bin/mc.sha256sum && \
     chmod +x /go/bin/mc
 
 RUN if [ "$TARGETARCH" = "amd64" ]; then \
@@ -53,7 +55,11 @@ ENV MINIO_ACCESS_KEY_FILE=access_key \
 
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /go/bin/minio /usr/bin/minio
+COPY --from=build /go/bin/minio.minisig /usr/bin/minio.minisig
+COPY --from=build /go/bin/minio.shasum256 /usr/bin/minio.shasum256
 COPY --from=build /go/bin/mc /usr/bin/mc
+COPY --from=build /go/bin/mc.minisig /usr/bin/mc.minisig
+COPY --from=build /go/bin/mc.shasum256 /usr/bin/mc.shasum256
 COPY --from=build /go/bin/cur* /usr/bin/
 
 COPY CREDITS /licenses/CREDITS
diff --git a/Dockerfile.release b/Dockerfile.release
index ef4db0c0c..fcdaf206f 100644
--- a/Dockerfile.release
+++ b/Dockerfile.release
@@ -11,14 +11,16 @@ RUN apk add -U --no-cache ca-certificates && \
     apk add -U --no-cache curl && \
     go install aead.dev/minisign/cmd/minisign@v0.2.1
 
-# Download minio binary and signature file
+# Download minio binary and signature files
 RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \
     curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \
+    curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.sha256sum -o /go/bin/minio.sha256sum && \
     chmod +x /go/bin/minio
 
-# Download mc binary and signature file
+# Download mc binary and signature files
 RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \
     curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \
+    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.sha256sum -o /go/bin/mc.sha256sum && \
     chmod +x /go/bin/mc
 
 RUN if [ "$TARGETARCH" = "amd64" ]; then \
@@ -53,7 +55,11 @@ ENV MINIO_ACCESS_KEY_FILE=access_key \
 
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /go/bin/minio /usr/bin/minio
+COPY --from=build /go/bin/minio.minisig /usr/bin/minio.minisig
+COPY --from=build /go/bin/minio.shasum256 /usr/bin/minio.shasum256
 COPY --from=build /go/bin/mc /usr/bin/mc
+COPY --from=build /go/bin/mc.minisig /usr/bin/mc.minisig
+COPY --from=build /go/bin/mc.shasum256 /usr/bin/mc.shasum256
 COPY --from=build /go/bin/cur* /usr/bin/
 
 COPY CREDITS /licenses/CREDITS
diff --git a/Dockerfile.release.fips b/Dockerfile.release.fips
index 277954554..7e47fe9fa 100644
--- a/Dockerfile.release.fips
+++ b/Dockerfile.release.fips
@@ -11,9 +11,10 @@ RUN apk add -U --no-cache ca-certificates && \
     apk add -U --no-cache curl && \
     go install aead.dev/minisign/cmd/minisign@v0.2.1
 
-# Download minio binary and signature file
+# Download minio binary and signature files
 RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips -o /go/bin/minio && \
     curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips.minisig -o /go/bin/minio.minisig && \
+    curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips.sha256sum -o /go/bin/minio.sha256sum && \
     chmod +x /go/bin/minio
 
 RUN if [ "$TARGETARCH" = "amd64" ]; then \
@@ -46,6 +47,8 @@ ENV MINIO_ACCESS_KEY_FILE=access_key \
 
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /go/bin/minio /usr/bin/minio
+COPY --from=build /go/bin/minio.minisig /usr/bin/minio.minisig
+COPY --from=build /go/bin/minio.shasum256 /usr/bin/minio.shasum256
 COPY --from=build /go/bin/cur* /usr/bin/
 
 COPY CREDITS /licenses/CREDITS
diff --git a/Dockerfile.release.old_cpu b/Dockerfile.release.old_cpu
index 484be0180..8269b88b0 100644
--- a/Dockerfile.release.old_cpu
+++ b/Dockerfile.release.old_cpu
@@ -11,14 +11,16 @@ RUN apk add -U --no-cache ca-certificates && \
     apk add -U --no-cache curl && \
     go install aead.dev/minisign/cmd/minisign@v0.2.1
 
-# Download minio binary and signature file
+# Download minio binary and signature files
 RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE} -o /go/bin/minio && \
     curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.minisig -o /go/bin/minio.minisig && \
+    curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.shasum256 -o /go/bin/minio.shasum256 && \
     chmod +x /go/bin/minio
 
-# Download mc binary and signature file
+# Download mc binary and signature files
 RUN curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc -o /go/bin/mc && \
     curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.minisig -o /go/bin/mc.minisig && \
+    curl -s -q https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc.shasum256 -o /go/bin/mc.shasum256 && \
     chmod +x /go/bin/mc
 
 RUN if [ "$TARGETARCH" = "amd64" ]; then \
@@ -53,7 +55,11 @@ ENV MINIO_ACCESS_KEY_FILE=access_key \
 
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /go/bin/minio /usr/bin/minio
+COPY --from=build /go/bin/minio.minisig /usr/bin/minio.minisig
+COPY --from=build /go/bin/minio.shasum256 /usr/bin/minio.shasum256
 COPY --from=build /go/bin/mc /usr/bin/mc
+COPY --from=build /go/bin/mc.minisig /usr/bin/mc.minisig
+COPY --from=build /go/bin/mc.shasum256 /usr/bin/mc.shasum256
 COPY --from=build /go/bin/cur* /usr/bin/
 
 COPY CREDITS /licenses/CREDITS