Skip to content

Commit a49249a

Browse files
wajawaja
committed
Adding --checksum to avoid CIS-DI-0009
1 parent 477decd commit a49249a

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

Dockerfile

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,10 @@ RUN \
4646
ARG FROM
4747
FROM ${FROM} AS main
4848

49+
ARG NGINX_KEYRING_SHA256_SUM=7d3d5a7adf37e17d6882e2f6f55324b9a8f978ef3c99c50fe801af67c9847c91
4950
COPY docker/unit.list /etc/apt/sources.list.d/unit.list
50-
ADD --chmod=444 --chown=0:0 https://unit.nginx.org/keys/nginx-keyring.gpg /usr/share/keyrings/nginx-keyring.gpg
51+
ADD --chmod=444 --chown=0:0 --checksum=sha256:${NGINX_KEYRING_SHA256_SUM} \
52+
https://unit.nginx.org/keys/nginx-keyring.gpg /usr/share/keyrings/nginx-keyring.gpg
5153
RUN export DEBIAN_FRONTEND=noninteractive \
5254
&& apt-get update -qq \
5355
&& apt-get upgrade \

0 commit comments

Comments
 (0)