github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/redhat/test-fixtures/image-rpm-archive/Dockerfile

github.com/anchore/syft@v1.38.2/syft/pkg/cataloger/redhat/test-fixtures/image-rpm-archive/Dockerfile (about)

     1  
     2  FROM --platform=linux/amd64 rockylinux:9 AS rpm-downloader
     3  
     4  # download a signed RPM (PostgreSQL in this example, known to be signed)
     5  # using PostgreSQL official RPM which is signed with their GPG key
     6  # $ rpm -Kv postgresql14-server-14.10-1PGDG.rhel9.x86_64.rpm
     7  #   postgresql14-server-14.10-1PGDG.rhel9.x86_64.rpm:
     8  #      Header V4 RSA/SHA256 Signature, key ID 08b40d20: NOKEY
     9  #      Header SHA256 digest: OK
    10  #      Header SHA1 digest: OK
    11  #      Payload SHA256 digest: OK
    12  #      MD5 digest: OK
    13  #
    14  # $ rpm -ivh --nodeps --force postgresql14-server-14.10-1PGDG.rhel9.x86_64.rpm
    15  #   warning: postgresql14-server-14.10-1PGDG.rhel9.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 08b40d20: NOKEY
    16  #   Verifying...                          ################################# [100%]
    17  #   Preparing...                          ################################# [100%]
    18  #
    19  # $ rpm -q --qf '%{NAME}-%{VERSION}-%{RELEASE} %{RSAHEADER:pgpsig}\n' postgresql14-server-14.10-1PGDG.rhel9.x86_64
    20  #   postgresql14-server-14.10-1PGDG.rhel9 RSA/SHA256, Tue Jan  2 16:45:56 2024, Key ID 40bca2b408b40d20
    21  
    22  RUN curl -O https://download.postgresql.org/pub/repos/yum/14/redhat/rhel-9-x86_64/postgresql14-server-14.10-1PGDG.rhel9.x86_64.rpm
    23  
    24  FROM scratch
    25  
    26  COPY --from=rpm-downloader /postgresql14-server-14.10-1PGDG.rhel9.x86_64.rpm /postgresql14-server-14.10-1PGDG.rhel9.x86_64.rpm