Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gitsign image doesnt have binaries installed #53

Open
Gregory-Pereira opened this issue Nov 20, 2023 · 2 comments
Open

Gitsign image doesnt have binaries installed #53

Gregory-Pereira opened this issue Nov 20, 2023 · 2 comments

Comments

@Gregory-Pereira
Copy link

Gregory-Pereira commented Nov 20, 2023
edited
Loading

Productized gitsign image does not have binary installed by default. Instead it has the has tared versions of the binary for all architectures we offer:

$ gitsign version
bash: gitsign: command not found
$ ls /usr/local/bin/
gitsign_cli_darwin_amd64.gz  gitsign_cli_linux_amd64.gz  gitsign_cli_windows_amd64.exe.gz
$ cp /usr/local/bin/gitsign_cli_linux_amd64.gz  /opt/app-root/src && cd  /opt/app-root/src
$ tar xvf gitsign_cli_linux_amd64.gz  
bash: tar: command not found

Image: registry.redhat.io/rhtas-tech-preview/gitsign-rhel9@sha256:2581f2bf3cce4c20f65164083ef103319e06dc355275e8d9acfda371377bb9f5 /bin/bash

If this is intentional (which I dont believe it should be) it needs to be documented on the technical information section of the product page for this image:
technical information of the product page. This further doesn't make sense to me as the image is already a linux/amd64 image, so why are we giving them an option for what architecture to run from? If its meant to be used as a builder image, it should not be listed as a Standalone Image which is defined as "A ready-to-run container image that provides services or end-user applications that you can execute in your own container environment".

Edit: follow up, these images dont even have tar so no clue how someone would unpack them.

/cc @lance @tommyd450
@tommyd450
Copy link

tommyd450 commented Nov 21, 2023
edited
Loading

@Gregory-Pereira This image was assembled as apart of 3, cosign,gitsign and rekor, these images are combined in sigstore-ocp and served on a web server within the cluster for download and unzipping on local machines.

https://github.com/securesign/sigstore-ocp/blob/main/images/Dockerfile-clientserver

@lance
Copy link
Member

lance commented Jan 18, 2024

@Gregory-Pereira we actually did not intend to provide a gitsign binary image in the way that you describe. The intent was to provide it via downloads only. This was primarily because I did not see the use case for gitsign in a pipeline. However, I can see the desire to at least have a functional binary on the produced image. @tommyd450 could we also include the uncompressed binary in /usr/local/bin?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lance @Gregory-Pereira @tommyd450