Skip to content

Commit

Permalink
Docker: Include checksum validation for Cygwin & Ansible Downloads (#…
Browse files Browse the repository at this point in the history
…3730)

* WindowsPB: Add Cygwin Download Validation

* Docker: Update Windows Dockerfile to verify downloads.

* Test
  • Loading branch information
steelhead31 authored Sep 13, 2024
1 parent a76d6b4 commit 617431d
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 4 deletions.
32 changes: 28 additions & 4 deletions ansible/docker/Dockerfile.win2022
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,41 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022
# Specify this with --build-arg PW=SomePassword
ARG PW=T3mp=Passwd

# Download Cygwin Bootstrapper & Verify Its Checksum
RUN powershell -Command \
"wget -UseBasicParsing https://cygwin.com/setup-x86_64.exe -OutFile setup-x86_64.exe; \
$expectedChecksum = 'e7815d360ab098fdd1f03f10f43f363c73a632e8866e304c72573cf1e6a0dec8'; \
$fileChecksum = CertUtil -hashfile setup-x86_64.exe SHA256 | Select-String -Pattern '([A-Fa-f0-9]{64})' | ForEach-Object { $_.Matches[0].Groups[1].Value }; \
if ($fileChecksum -ne $expectedChecksum) { \
Write-Host 'Checksum verification failed!' -ForegroundColor Red; \
Remove-Item setup-x86_64.exe; \
exit 1; \
} else { \
Write-Host 'Checksum verification succeeded!' -ForegroundColor Green; \
}"

# Set up cygwin with git and ansible as a bootstrap, and add to system default path
RUN powershell wget -UseBasicParsing https://cygwin.com/setup-x86_64.exe -OutFile setup-x86_64.exe & \
setup-x86_64.exe --packages git,ansible --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin --local-package-dir c:\cygwin_packages --root C:\cygwin64 --wait --quiet-mode & \
RUN setup-x86_64.exe --packages git,ansible --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin --local-package-dir c:\cygwin_packages --root C:\cygwin64 --wait --quiet-mode & \
C:\cygwin64\bin\git config --system core.autocrlf false & \
del setup-x86_64.exe & \
setx PATH "c:\cygwin64\bin;%PATH%" & \
mkdir c:\temp

# Download Ansible Config Script & Verify Its Checksum
RUN powershell -Command \
"wget https://raw.githubusercontent.com/ansible/ansible/dd4c56e4d68664e4a50292aa19ea61b15c92287c/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile ConfigureRemotingForAnsible.ps1; \
$expectedChecksum = '201ad16584f79292044dc21c78c6688dce07f94d769f5e69631b46c3c13036fc'; \
$fileChecksum = CertUtil -hashfile ConfigureRemotingForAnsible.ps1 SHA256 | Select-String -Pattern '([A-Fa-f0-9]{64})' | ForEach-Object { $_.Matches[0].Groups[1].Value }; \
if ($fileChecksum -ne $expectedChecksum) { \
Write-Host 'Checksum verification failed!' -ForegroundColor Red; \
Remove-Item ConfigureRemotingForAnsible.ps1; \
exit 1; \
} else { \
Write-Host 'Checksum verification succeeded!' -ForegroundColor Green; \
}"

# Set up WinRM for the ansible connection
RUN powershell wget -UseBasicParsing https://raw.githubusercontent.com/ansible/ansible/dd4c56e4d68664e4a50292aa19ea61b15c92287c/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile ConfigureRemotingForAnsible.ps1 & \
PowerShell .\ConfigureRemotingForAnsible.ps1 -CertValidityDays 9999 & \
RUN PowerShell .\ConfigureRemotingForAnsible.ps1 -CertValidityDays 9999 & \
PowerShell .\ConfigureRemotingForAnsible.ps1 -EnableCredSSP & \
PowerShell .\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert & \
PowerShell .\ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,11 @@
win_get_url:
url: https://cygwin.com/setup-x86_64.exe
dest: C:\temp\cygwin.exe
force: no
checksum: e7815d360ab098fdd1f03f10f43f363c73a632e8866e304c72573cf1e6a0dec8
checksum_algorithm: sha256
when: not cygwin_installed.stat.exists
register: cygwin_download
tags: cygwin

# If you update this with a new package, modify the "Test
Expand Down

0 comments on commit 617431d

Please sign in to comment.