mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-02-27 21:00:50 +00:00
1af303239b
This adds a HASH file next to the VERSION file in the image context folders for prebuilt docker images. And uses the HASH for referencing the image in the tasks created by the decision task. This way docker will validate the image hash when pulling it in production. Thus, attackers won't be able to inject code by compromising the remote docker registries we use to store prebuilt images. Further more, this makes validation of the Chain-Of-Trust artifacts easier as this eliminates the need for whitelists and hash validation. MozReview-Commit-ID: FD3B9MyeU9Q --HG-- extra : rebase_source : e01cdbd0db06b36ba95dec3da936ee307a23aae7