diff --git a/CHANGELOG.md b/CHANGELOG.md index 232a8ec..52b3f14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# 0.6.1 +* Add lscpu binary to container ([#31]) +* Update SSM Agent version to 3.1.1476.0 ([#32]) +* Add GPG sigcheck for SSM Agent ([#32]) + +[#31]: https://github.com/bottlerocket-os/bottlerocket-control-container/pull/31 +[#32]: https://github.com/bottlerocket-os/bottlerocket-control-container/pull/32 + # 0.6.0 * Update SSM Agent version to 3.1.1141.0. ([#30]) diff --git a/Dockerfile b/Dockerfile index 78d250a..9d3163e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -77,12 +77,15 @@ RUN /usr/bin/script &>/dev/null # the run successful. # SSM Agent is downloaded from eu-north-1 as this region gets new releases of SSM Agent first. COPY ./hashes/ssm ./hashes +COPY ./gpg-keys/amazon-ssm-agent.gpg ./amazon-ssm-agent.gpg RUN \ ARCH=$(uname -m | sed 's/aarch64/arm64/' | sed 's/x86_64/amd64/') && \ curl -L "https://s3.eu-north-1.amazonaws.com/amazon-ssm-eu-north-1/${SSM_AGENT_VERSION}/linux_${ARCH}/amazon-ssm-agent.rpm" \ -o "amazon-ssm-agent-${SSM_AGENT_VERSION}.${ARCH}.rpm" && \ grep "amazon-ssm-agent-${SSM_AGENT_VERSION}.${ARCH}.rpm" hashes \ - | sha512sum --check - && \ + | sha512sum --check - && \ + rpm --import amazon-ssm-agent.gpg && \ + rpm --checksig "amazon-ssm-agent-${SSM_AGENT_VERSION}.${ARCH}.rpm" && \ yum update -y && yum install -y jq screen shadow-utils && \ yum install -y "amazon-ssm-agent-${SSM_AGENT_VERSION}.${ARCH}.rpm" && \ rm "amazon-ssm-agent-${SSM_AGENT_VERSION}.${ARCH}.rpm" && \ diff --git a/Makefile b/Makefile index e23731e..caff34c 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ UNAME_ARCH = $(shell uname -m) ARCH ?= $(lastword $(subst :, ,$(filter $(UNAME_ARCH):%,x86_64:amd64 aarch64:arm64))) # SSM_AGENT_VERSION is the SSM Agent's distributed RPM Version to install. -SSM_AGENT_VERSION ?= 3.1.1141.0 +SSM_AGENT_VERSION ?= 3.1.1476.0 .PHONY: all build check check-ssm-agent diff --git a/VERSION b/VERSION index 60f6343..1490961 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.6.0 +v0.6.1 diff --git a/gpg-keys/amazon-ssm-agent.gpg b/gpg-keys/amazon-ssm-agent.gpg new file mode 100644 index 0000000..e5de897 --- /dev/null +++ b/gpg-keys/amazon-ssm-agent.gpg @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQENBGIxF/8BCADv014neDCfkpdj79/XVeQVy0Wz9LSiB/iksc1jTPaCgD/9ojdQ +10LfEFEyLoeTEhX5WBu0Ry7oKW9AK51kscMjTHwdFnzXsT4tAoSXxh7lbgdfhpVm +bJ0bVArrzKIQ8JOE2lrn6LgVcGTtbPGURNNNRD1nZEgZm6wni+ZoplsXmsj0wD7f +I5zhk/e+OyrsolpNWBJB0vf6JXVV2MauZKGlwRR4pZoSw5yPOa0rZDtOTtPbUX5C +lWGLtdQ3848YvgjMzK9GeEqK9n6yQx5potlvxJ6TCZsZTwXXF5LyPuv2y6U22075 +JjMMX7noNnVnipKMj+l7x5fis+X+gafF/PbTABEBAAG0J1NTTSBBZ2VudCA8c3Nt +LWFnZW50LXNpZ25lckBhbWF6b24uY29tPokBPwQTAQIAKQUCYjEX/wIbLwUJAsaY +gAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEN2BphdWuqVJUKoIANHALkLq +xsUco2JwymOorf+1icVtL8MSdi87lIhxfIGWaGN5CkzrkBAJlIyf/C+hVcLzR9rQ +DWIJakLWE3XPb4g8fWyr5VlOoYbcGLCky0fL5O0pWEnF2ecQMMSpwkdv9zx7qUoo +PssEpuwz5kIOYp2ENy21IPkMGpny8MCbzQ+sHysLWiJ/b0aWX9giPuMe5vTO3djM +CPtyA5CeG3BMawPOaDQvjxB+DnWCg1HslgdzpZiSsusuZ8u3xKaehEMiB/Li2BO9 +yZMAeG6iok4Dn01ZVVpU9mftZKIm/T5WBX5x+TBhQ1b30MQcN61kFEe0Gll3ReTu +CPEuDwAb4WruFkaJAhwEEAECAAYFAmIxGAAACgkQfdCXo9rX9fy5yQ/+PIBXWQc4 +D/a6/nEaGM/FrLDLgPSieBCbU4TpvB7qPg6gJUX8CA+h8cZ06wDgcdi9sJ3MwTnQ +Ze1OzZ8AJroRP6XhwVeNEbeedBbmr7irSg8lIdyXZed0G0T+7SX/MDEyup16vRxW +k2UyBCXYqnxBHXeTKf9GxH0nODpcGPGByqjfmSB3nj2wZN0g8SWWz6oEWcXv218B +FJyJj7W2bQsbMXoHlILP28Ec5QN1r8cC1b1nQsmx4120XSKFWvi8trG2+dDb58LR +1afsEW8OhJwsJcba1YIMznxMbWpfyZww2S6g7rFahm1wKCxMkHIZ+Fca6axKoK9Y +KJaEPn9rbhh11XsgKBNIIP1h0eGmQTAvM01dWI9895fiaK3pQkCxV7in6dTxi8Jy +7iJBbORStxsospBJzLf+0Ca3yvILxySg1Q2EuOKuN2VW7N/l3IffJ85DVjjQgh6A +T4L6ViK/0L6ww5n8tboKB/Jz9OUDGf2idxhQe8WenIogAU3y4ZGUyzcZHMg9lRke +hdLYGtqRATdWuwFQbwjPeBNovulqKOPXU9BLEezz8gMtd6/aW/UQA33xuZlh959o +DHhGwWDXEJzhrIlFAljkb7rsIhhjrg/R2usSIi78i1jFkGsVqRET2/avn7/kBcgL +yIk43DugjkN04nzHfULMJmEm02uVumgSJzQ= +=rGEs +-----END PGP PUBLIC KEY BLOCK----- diff --git a/hashes/ssm b/hashes/ssm index 4df2158..2d69cc8 100644 --- a/hashes/ssm +++ b/hashes/ssm @@ -1,2 +1,2 @@ -638b9647e60597606a90f0d4a8ee4873c8c43d12316af344e4e0312e76ae515d28d77f57bc13a30f2b5668b017ed87fce42da86e964d8af62ef49b2b83301eca amazon-ssm-agent-3.1.1141.0.amd64.rpm -821faa6256db734bb03aa3c2a429798775a83e4232cc3586876d38848b1849a9075f9b94a208d9e20f79b70390c67f19b38810ed2996b21282452411f4131c18 amazon-ssm-agent-3.1.1141.0.arm64.rpm +4b00fe101d133223d8d1c785a81e698c7a42b7a536f5b8b3522e03b6f343d184bf8cdc4cfd4301d89e19fafcefd57811da5fb3106390ef3f6c14799481d55e7e amazon-ssm-agent-3.1.1476.0.amd64.rpm +e2332cd1a4bbd25e3773e2952a6a1344a893e86c67f89a9c39f13db32a0aa8dc7d3d1cf4f39abb29cb7a77d930ab514b1b8d7f61504da55ab4a9a9312e684823 amazon-ssm-agent-3.1.1476.0.arm64.rpm