Closed dvdksn closed 3 months ago
@tonistiigi yeah I thought about something like that, but it doesn't work with Git URLs afaict. I guess Git URLs could still use HTTP however so the current description isn't super clear about that either.
Actually, I checked the Git URL over HTTP case, and it seems there's a bug. Trying to do ADD --checksum
of a git@
URL prints an error.
Dockerfile:5
--------------------
3 | FROM scratch
4 | >>> ADD --checksum=sha256:1005882735b796c332de70ff8f210ddd77d1c31ae03e6b0949b4480ad3f12804 git@github.com:docker/buildx.git /
5 |
--------------------
ERROR: checksum can't be specified for non-HTTP sources
But changing that URL to https://github.com/docker/buildx.git
doesn't print the error (but still doesn't do any checksum validation).
Yes, I didn't think about the Git case. You can't add checksum to Git even if it is HTTP git URL (you can set a commit sha that behaves like a checksum but that is part of the URL).
But changing that URL to https://github.com/docker/buildx.git doesn't print the error (but still doesn't do any checksum validation).
@AkihiroSuda Can you take a look? Looks like https://github.com/moby/buildkit/blob/v0.14.1/frontend/dockerfile/dockerfile2llb/convert.go#L1352-L1354 needs to do a Git URL check first.
Yes, I didn't think about the Git case. You can't add checksum to Git even if it is HTTP git URL (you can set a commit sha that behaves like a checksum but that is part of the URL).
But changing that URL to https://github.com/docker/buildx.git doesn't print the error (but still doesn't do any checksum validation).
@AkihiroSuda Can you take a look? Looks like https://github.com/moby/buildkit/blob/v0.14.1/frontend/dockerfile/dockerfile2llb/convert.go#L1352-L1354 needs to do a Git URL check first.
Docs and error message didn't indicate whether checksum was supported for HTTPS.