diff --git a/content/chainguard/chainguard-images/reference/minio-fips-client/_index.md b/content/chainguard/chainguard-images/reference/minio-fips-client/_index.md deleted file mode 100644 index c87f8cc6c0..0000000000 --- a/content/chainguard/chainguard-images/reference/minio-fips-client/_index.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: "Image Overview: minio-fips-client" -linktitle: "minio-fips-client" -type: "article" -layout: "single" -description: "Overview: minio-fips-client Chainguard Image" -date: 2024-02-29 16:25:55 -lastmod: 2024-02-29 16:25:55 -draft: false -tags: ["Reference", "Chainguard Images", "Product"] -images: [] -menu: - docs: - parent: "images-reference" -weight: 500 -toc: true ---- - -{{< tabs >}} -{{< tab title="Overview" active=true url="/chainguard/chainguard-images/reference/minio-fips-client/" >}} -{{< tab title="Details" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/image_specs/" >}} -{{< tab title="Tags History" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/tags_history/" >}} -{{< tab title="Provenance" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/provenance_info/" >}} -{{}} - - - - -Minimal image with Minio. **EXPERIMENTAL** - - - -## Download this Image -The image is available on `cgr.dev`: - -``` -docker pull cgr.dev/chainguard/minio:latest -``` - - - -## Using Minio - -The Chainguard Minio image contains the `minio` server binary. -The default entrypoint just runs the `minio` binary without any flags. - -```shell -$ docker run cgr.dev/chainguard/minio -NAME: - minio - High Performance Object Storage - -DESCRIPTION: - Build high performance data infrastructure for machine learning, analytics and application data workloads with MinIO - -USAGE: - minio [FLAGS] COMMAND [ARGS...] - -COMMANDS: - server start object storage server - -FLAGS: - --certs-dir value, -S value path to certs directory (default: "/root/.minio/certs") - --quiet disable startup and info messages - --anonymous hide sensitive information from logging - --json output logs in JSON format - --help, -h show help - --version, -v print the version - -VERSION: - DEVELOPMENT.2023-03-24T21-41-23Z -``` - -To start minio in a server configuration, make sure to override the `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD` environment variables, -and pass a data volume to the `server` command. - -```shell -$ docker run -v $(pwd):/data -e MINIO_ROOT_USER=MYNAME -e MINIO_ROOT_PASSWORD=nothunter2 cgr.dev/chainguard/minio serve /data -MinIO Object Storage Server -Copyright: 2015-2023 MinIO, Inc. -License: GNU AGPLv3 -Version: DEVELOPMENT.2023-03-24T21-41-23Z (go1.20.2 linux/arm64) - -Status: 1 Online, 0 Offline. -API: http://172.17.0.5:9000 http://127.0.0.1:9000 -Console: http://172.17.0.5:46387 http://127.0.0.1:46387 - -Documentation: https://min.io/docs/minio/linux/index.html -Warning: The standard parity is set to 0. This can lead to data loss. -``` - - diff --git a/content/chainguard/chainguard-images/reference/minio-fips-client/image_specs.md b/content/chainguard/chainguard-images/reference/minio-fips-client/image_specs.md deleted file mode 100644 index e1560ad4f7..0000000000 --- a/content/chainguard/chainguard-images/reference/minio-fips-client/image_specs.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: "minio-fips-client Image Details" -type: "article" -unlisted: true -description: "Detailed information about the public minio-fips-client Chainguard Image." -date: 2024-02-29 16:25:55 -lastmod: 2024-02-29 16:25:55 -draft: false -tags: ["Reference", "Chainguard Images", "Product"] -images: [] -weight: 550 -toc: true ---- - -{{< tabs >}} -{{< tab title="Overview" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/" >}} -{{< tab title="Details" active=true url="/chainguard/chainguard-images/reference/minio-fips-client/image_specs/" >}} -{{< tab title="Tags History" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/tags_history/" >}} -{{< tab title="Provenance" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/provenance_info/" >}} -{{}} - -This page shows detailed information about the Chainguard **minio-fips-client** Image. - -| | latest-dev | latest | -|--------------|---------------|---------------| -| Default User | `nonroot` | `nonroot` | -| Entrypoint | `/usr/bin/mc` | `/usr/bin/mc` | -| CMD | not specified | not specified | -| Workdir | not specified | not specified | -| Has apk? | yes | no | -| Has a shell? | yes | yes | - -Check the [tags history page](/chainguard/chainguard-images/reference/minio-fips-client/tags_history/) for the full list of available tags. - -## Packages Included -The table shows package distribution across variants. - -| | latest-dev | latest | -|-------------------------------|------------|--------| -| `apk-tools` | X | | -| `bash` | X | X | -| `busybox` | X | | -| `ca-certificates-bundle` | X | X | -| `chainguard-baselayout` | X | X | -| `git` | X | | -| `glibc` | X | X | -| `glibc-locale-posix` | X | X | -| `ld-linux` | X | X | -| `libbrotlicommon1` | X | | -| `libbrotlidec1` | X | | -| `libcrypt1` | X | | -| `libcrypto3` | X | | -| `libcurl-openssl4` | X | | -| `libexpat1` | X | | -| `libidn2` | X | | -| `libnghttp2-14` | X | | -| `libpcre2-8-0` | X | | -| `libpsl` | X | | -| `libssl3` | X | | -| `libunistring` | X | | -| `mc-fips` | X | X | -| `ncurses` | X | X | -| `ncurses-terminfo-base` | X | X | -| `openssl-config-fipshardened` | X | X | -| `openssl-provider-fips` | X | X | -| `wget` | X | | -| `wolfi-baselayout` | X | X | -| `zlib` | X | | - diff --git a/content/chainguard/chainguard-images/reference/minio-fips-client/provenance_info.md b/content/chainguard/chainguard-images/reference/minio-fips-client/provenance_info.md deleted file mode 100644 index 23e5e98cfd..0000000000 --- a/content/chainguard/chainguard-images/reference/minio-fips-client/provenance_info.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: "Provenance Information for minio-fips-client Images" -type: "article" -unlisted: true -description: "Provenance information for minio-fips-client Chainguard Image" -date: 2022-11-01T11:07:52+02:00 -lastmod: 2024-03-01 12:14:22 -draft: false -tags: ["Reference", "Chainguard Images", "Product"] -images: [] -weight: 600 -toc: true ---- - -{{< tabs >}} -{{< tab title="Overview" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/" >}} -{{< tab title="Details" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/image_specs/" >}} -{{< tab title="Tags History" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/tags_history/" >}} -{{< tab title="Provenance" active=true url="/chainguard/chainguard-images/reference/minio-fips-client/provenance_info/" >}} -{{}} - -All Chainguard Images contain verifiable signatures and high-quality SBOMs (software bill of materials), features that enable users to confirm the origin of each image build and have a detailed list of everything that is packed within. - -You'll need [cosign](https://docs.sigstore.dev/cosign/overview/) and [jq](https://stedolan.github.io/jq/) in order to download and verify image attestations. - -### Registry and Tags for minio-fips-client Image -Attestations are provided per image build, so you'll need to specify the correct tag and registry when pulling attestations from an image with `cosign`. - -| Registry | Tags | -|------------------------------|----------------------------------------------| -| `cgr.dev/chainguard` | No public tags are available for this image. | -| `cgr.dev/chainguard-private` | 0, 0-dev, latest, latest-dev | - - -- `cgr.dev/chainguard` - the Public Registry contains our **Developer Images**, which typically comprise the `latest*` versions of an image. -- `cgr.dev/chainguard-private` - the Private/Dedicated Registry contains our **Production Images**, which include all versioned tags of an image and special images that are not available in the public registry (including FIPS images and other custom builds). - -The commands listed on this page will default to the `latest` tag, but you can specify a different tag to fetch attestations for. - -## Verifying minio-fips-client Image Signatures -The **minio-fips-client** Chainguard Images are signed using Sigstore, and you can check the included signatures using `cosign`. - -The `cosign verify` command will pull detailed information about all signatures found for the provided image. - -### Public Registry - -```shell -cosign verify \ - --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main \ - cgr.dev/chainguard/minio-fips-client | jq -``` - -### Private/Dedicated Registry - -```shell -cosign verify \ ---certificate-oidc-issuer=https://token.actions.githubusercontent.com \ ---certificate-identity=https://github.com/chainguard-images/images-private/.github/workflows/release.yaml@refs/heads/main \ -cgr.dev/chainguard-private/minio-fips-client | jq -``` - -## Downloading minio-fips-client Image Attestations - -The following [attestations](https://slsa.dev/attestation-model) for the minio-fips-client image can be obtained and verified via cosign: - -| Attestation Type | Description | -|----------------|-------------| -| `https://slsa.dev/provenance/v1` | The [SLSA 1.0](https://slsa.dev/spec/v1.0/provenance) provenance attestation contains information about the image build environment. | -| `https://apko.dev/image-configuration` | Contains the configuration used by that particular image build, including direct dependencies, user accounts, and entry point. | -| `https://spdx.dev/Document` | Contains the image SBOM (Software Bill of Materials) in SPDX format. | - - -To download an attestation, use the `cosign download attestation` command and provide both the predicate type and the build platform. For example, the following command will obtain the SBOM for the minio-fips-client image on `linux/amd64`: - -### Public Registry - -```shell -cosign download attestation \ - --platform=linux/amd64 \ - --predicate-type=https://spdx.dev/Document \ - cgr.dev/chainguard/minio-fips-client | jq -r .payload | base64 -d | jq .predicate -``` - -### Private/Dedicated Registry - -```shell -cosign download attestation \ ---platform=linux/amd64 \ ---predicate-type=https://spdx.dev/Document \ -cgr.dev/chainguard-private/minio-fips-client | jq -r .payload | base64 -d | jq .predicate -``` - -By default, this command will fetch the SBOM assigned to the `latest` tag. You can also specify the tag you want to fetch the attestation from. - -To download a different attestation, replace the `--predicate-type` parameter value with the desired attestation URL identifier. - -## Verifying minio-fips-client Image Attestations -You can use the `cosign verify-attestation` command to check the signatures of the minio-fips-client image attestations: - -### Public Registry - -```shell -cosign verify-attestation \ - --type https://spdx.dev/Document \ - --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main \ - cgr.dev/chainguard/minio-fips-client -``` - -### Private/Dedicated Registry - -```shell -cosign verify-attestation \ ---type https://spdx.dev/Document \ ---certificate-oidc-issuer=https://token.actions.githubusercontent.com \ ---certificate-identity=https://github.com/chainguard-images/images-private/.github/workflows/release.yaml@refs/heads/main \ -cgr.dev/chainguard-private/minio-fips-client -``` - -This will pull in the signature for the attestation specified by the `--type` parameter, which in this case is the SPDX attestation. You will receive output that verifies the SBOM attestation signature in cosign's transparency log: - -``` -Verification for cgr.dev/chainguard/minio-fips-client -- -The following checks were performed on each of these signatures: -- The cosign claims were validated -- Existence of the claims in the transparency log was verified offline -- The code-signing certificate was verified using trusted certificate authority certificates -Certificate subject: https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main -Certificate issuer URL: https://token.actions.githubusercontent.com -GitHub Workflow Trigger: schedule -GitHub Workflow SHA: da283c26829d46c2d2883de5ff98bee672428696 -GitHub Workflow Name: .github/workflows/release.yaml -GitHub Workflow Trigger chainguard-images/images -GitHub Workflow Ref: refs/heads/main -... -``` diff --git a/content/chainguard/chainguard-images/reference/minio-fips-client/tags_history.md b/content/chainguard/chainguard-images/reference/minio-fips-client/tags_history.md deleted file mode 100644 index 7140346d1a..0000000000 --- a/content/chainguard/chainguard-images/reference/minio-fips-client/tags_history.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: "minio-fips-client Image Tags History" -type: "article" -unlisted: true -description: "Image Tags and History for the minio-fips-client Chainguard Image" -date: 2023-06-22T11:07:52+02:00 -lastmod: 2024-03-01 12:14:22 -draft: false -tags: ["Reference", "Chainguard Images", "Product"] -images: [] -weight: 700 -toc: true ---- - -{{< tabs >}} -{{< tab title="Overview" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/" >}} -{{< tab title="Details" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/image_specs/" >}} -{{< tab title="Tags History" active=true url="/chainguard/chainguard-images/reference/minio-fips-client/tags_history/" >}} -{{< tab title="Provenance" active=false url="/chainguard/chainguard-images/reference/minio-fips-client/provenance_info/" >}} -{{}} - -The following tables contains the most recent tags and digests that can be used to pin your Dockerfile to a specific build of this image. Check our guide on [Using the Tag History API](/chainguard/chainguard-images/using-the-tag-history-api/) for information on how to fetch all tags from an image and how to pin your Dockerfile to a specific digest. - -Please note that digests and timestamps only change when there is a change to the image, even though images are rebuilt every night. The "Last Changed" column indicates when the image was last modified, and doesn't always reflect the latest build timestamp. For more information about how our reproducible builds work, please refer to [this blog post](https://www.chainguard.dev/unchained/reproducing-chainguards-reproducible-image-builds). - -### Public Registry -The Public Registry contains our **Developer Images**, which typically comprise the `latest*` versions of an image. - -Currently, there are no Developer versions of this image available. - -### Private/Dedicated Registry -The Private/Dedicated Registry contains our **Production Images**, which include all versioned tags of an image and special images that are not available in the public registry (including FIPS images and other custom builds). - -| Tag (s) | Last Changed | Digest | -|-----------------------|---------------|---------------------------------------------------------------------------| -| `latest` `0` | February 22nd | `sha256:f3ff991494ea901df4d16307c0880ac6fdcd2e91b1c53ba906ab1055e945fe7c` | -| `latest-dev` `0-dev` | February 22nd | `sha256:75b9776e1786a824c3273880b1e63785d163138a78fc2baf3d8be7e6a889a6ed` | -