From d6473b6d4d1518b19603f71b8f839e623f72d177 Mon Sep 17 00:00:00 2001
From: Dan Pock <self@danpock.me>
Date: Tue, 3 Sep 2024 11:16:04 -0400
Subject: [PATCH] Require downloaded kubectl match expected sha

---
 package/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/Dockerfile b/package/Dockerfile
index 190dbc0..d41dee3 100644
--- a/package/Dockerfile
+++ b/package/Dockerfile
@@ -4,7 +4,9 @@ ARG TARGETPLATFORM
 ARG KUBERNETES_RELEASE=v1.21.3
 WORKDIR /bin
 RUN set -x \
- && curl -fsSLO https://dl.k8s.io/release/${KUBERNETES_RELEASE}/bin/${TARGETPLATFORM}/kubectl \
+ && curl -fsSLO "https://dl.k8s.io/release/${KUBERNETES_RELEASE}/bin/${TARGETPLATFORM}/kubectl" \
+ && curl -LO "https://dl.k8s.io/release/${KUBERNETES_RELEASE}/bin/${TARGETPLATFORM}/kubectl.sha256" \
+ && echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check \
  && chmod +x kubectl
 RUN useradd -u 1000 -U -m kubectl