New tool: Alpine Release Info

Published: by Creative Commons Licence

Docker is great, but I don't like that images at docker hub are not digitally signed. Those images are being installed around the globe, yet it is impossible to know what is it that you are ultimately downloading and whether it comes from the claimed source or not. Even in the case of "Official" images.

Alpine Linux provides metadata and digital signatures for all their downloads.

If you produce images or containers based on Alpine Linux, this utility could help you:

Alpine Linux Release Info

It is a command line utility to query Alpine Linux's distribution tree.

The targeted use case is the continuous delivery of products based on Alpine Linux such as Docker Images.

This script will deliver the latest release given branch, architecture, flavor, etc. There are many other parameters that can be queried such as: url to download, sha512, gpg signature, etc.




To install the latest release of this utility:

pip install alpine_release_info

For help on the available parameters:

alpine_release_info -h

To query the download url for the latest release on the v3.5 branch for armhf architecture and minirootfs flavor:

alpine_release_info -a armhf -b v3.5 -f alpine-minirootfs -q url