From db7deb6b2e5655025c49b253fc44f1940662def0 Mon Sep 17 00:00:00 2001
From: deepsm007 <dmistry@redhat.com>
Date: Thu, 8 Sep 2022 10:33:34 -0400
Subject: [PATCH] Adding checksum for yq in libvirt installer containers

---
 images/libvirt/Dockerfile.ci | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/images/libvirt/Dockerfile.ci b/images/libvirt/Dockerfile.ci
index ddfe78d47b..c9a0812384 100644
--- a/images/libvirt/Dockerfile.ci
+++ b/images/libvirt/Dockerfile.ci
@@ -25,8 +25,13 @@ RUN yum update -y && \
     openssh-clients && \
     yum clean all && rm -rf /var/cache/yum/*
 
-RUN curl -L https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64 -o /usr/bin/yq && \
-    chmod +x /usr/bin/yq
+ARG YQ_URI=https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64
+ARG YQ_HASH=e70e482e7ddb9cf83b52f5e83b694a19e3aaf36acf6b82512cbe66e41d569201
+RUN echo "${YQ_HASH} -" > /tmp/sum.txt && \
+  curl -L --fail "${YQ_URI}" | tee /bin/yq | sha256sum -c /tmp/sum.txt >/dev/null && \
+  chmod +x /bin/yq && \
+  rm /tmp/sum.txt
+
 RUN mkdir /output && chown 1000:1000 /output
 USER 1000:1000
 ENV PATH /bin