{"architecture":"arm64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Entrypoint":["/usr/local/bin/fips-entrypoint.sh"],"Cmd":["/bin/sh"],"WorkingDir":"/","Labels":{"ai.echo.image.name":"echo-fips","ai.echo.image.tag":"mini","ai.echo.image.upstream.digest":"sha256:8f0c555de6a2f9c2bda1b170b67479d11f7f5e3b66bb4a7a1d8843361c9dd3ff","ai.echo.image.upstream.tag":"stable-slim","ai.echo.image.upstream.uri":"docker.io/library/debian","com.echohq.image.name":"echo-fips","com.echohq.image.tag":"mini","description":"JFrog Echo Image — mini (FIPS-aware, hardened)","maintainer":"JFrog Installers \u003cinstallers@jfrog.com\u003e","org.opencontainers.image.author":"echohq.com","org.opencontainers.image.title":"jfrog/echo-mini","org.opencontainers.image.vendor":"JFrog"},"ArgsEscaped":true},"created":"2026-05-04T03:53:53.470687115Z","history":[{"created":"2026-04-15T14:08:15.471824317Z","created_by":"COPY /empty/ / # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-03T16:01:50.326003183Z","created_by":"COPY /os/ / # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:49.152543829Z","created_by":"LABEL maintainer=JFrog Installers \u003cinstallers@jfrog.com\u003e","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-04T03:53:49.152543829Z","created_by":"LABEL description=JFrog Echo Image — mini (FIPS-aware, hardened)","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-04T03:53:49.152543829Z","created_by":"LABEL org.opencontainers.image.vendor=JFrog","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-04T03:53:49.152543829Z","created_by":"LABEL org.opencontainers.image.title=jfrog/echo-mini","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-04T03:53:49.152543829Z","created_by":"COPY /staging/ / # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:49.40809674Z","created_by":"RUN /bin/sh -c ldconfig 2\u003e/dev/null || true # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:49.715979492Z","created_by":"RUN /bin/sh -c OSSL_VER=$(awk '/^Version:/{print $2}' /var/lib/dpkg/status.d/openssl 2\u003e/dev/null) \u0026\u0026     echo \"OpenSSL package version: ${OSSL_VER}\" \u0026\u0026     (echo \"${OSSL_VER}\" | grep -q '+e' ||         { echo \"ERROR: Echo-patched OpenSSL replaced by stock build\"; exit 1; }) # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:49.978250635Z","created_by":"RUN /bin/sh -c cp -L /usr/lib/ssl/openssl.cnf /etc/ssl/openssl.cnf.orig # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:50.021484142Z","created_by":"COPY openssl.cnf /etc/ssl/openssl.cnf # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:50.067144998Z","created_by":"COPY fips-entrypoint.sh /usr/local/bin/fips-entrypoint.sh # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:50.474410747Z","created_by":"RUN /bin/sh -c OUT=/usr/lib/ssl/openssl-fips.cnf \u0026\u0026     ORIG=/etc/ssl/openssl.cnf.orig \u0026\u0026     cp \"$ORIG\" \"$OUT\" \u0026\u0026     awk 'BEGIN {         print \"\";         print \"# JFrog TLS hardening\";         print \"[ssl_sect]\";         print \"system_default = system_default_sect\";         print \"\";         print \"[system_default_sect]\";         print \"MinProtocol  = TLSv1.2\";         print \"MaxProtocol  = TLSv1.3\";         print \"CipherString = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256\";         print \"CipherSuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256\";     }' /dev/null \u003e\u003e \"$OUT\" \u0026\u0026     cp \"$OUT\" /etc/ssl/openssl-fips.cnf \u0026\u0026     echo \"Lines in fips.cnf: $(wc -l \u003c \"$OUT\")\" \u0026\u0026     grep -q 'fips = fips_sect' \"$OUT\" \u0026\u0026 echo \"PASS: fips_sect present\" || { echo \"FAIL: fips_sect missing\"; exit 1; } \u0026\u0026     grep -q 'MinProtocol' \"$OUT\" \u0026\u0026 echo \"PASS: MinProtocol present\" || { echo \"FAIL: MinProtocol missing\"; exit 1; } \u0026\u0026     grep -q '\\.include' \"$OUT\" \u0026\u0026 echo \"PASS: .include present\" || { echo \"FAIL: .include missing\"; exit 1; } # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:50.908903906Z","created_by":"RUN /bin/sh -c chmod +x /usr/local/bin/fips-entrypoint.sh \u0026\u0026     sh -n /usr/local/bin/fips-entrypoint.sh \u0026\u0026     chmod 644 /etc/ssl/openssl.cnf \u0026\u0026     chmod 644 /usr/lib/ssl/openssl-fips.cnf /etc/ssl/openssl-fips.cnf \u0026\u0026     (chmod 644 /etc/ssl/certs/ca-certificates.crt 2\u003e/dev/null || true) \u0026\u0026     (find /usr/bin /usr/sbin /bin /sbin          \\( -perm -4000 -o -perm -2000 \\)          ! -name 'su' ! -name 'newgrp'          -exec chmod a-s {} \\; 2\u003e/dev/null || true) # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:51.213611313Z","created_by":"RUN /bin/sh -c echo \"=== OS ===\" \u0026\u0026 cat /etc/os-release | grep -E 'NAME|VERSION' # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:51.608074628Z","created_by":"RUN /bin/sh -c echo \"=== OpenSSL ===\" \u0026\u0026 openssl version -a # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:51.968050872Z","created_by":"RUN /bin/sh -c echo \"=== Non-FIPS config ===\" \u0026\u0026     OPENSSL_CONF=/etc/ssl/openssl.cnf openssl ciphers -v ALL 2\u003e\u00261 | head -3 \u0026\u0026     echo \"openssl.cnf OK\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:52.541693554Z","created_by":"RUN /bin/sh -c echo \"=== FIPS config loads FIPS provider? ===\" \u0026\u0026     OPENSSL_CONF=/usr/lib/ssl/openssl-fips.cnf openssl list -providers 2\u003e\u00261 | tee /tmp/fips-providers.txt \u0026\u0026     grep -qi 'fips' /tmp/fips-providers.txt || { echo \"FAIL: FIPS provider not active under openssl-fips.cnf\"; exit 1; } \u0026\u0026     echo \"openssl-fips.cnf OK\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:52.954161672Z","created_by":"RUN /bin/sh -c echo \"=== Cipher policy ===\" \u0026\u0026     CSTR=\"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256\" \u0026\u0026     openssl ciphers -v \"$CSTR\" 2\u003e/dev/null | awk '{print $1}' |         grep -E '^ADH-|^AECDH-|^NULL-|^EXP-'         \u0026\u0026 echo \"FAIL: weak suites\" \u0026\u0026 exit 1         || echo \"PASS: no weak suites\" \u0026\u0026     grep -E 'MinProtocol\\s*=\\s*TLSv1\\.2' /etc/ssl/openssl.cnf \u0026\u0026 echo \"PASS: MinProtocol set\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:53.253954357Z","created_by":"RUN /bin/sh -c echo \"=== initContainer utilities ===\" \u0026\u0026     MISSING=\"\" \u0026\u0026     for cmd in bash sh curl cp rm mkdir chmod sed grep ls mv cat                sleep timeout tail kill touch tee basename; do         if command -v \"$cmd\" \u003e/dev/null 2\u003e\u00261; then             printf \"  %-12s %s\\n\" \"$cmd\" \"$(command -v \"$cmd\")\";         else             printf \"  %-12s MISSING\\n\" \"$cmd\"; MISSING=\"${MISSING} ${cmd}\";         fi;     done \u0026\u0026     [ -z \"$MISSING\" ] \u0026\u0026 echo \"PASS: all initContainer utilities present\"         || { echo \"FAIL: missing:${MISSING}\"; exit 1; } # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:53.470687115Z","created_by":"RUN /bin/sh -c echo \"=== All smoke tests passed ===\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-04T03:53:53.470687115Z","created_by":"ENTRYPOINT [\"/usr/local/bin/fips-entrypoint.sh\"]","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-04T03:53:53.470687115Z","created_by":"CMD [\"/bin/sh\"]","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:28619fc18149a2a01b4c34ef0ef38c54719d15e4311f6b2659287f37feeff988","sha256:a9065ff58f4d45c26a00e10c641b838229ab2edba5de4fcc27a3293a678992d8","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:b5a608d954f53d4f7e2357347b8829cadcb2ed2c8484c0f0a853d4dad2cdfdbf","sha256:859249f588f503ae7754023ece8daee01b88cfbf426008d45c762d4c354387a1","sha256:988202915a621c3074e61e4f381ebf540d47a6919e3bba5b7f869e1813a282f7","sha256:48d5e8c0f0ab1eeb79c29e076afeee7104d5f094ded57ffb1bda3662a97810ae","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:8ea8a7ea33f1495e4d6a5e828898ed286f0724f4eedadbeabd28c0b3075e1384","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"]}}