Switch docker env from ct_server to TesseraCT (#2210)

Signed-off-by: Colleen Murphy <[email protected]>

Author: cmurphy

.github/workflows/e2e.yml

@@ -44,9 +44,8 @@ jobs:
 
       - name: Make trusted root and signing config
         run: |
-          curl http://localhost:5555/api/v1/rootCert > root.pem
           cosign trusted-root create \
-            --fulcio="url=http://localhost:5555,certificate-chain=root.pem" \
+            --fulcio="url=http://localhost:5555,certificate-chain=./config/fulcio-root/root.pem" \
             --ctfe="url=http://localhost:6962,public-key=./config/ctfe/pubkey.pem,start-time=2025-11-25T21:41:42+00:00" \
             --out=trusted-root.json
           cosign signing-config create \

Dockerfile.ctfe_init

@@ -12,10 +12,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM ghcr.io/sigstore/scaffolding/ct_server:v0.7.29@sha256:10036a9ae81dd0ab237716d7cea7d5be5ddc082634345850af92d1bd7528f6a5 AS server
+# Rebuild the tesseract image using the golang case in order to get the curl binary for the docker-compose healthcheck.
+
+FROM ghcr.io/sigstore/scaffolding/tesseract/posix:v0.1.1-0.20251112113307-52b154e44576 AS server
 
 FROM golang:1.25.4@sha256:e68f6a00e88586577fafa4d9cefad1349c2be70d21244321321c407474ff9bf2 AS deploy
 
-COPY --from=server /ko-app/ct_server /usr/local/bin/ct_server
+COPY --from=server /ko-app/posix /usr/local/bin/tesseract
 
-ENTRYPOINT ["ct_server"]
+ENTRYPOINT ["tesseract"]

Dockerfile.ct_server Dockerfile.tesseractDockerfile.ct_server renamed to Dockerfile.tesseract

@@ -1,8 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,05BAAA9143C46320
-
-AttbquLclNy7ZEnlDFpReZvV2PZKuv89YMWqDvGGtnBVw+3eXYIa54Xli1CyXEPn
-qNGvibjIxj+Q19+VhA3n42SE2fHyULHKPZHebSL5qcVvZTqmbtAe/dZNH1SiGG2f
-bWauIw0oeHhXW5i9isxrLggPMRmPA65Ii3W7gyWFmjE=
+MHcCAQEEIJ9Pg0iH6QCirQyaa+VMuICcBZKLe5qPKjqDU1+O4OyroAoGCCqGSM49
+AwEHoUQDQgAEiFqVZDih9Jff02pEQcyhGFH+Vm8YnKoWOMoTdgeEej8SgDE4kXnG
+Ce0LK4kvXvrbgiMuN0Ih6a45aVnEaQOjSQ==
 -----END EC PRIVATE KEY-----

config/ctfe/ct_server.cfg

@@ -1,4 +1,4 @@
 -----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbbQiLx6GKy6ivhc11wJGbQjc2VX/
-mnuk5d670MTXR3p+LIAcxd5MhqIHpLmyYJ5mDKLEoZ/pC0nPuje3JueBcA==
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiFqVZDih9Jff02pEQcyhGFH+Vm8Y
+nKoWOMoTdgeEej8SgDE4kXnGCe0LK4kvXvrbgiMuN0Ih6a45aVnEaQOjSQ==
 -----END PUBLIC KEY-----

config/ctfe/privkey.pem

@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJtTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQuiyER+U/sCa2sCko
+BTXXuAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFy4EJ3Kx7cHialF
+mxXkqucEgglQo+uEuSBXI4yl2AAOvfXHh2yQx5EIomeUnL6loM/8hXsI169qGi9H
++Als5IFoRr5LpJ/twvGVFdd9CeOfhJpn0AF9Qy0hcls9Zs9kBF6FdbXvwjNsiAso
+YSUjeDFo8V4E6rooRC2Mg97BtBDVJTZ1JvZRpjbBunWcItVJQz9JG42yL23ocTP8
+5k5oOgjBCMtnGUOGVVdFiUpD5JKL/IwmDNEpwgmPX7v1PSsJyJf+ajV51GMDiGVg
+A4RUhCjD6iWBUTEfvUFDV8Y9+mtX0fKJNh2D4pSuwnb/WNOP/tVHslZL0vm0kRxX
+5y6Mmu6CggL6z7fOdtZgyiZ3QjuepXyY5WTZqIAW494qSqQXjWknywKqV4UOJr2I
+J5RjrjHakln6CaPbc8x7zNQICp0Ra1jFnQuCwkJ2sFt4SHw48CUfQdnbVyF2vACg
+bboGOgp7N5BE4IcmPCrV5FisGYfxUDn5K7JlIAf5diYtPykw5IHrh/UBW79Xi/ub
+2hxmZmeZDNLNdmWOh/Rnnd88myJRx/I4fktK253mhcGE7mruKdDxjFQXspr3CV38
+vbRcY1aJUlvRMCVZaGvymLlTwmLGP3br3zSoOGwo/XrxjvAdnOB/MY3TBB8IuODs
+VRlnEgH+Ho2l+AcBAe5bbvwLL24jsHirsqaMxLWGZW7FYJFS1bankIjJtoWIirQT
++BTWVe9QhsgNlfOnJN5NACm8x7hOiV3MbEzE7a74QkpAfL/SHwYAvDcsKfYrGbJz
+z79hZnWNefp9mtfeeN+euC49kuGk2t6hTm0M7gzW+1T3N20HApzixdwU/FfWajgT
+P0RXMjOP/uwZqCWJLtLngieja1RXGH/hG1FoenUz353zTHbTmWPSkE2avniSxAhc
+4YRQXN7wS6/wQ0RZmyjqacgBdL0ZTPDGdSAwUmhD6bDXSUg4l2HFms7Ezqv7LizT
+TzUq1wH+7Wre6Svdug+WXFs2LI5+BfyaNASVmE7tyFgUUucACKiUjQx9cSkvWxsS
+0NbcJOM9+yIdNFA0ValMmkuoB6+NvIkfOBR+y0MhsnuwQbzobdi3L0vK7f/8qiuJ
+vSi9SfD9w+M3rRe50DluRM9oerNGE7JiOYia/Lpxo+jrqktd/PIoGjdcHU6wWSa+
+mNlaXYJDYdOySipoNby+TPEYN/mZdXElx9ZB0ZT485RRrpp+Qj14adFmp7KvO9q9
++dj5QcqHRkn8lO1smGVvs14WE82w2C/nbIHpcW0GRCa4jF+bzMTve/W7EBjvqgF5
+DD4riJPsLUzEEx7TQ/V7wW49wYZxfRvEHC3uwxn4OnLzbuDyaiN2bPfa49hVAKyL
+woWbiVNlmW8Z+ZYYElGMwXHsZn2W1yh4n5dqoQSOGRX8ASRR2lMeMA3LGacw8bbX
+tuF+kQ9uP2alCaTNEZbwZaBhx2Gc2wVpJfqI+wz7CNa6rSI99BYMO35VyPIIn35t
+YPqzaKvzoy5FAiXUb54Rm2v5A1v7/Dx18RY9MBDiwgHixI3EHo3EY4dYfzuqJvwm
+Mvfq754wNtS/wEnFF9VD6bCKUyLx9/vNGG79tN5HOiHK42G9OPSORD0hj+w3wryE
+tWQe50C8dLHTBW0sufkQIgsvLYKToisxe3a9yKX9ga1afLiopfoIHA+cRLw4sWzn
+Pc61UXxQ81tnbk2axuvNWzNOUL5yctPM/5vgqq3iUMQobzVnxU6TFx53u/tb4Ryd
+KIY9ehCF1M1Pw4Ti5cVBIe6d9WqtWKITuz7Epm7WPvvc777QgQ15zo1WFcFb3Utc
+GBEbUTVSzNvNBYVWQWXV1CTKv6kMfrYMHHFgTNOGAvbajkIIkB6ZtLmjrNTdRq8N
+oWgVtN1tdRraqcE2BrtSWSbC3oj2lShagrLdrjhqfvPMykrhp5QHD5mMTDNhmuZz
+yYGvPqwtVIs5XS+X6CL9ynJtA3OzvDNjLN1MI8Ha/c5mSrW/IkH6rPHgZrL6DI+q
+jkJ3OLkFCcyxHoRhF5Y/+d+ljBjsLAazb8U4dii03PxoZXRimUP9mNHtNkHFfFnP
++D8VKoMbW3PV+lwXkkWi8JTov401LiWyWHsvvcouvtqdVo0cJQXI6N5GcVZR61cu
+jRaQIE6hT110IFPM0H2dUGAEgh/M1gFHGCuo1RWp+neM2qjqHvjqVN8Kzz/8K5b2
+LzAIwb7W4PA5KLwIv+XvcsHaFqzOYPwZbbjeo9NBmHqIvxmXChLsFfjOFzvcK6Yn
+s++1/7oZ1A/CXfagJ86NTnNdkjTR37fkno+s5iDTNupSxZhuSl2pJ1IyhGJbQby/
+brHNuBVkZpj+zRNPa7X2pYjE6V64MP+FsjRxhU/0PBx41T88ouRmtioSOdAvpIHh
+zMbrK09OHB0uZsdlwPEZLwnebeuA81QE/mG7k72B5oIo8J4Xekf6bPDFHzlE33Ej
+oCo3BajhuBk1zI6Geo9HVV0uD2nfhI0ExG9LVJ9CvnR2C6oOBw6QtMgAQpVjpm+z
+eKl2mtfbwTeBonBMOOydODMYRXPumk/X/6NXMJBPrhbzmGzR+K5QbCMNu8yK9qRp
+xXGDZ/2CU6M1zFWDzw2OYCBymwLBFHUHMlikariCTSFjh5amZa/rdBi+1+ePk15U
+0n2byu+XVK5DW1LadhE4l86gpvwH2nzGTQvhGbszEpfqVHOwNr7EwYH/2N565RLM
+JmwjyWQnLJT30fgkZ3VxdWd/A/pg8y1nsqJeUV43UjmUlMw3+Iy3gMiYC862h1dE
+mJroMx/J6aecgqDlc2W9AZm6qHFacialiwypzwc3+DbgtknphKfsMJe3apkGIiJk
+2ahR04q2csRIVOWeq9cVVCB5wRR2QHZrVNhk6+Ke3ToaFdh499JalaQDxvJVJmqZ
+xksdSsAAK82pZepkMbx35FiEkqA5ZPugPcYmeiiWK0sMsT4Au/+rGaKgwhK3Gime
+mv186Y6W4zcfiJPtd6JaFGeoSfgLoCr8ht4cwMZ1BIdDd4mxw1Qs6AROBjXXTI7m
+iX/ZDo2O92RNG09RzB1UlKUEUOg6DllCrWYfjbCxlC0vxX08AfreMGmBC7I7Uosw
+vGOCUEq3I38dQK6a8aRlKuX3GwAOfwKWPqA/gaLJ4Lm20+uBE1R9wN6VL+QGuJUS
+jCwlB87RMXgygq4kfRel6dAfTzSZ03Lm1LyuWxSs6Suuhc57zOhjSw4=
+-----END ENCRYPTED PRIVATE KEY-----

config/ctfe/pubkey.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFgTCCA2mgAwIBAgIUERo606e5wJre4688g2VBS2U3hq8wDQYJKoZIhvcNAQEL
+BQAwUDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxFjAUBgNVBAoM
+DVNpZ3N0b3JlIFRlc3QxFDASBgNVBAMMC2Z1bGNpby50ZXN0MB4XDTI1MTExNTAx
+MzYxMFoXDTMwMTExNTAxMzYxMFowUDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNv
+bWUtU3RhdGUxFjAUBgNVBAoMDVNpZ3N0b3JlIFRlc3QxFDASBgNVBAMMC2Z1bGNp
+by50ZXN0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnZK55wRjuS/s
+0fuKcC60hfTApaYylRKecwDnSrMz7zj+F0EEMg8mRRVsE7oMLL+z8KS+FOiiZqIp
+yZKM5KFfZFgArsWPEF3LlDCw2x3U52GPSjWxhLKUbsnbJjNTcNQ/qmFdgARVIgIB
+gzNW2ezgCWq5cYtYBX/pnHcnsr94+mQTpe52B6L54X7qV8Kt/BQ4kikthg+khUHH
+0QSnSd15WipFrZ2nLERkns3UgGT+XpBw+UQ5iiIhDhbfgcCK0R5Lnb3jjzGyeMEc
+xT0l4KEPB69ujOwcmZ9PyGchpHLl933ZPA+5z4en+Q7Stv2b4yyCTcthWTxloCqf
+sR0qTk0yNocZRx2eHrQlDMWHyHH4R1x2/0ZkttskbGMiLm1YXGHe/7p4PSo1Pxlk
+G2Wzl2Y5fkZoIb3wzdV/s7A05ng/2IKGro2rmkzHzf78CWGdHvZJ2cjygJP51bHy
+VzbbNvMhjAg1jxytAs5qT+f/vOegNq3TlKP0K7ow1nG7kmXDWtdU1evpJJYaR23o
+Qw4UR/vJlx9vCq8vq8X51Z6yJBzoWwzEkixTpzYgiLcC6kYX9LlErJf6N2Zczric
+4+149cRSV9gkFkohMd5fgOUu0NWbOqxWIr8BZ/a653nX/xj5hFkuq1tUF3U+WQXj
+LJdhLAEBbK/SqtjpsCiRpgk4IFk6u8UCAwEAAaNTMFEwHQYDVR0OBBYEFC/hQQHE
+FdYR7OsiNlBIaJBTW8XuMB8GA1UdIwQYMBaAFC/hQQHEFdYR7OsiNlBIaJBTW8Xu
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAIrvJGgqA16fe5/q
+W3g11N08L9hN8eL4BD9UlsjQ47yHO9mHsu8KxRQpwO5XiPT5Lw+tDEgwwNjRZ0+m
+l6gh0swX9Cd7U/Lm+LGgUa+oEmf7umem5TyBB6uRXrtkvXJxNVh9vPZ0BolaqS0x
+BPMBVXghsBYUTz71e78Cc3BfFBmbIGZ9nVnnHnWH6MudsvTFAmR+L+lOjPje1BqP
+f02sZzztbguGK3oRwYKyKpMoT0IdThGA7M2AgLXZktlyq6n4m/nM+xIFoRn5HAOl
+I4dslEM3bhjobmbX4nJypN4Oj5z4bs8m+3w5sdn6mpSVZI20lwkOrO/LTrRhVEuu
+G4vloNqoywKbUqhCdEIC2UUQHg45icnlQyi4KY4uljIjOHRSmDDVy5t71swkxtIo
+Knc8eHp+AxGvLpIL0WNLItA5/wamgk0YqZO8H8HGDsH7+QyBdE5rAX1AWllQIo+f
+Iidle19I1RoGZhmPJIOwr3quRn1FGRih8Bir8ilDz0XK8oAMKbW8+eS3Cgbw5OqA
+YZGNhpHLkxgsrhdF1dxkOJ+Ytr1B9lJ4negd8oWolYHvo5ovYnpr2EVWrsjp+Cv7
+PJVzXejnWOBsekGtSQexMufekjT1yWAo9NYIcXwSC2Jvn1U6N5o3BqmRZPKVafQH
+lWY4vQoPfUhPoXT4Y/ikkGHgfgqq
+-----END CERTIFICATE-----