1 |
commit: ce4d6826e5aa7612221d1049b1f88853f8557a90 |
2 |
Author: Alexys Jacob <ultrabug <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Nov 14 22:57:38 2019 +0000 |
4 |
Commit: Alexys Jacob <ultrabug <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Nov 14 23:00:37 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/docker-images.git/commit/?id=ce4d6826 |
7 |
|
8 |
Use official Gentoo keyservers (keys.gentoo.org) by @mgorny |
9 |
|
10 |
See https://github.com/gentoo/gentoo-docker-images/pull/64 |
11 |
|
12 |
Signed-off-by: Alexys Jacob <ultrabug <AT> gentoo.org> |
13 |
|
14 |
portage.Dockerfile | 13 +++++-------- |
15 |
stage3.Dockerfile | 13 +++++-------- |
16 |
2 files changed, 10 insertions(+), 16 deletions(-) |
17 |
|
18 |
diff --git a/portage.Dockerfile b/portage.Dockerfile |
19 |
index 5da2631..5fda6fd 100644 |
20 |
--- a/portage.Dockerfile |
21 |
+++ b/portage.Dockerfile |
22 |
@@ -1,11 +1,8 @@ |
23 |
-# This Dockerfile creates a portage snapshot that can be mounted as a |
24 |
-# container volume. It utilizes a multi-stage build and requires |
25 |
-# docker-17.05.0 or later. It fetches a daily snapshot from the official |
26 |
+# This Dockerfile creates a portage snapshot that can be mounted as a |
27 |
+# container volume. It utilizes a multi-stage build and requires |
28 |
+# docker-17.05.0 or later. It fetches a daily snapshot from the official |
29 |
# sources and verifies its checksum as well as its gpg signature. |
30 |
|
31 |
-# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools |
32 |
-# to fetch the signing key. |
33 |
- |
34 |
FROM alpine:3.7 as builder |
35 |
|
36 |
WORKDIR /portage |
37 |
@@ -14,13 +11,13 @@ ARG SNAPSHOT="portage-latest.tar.xz" |
38 |
ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots" |
39 |
ARG SIGNING_KEY="0xEC590EEAC9189250" |
40 |
|
41 |
-RUN apk add --no-cache gnupg tar wget xz \ |
42 |
+RUN apk add --no-cache ca-certificates gnupg tar wget xz \ |
43 |
&& wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \ |
44 |
&& gpg --list-keys \ |
45 |
&& echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \ |
46 |
&& echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \ |
47 |
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \ |
48 |
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \ |
49 |
+ && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \ |
50 |
&& gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \ |
51 |
&& md5sum -c ${SNAPSHOT}.md5sum \ |
52 |
&& mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \ |
53 |
|
54 |
diff --git a/stage3.Dockerfile b/stage3.Dockerfile |
55 |
index 0a950d2..ad59ea7 100644 |
56 |
--- a/stage3.Dockerfile |
57 |
+++ b/stage3.Dockerfile |
58 |
@@ -1,11 +1,8 @@ |
59 |
-# This Dockerfile creates a gentoo stage3 container image. By default it |
60 |
-# creates a stage3-amd64 image. It utilizes a multi-stage build and requires |
61 |
-# docker-17.05.0 or later. It fetches a daily snapshot from the official |
62 |
+# This Dockerfile creates a gentoo stage3 container image. By default it |
63 |
+# creates a stage3-amd64 image. It utilizes a multi-stage build and requires |
64 |
+# docker-17.05.0 or later. It fetches a daily snapshot from the official |
65 |
# sources and verifies its checksum as well as its gpg signature. |
66 |
|
67 |
-# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools |
68 |
-# to fetch the signing key. |
69 |
- |
70 |
ARG BOOTSTRAP |
71 |
FROM ${BOOTSTRAP:-alpine:3.7} as builder |
72 |
|
73 |
@@ -18,7 +15,7 @@ ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/releases/${ARCH}/autobuilds" |
74 |
ARG SIGNING_KEY="0xBB572E0E2D182910" |
75 |
|
76 |
RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \ |
77 |
- && apk --no-cache add gnupg tar wget xz \ |
78 |
+ && apk --no-cache add ca-certificates gnupg tar wget xz \ |
79 |
&& STAGE3PATH="$(wget -O- "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt" | tail -n 1 | cut -f 1 -d ' ')" \ |
80 |
&& echo "STAGE3PATH:" $STAGE3PATH \ |
81 |
&& STAGE3="$(basename ${STAGE3PATH})" \ |
82 |
@@ -27,7 +24,7 @@ RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${ |
83 |
&& echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \ |
84 |
&& echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \ |
85 |
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \ |
86 |
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \ |
87 |
+ && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \ |
88 |
&& gpg --verify "${STAGE3}.DIGESTS.asc" \ |
89 |
&& awk '/# SHA512 HASH/{getline; print}' ${STAGE3}.DIGESTS.asc | sha512sum -c \ |
90 |
&& tar xpf "${STAGE3}" --xattrs --numeric-owner \ |