[gentoo-commits] proj/docker-images:master commit in: / - gentoo-commits

From:	Alexys Jacob <ultrabug@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/docker-images:master commit in: /
Date:	Thu, 14 Nov 2019 23:02:19
Message-Id:	`1573772437.ce4d6826e5aa7612221d1049b1f88853f8557a90.ultrabug@gentoo`

1

commit:     ce4d6826e5aa7612221d1049b1f88853f8557a90

2

Author:     Alexys Jacob <ultrabug <AT> gentoo <DOT> org>

3

AuthorDate: Thu Nov 14 22:57:38 2019 +0000

4

Commit:     Alexys Jacob <ultrabug <AT> gentoo <DOT> org>

5

CommitDate: Thu Nov 14 23:00:37 2019 +0000

6

URL:        https://gitweb.gentoo.org/proj/docker-images.git/commit/?id=ce4d6826

7

8

Use official Gentoo keyservers (keys.gentoo.org) by @mgorny

9

10

See https://github.com/gentoo/gentoo-docker-images/pull/64

11

12

Signed-off-by: Alexys Jacob <ultrabug <AT> gentoo.org>

13

14

 portage.Dockerfile | 13 +++++--------

15

 stage3.Dockerfile  | 13 +++++--------

16

 2 files changed, 10 insertions(+), 16 deletions(-)

17

18

diff --git a/portage.Dockerfile b/portage.Dockerfile

19

index 5da2631..5fda6fd 100644

20

--- a/portage.Dockerfile

21

+++ b/portage.Dockerfile

22

@@ -1,11 +1,8 @@

23

-# This Dockerfile creates a portage snapshot that can be mounted as a 

24

-# container volume. It utilizes a multi-stage build and requires 

25

-# docker-17.05.0 or later. It fetches a daily snapshot from the official 

26

+# This Dockerfile creates a portage snapshot that can be mounted as a

27

+# container volume. It utilizes a multi-stage build and requires

28

+# docker-17.05.0 or later. It fetches a daily snapshot from the official

29

 # sources and verifies its checksum as well as its gpg signature.

30

31

-# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools

32

-# to fetch the signing key.

33

-

34

 FROM alpine:3.7 as builder

35

36

 WORKDIR /portage

37

@@ -14,13 +11,13 @@ ARG SNAPSHOT="portage-latest.tar.xz"

38

 ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots"

39

 ARG SIGNING_KEY="0xEC590EEAC9189250"

40

41

-RUN apk add --no-cache gnupg tar wget xz \

42

+RUN apk add --no-cache ca-certificates gnupg tar wget xz \

43

  && wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \

44

  && gpg --list-keys \

45

  && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \

46

  && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \

47

  && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \

48

- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \

49

+ && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \

50

  && gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \

51

  && md5sum -c ${SNAPSHOT}.md5sum \

52

  && mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \

53

54

diff --git a/stage3.Dockerfile b/stage3.Dockerfile

55

index 0a950d2..ad59ea7 100644

56

--- a/stage3.Dockerfile

57

+++ b/stage3.Dockerfile

58

@@ -1,11 +1,8 @@

59

-# This Dockerfile creates a gentoo stage3 container image. By default it 

60

-# creates a stage3-amd64 image. It utilizes a multi-stage build and requires 

61

-# docker-17.05.0 or later. It fetches a daily snapshot from the official 

62

+# This Dockerfile creates a gentoo stage3 container image. By default it

63

+# creates a stage3-amd64 image. It utilizes a multi-stage build and requires

64

+# docker-17.05.0 or later. It fetches a daily snapshot from the official

65

 # sources and verifies its checksum as well as its gpg signature.

66

67

-# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools

68

-# to fetch the signing key.

69

-

70

 ARG BOOTSTRAP

71

 FROM ${BOOTSTRAP:-alpine:3.7} as builder

72

73

@@ -18,7 +15,7 @@ ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/releases/${ARCH}/autobuilds"

74

 ARG SIGNING_KEY="0xBB572E0E2D182910"

75

76

 RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \

77

- && apk --no-cache add gnupg tar wget xz \

78

+ && apk --no-cache add ca-certificates gnupg tar wget xz \

79

  && STAGE3PATH="$(wget -O- "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt" | tail -n 1 | cut -f 1 -d ' ')" \

80

  && echo "STAGE3PATH:" $STAGE3PATH \

81

  && STAGE3="$(basename ${STAGE3PATH})" \

82

@@ -27,7 +24,7 @@ RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${

83

  && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \

84

  && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \

85

  && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \

86

- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \

87

+ && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \

88

  && gpg --verify "${STAGE3}.DIGESTS.asc" \

89

  && awk '/# SHA512 HASH/{getline; print}' ${STAGE3}.DIGESTS.asc | sha512sum -c \

90

  && tar xpf "${STAGE3}" --xattrs --numeric-owner \

1	commit: ce4d6826e5aa7612221d1049b1f88853f8557a90
2	Author: Alexys Jacob <ultrabug <AT> gentoo <DOT> org>
3	AuthorDate: Thu Nov 14 22:57:38 2019 +0000
4	Commit: Alexys Jacob <ultrabug <AT> gentoo <DOT> org>
5	CommitDate: Thu Nov 14 23:00:37 2019 +0000
6	URL: https://gitweb.gentoo.org/proj/docker-images.git/commit/?id=ce4d6826
7
8	Use official Gentoo keyservers (keys.gentoo.org) by @mgorny
9
10	See https://github.com/gentoo/gentoo-docker-images/pull/64
11
12	Signed-off-by: Alexys Jacob <ultrabug <AT> gentoo.org>
13
14	portage.Dockerfile \| 13 +++++--------
15	stage3.Dockerfile \| 13 +++++--------
16	2 files changed, 10 insertions(+), 16 deletions(-)
17
18	diff --git a/portage.Dockerfile b/portage.Dockerfile
19	index 5da2631..5fda6fd 100644
20	--- a/portage.Dockerfile
21	+++ b/portage.Dockerfile
22	@@ -1,11 +1,8 @@
23	-# This Dockerfile creates a portage snapshot that can be mounted as a
24	-# container volume. It utilizes a multi-stage build and requires
25	-# docker-17.05.0 or later. It fetches a daily snapshot from the official
26	+# This Dockerfile creates a portage snapshot that can be mounted as a
27	+# container volume. It utilizes a multi-stage build and requires
28	+# docker-17.05.0 or later. It fetches a daily snapshot from the official
29	# sources and verifies its checksum as well as its gpg signature.
30
31	-# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools
32	-# to fetch the signing key.
33	-
34	FROM alpine:3.7 as builder
35
36	WORKDIR /portage
37	@@ -14,13 +11,13 @@ ARG SNAPSHOT="portage-latest.tar.xz"
38	ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots"
39	ARG SIGNING_KEY="0xEC590EEAC9189250"
40
41	-RUN apk add --no-cache gnupg tar wget xz \
42	+RUN apk add --no-cache ca-certificates gnupg tar wget xz \
43	&& wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \
44	&& gpg --list-keys \
45	&& echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \
46	&& echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
47	&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
48	- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \
49	+ && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \
50	&& gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \
51	&& md5sum -c ${SNAPSHOT}.md5sum \
52	&& mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \
53
54	diff --git a/stage3.Dockerfile b/stage3.Dockerfile
55	index 0a950d2..ad59ea7 100644
56	--- a/stage3.Dockerfile
57	+++ b/stage3.Dockerfile
58	@@ -1,11 +1,8 @@
59	-# This Dockerfile creates a gentoo stage3 container image. By default it
60	-# creates a stage3-amd64 image. It utilizes a multi-stage build and requires
61	-# docker-17.05.0 or later. It fetches a daily snapshot from the official
62	+# This Dockerfile creates a gentoo stage3 container image. By default it
63	+# creates a stage3-amd64 image. It utilizes a multi-stage build and requires
64	+# docker-17.05.0 or later. It fetches a daily snapshot from the official
65	# sources and verifies its checksum as well as its gpg signature.
66
67	-# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools
68	-# to fetch the signing key.
69	-
70	ARG BOOTSTRAP
71	FROM ${BOOTSTRAP:-alpine:3.7} as builder
72
73	@@ -18,7 +15,7 @@ ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/releases/${ARCH}/autobuilds"
74	ARG SIGNING_KEY="0xBB572E0E2D182910"
75
76	RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \
77	- && apk --no-cache add gnupg tar wget xz \
78	+ && apk --no-cache add ca-certificates gnupg tar wget xz \
79	&& STAGE3PATH="$(wget -O- "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt" \| tail -n 1 \| cut -f 1 -d ' ')" \
80	&& echo "STAGE3PATH:" $STAGE3PATH \
81	&& STAGE3="$(basename ${STAGE3PATH})" \
82	@@ -27,7 +24,7 @@ RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${
83	&& echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \
84	&& echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
85	&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
86	- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \
87	+ && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \
88	&& gpg --verify "${STAGE3}.DIGESTS.asc" \
89	&& awk '/# SHA512 HASH/{getline; print}' ${STAGE3}.DIGESTS.asc \| sha512sum -c \
90	&& tar xpf "${STAGE3}" --xattrs --numeric-owner \

Gentoo Archives: gentoo-commits