diff --git a/10/bullseye/Dockerfile b/10/bullseye/Dockerfile index 2bcbf17b43..31a1f64b35 100644 --- a/10/bullseye/Dockerfile +++ b/10/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index c98a18a65a..8c37347119 100644 --- a/10/stretch/Dockerfile +++ b/10/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 10 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/11/bullseye/Dockerfile b/11/bullseye/Dockerfile index 5707767dd2..e95ac1441a 100644 --- a/11/bullseye/Dockerfile +++ b/11/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile index 4389784a8f..08d8da4d63 100644 --- a/11/stretch/Dockerfile +++ b/11/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 11 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports) echo 'deb http://deb.debian.org/debian stretch-backports main' >> /etc/apt/sources.list.d/pgdg.list; \ diff --git a/12/bullseye/Dockerfile b/12/bullseye/Dockerfile index 461856cccf..711720c3c4 100644 --- a/12/bullseye/Dockerfile +++ b/12/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 12 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/13/bullseye/Dockerfile b/13/bullseye/Dockerfile index b52c7333ca..c770986e03 100644 --- a/13/bullseye/Dockerfile +++ b/13/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 13 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/14/bullseye/Dockerfile b/14/bullseye/Dockerfile index 23992f0a79..f529965aeb 100644 --- a/14/bullseye/Dockerfile +++ b/14/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 14 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index 0936f9e2a4..975bbda872 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | arm64 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/9.6/stretch/Dockerfile b/9.6/stretch/Dockerfile index 3fcdbde22d..ece1e70555 100644 --- a/9.6/stretch/Dockerfile +++ b/9.6/stretch/Dockerfile @@ -81,11 +81,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR 9.6 ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -98,16 +98,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ amd64 | i386 | ppc64el) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ tempDir="$(mktemp -d)"; \ cd "$tempDir"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 45c2fceb7b..e504a6762a 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -75,11 +75,11 @@ RUN set -ex; \ # uid PostgreSQL Debian Repository key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ + mkdir -p /usr/local/share/keyrings/; \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \ + gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - apt-key list + rm -rf "$GNUPGHOME" ENV PG_MAJOR {{ env.version }} ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin @@ -92,16 +92,17 @@ RUN set -ex; \ export PYTHONDONTWRITEBYTECODE=1; \ \ dpkgArch="$(dpkg --print-architecture)"; \ + aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR"; \ case "$dpkgArch" in \ {{ .[env.variant].arches | join(" | ") }}) \ # arches officialy built by upstream - echo "deb http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ apt-get update; \ ;; \ *) \ # we're on an architecture upstream doesn't officially build for # let's build binaries from their published source packages - echo "deb-src http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \ + echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \ \ {{ if env.variant == "stretch" and .major >= 11 then ( -}} # https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports)