Update openssl pgp keys and versions

> The current releases are signed by the OpenSSL key with fingerprint BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF. > > https://openssl-library.org/source/
2024-09-05 15:28:55 -07:00 · 2024-09-05 15:28:55 -07:00 · fd645d8891
parent 8049e56276
commit fd645d8891
9 changed files with 34 additions and 96 deletions
--- a/3.12/alpine/Dockerfile
+++ b/3.12/alpine/Dockerfile
@ -26,11 +26,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com
 # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.12 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.12/ubuntu
 # For context, see https://github.com/docker-library/official-images/issues/4252

-ENV OPENSSL_VERSION 3.1.6
-ENV OPENSSL_SOURCE_SHA256="5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7"
-# https://www.openssl.org/community/otc.html
+ENV OPENSSL_VERSION 3.1.7
+ENV OPENSSL_SOURCE_SHA256="053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c"
 # https://www.openssl.org/source/
-ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5"
+ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF"

 ENV OTP_VERSION 25.3.2.13
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
--- a/3.12/ubuntu/Dockerfile
+++ b/3.12/ubuntu/Dockerfile
@ -29,11 +29,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com
 # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.12 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.12/ubuntu
 # For context, see https://github.com/docker-library/official-images/issues/4252

-ENV OPENSSL_VERSION 3.1.6
-ENV OPENSSL_SOURCE_SHA256="5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7"
-# https://www.openssl.org/community/otc.html
+ENV OPENSSL_VERSION 3.1.7
+ENV OPENSSL_SOURCE_SHA256="053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c"
 # https://www.openssl.org/source/
-ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5"
+ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF"

 ENV OTP_VERSION 25.3.2.13
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
--- a/3.13/alpine/Dockerfile
+++ b/3.13/alpine/Dockerfile
@ -26,11 +26,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com
 # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.13 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.13/ubuntu
 # For context, see https://github.com/docker-library/official-images/issues/4252

-ENV OPENSSL_VERSION 3.1.6
-ENV OPENSSL_SOURCE_SHA256="5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7"
-# https://www.openssl.org/community/otc.html
+ENV OPENSSL_VERSION 3.1.7
+ENV OPENSSL_SOURCE_SHA256="053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c"
 # https://www.openssl.org/source/
-ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5"
+ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF"

 ENV OTP_VERSION 26.2.5.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
--- a/3.13/ubuntu/Dockerfile
+++ b/3.13/ubuntu/Dockerfile
@ -29,11 +29,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com
 # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.13 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.13/ubuntu
 # For context, see https://github.com/docker-library/official-images/issues/4252

-ENV OPENSSL_VERSION 3.1.6
-ENV OPENSSL_SOURCE_SHA256="5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7"
-# https://www.openssl.org/community/otc.html
+ENV OPENSSL_VERSION 3.1.7
+ENV OPENSSL_SOURCE_SHA256="053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c"
 # https://www.openssl.org/source/
-ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5"
+ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF"

 ENV OTP_VERSION 26.2.5.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
--- a/4.0-rc/alpine/Dockerfile
+++ b/4.0-rc/alpine/Dockerfile
@ -26,11 +26,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com
 # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:4.0-rc --build-arg PGP_KEYSERVER=pgpkeys.eu 4.0-rc/ubuntu
 # For context, see https://github.com/docker-library/official-images/issues/4252

-ENV OPENSSL_VERSION 3.3.1
-ENV OPENSSL_SOURCE_SHA256="777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e"
-# https://www.openssl.org/community/otc.html
+ENV OPENSSL_VERSION 3.3.2
+ENV OPENSSL_SOURCE_SHA256="2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281"
 # https://www.openssl.org/source/
-ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5"
+ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF"

 ENV OTP_VERSION 26.2.5.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
--- a/4.0-rc/ubuntu/Dockerfile
+++ b/4.0-rc/ubuntu/Dockerfile
@ -29,11 +29,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com
 # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:4.0-rc --build-arg PGP_KEYSERVER=pgpkeys.eu 4.0-rc/ubuntu
 # For context, see https://github.com/docker-library/official-images/issues/4252

-ENV OPENSSL_VERSION 3.3.1
-ENV OPENSSL_SOURCE_SHA256="777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e"
-# https://www.openssl.org/community/otc.html
+ENV OPENSSL_VERSION 3.3.2
+ENV OPENSSL_SOURCE_SHA256="2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281"
 # https://www.openssl.org/source/
-ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5"
+ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF"

 ENV OTP_VERSION 26.2.5.2
 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@ -22,42 +22,14 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com

 ENV OPENSSL_VERSION {{ .openssl.version }}
 ENV OPENSSL_SOURCE_SHA256="{{ .openssl.sha256 }}"
-# https://www.openssl.org/community/otc.html
 # https://www.openssl.org/source/
 ENV OPENSSL_PGP_KEY_IDS="{{
 [
-	# Dmitry Belyavsky
-
-	# Matt Caswell
-	"8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491",
-
-	# Paul Dale
-	"B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45",
-
-	# Tim Hudson
-	"C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD",
-
-	# Hugo Landau
-	"95A9 908D DFA1 6830 BE9F B900 3D30 A3A9 FF13 60DC",
-
-	# Richard Levitte
-	"7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C",
-
-	# Shane Lontis
-
-	# Tomas Mraz
-	"A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C",
-
-	# Kurt Roeckx
-	"E5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D",
-
-	# Matthias St. Pierre
-
-	# Nicola Tuveri
-
-	# OpenSSL OMC key
-	# https://github.com/openssl/web/pull/415
-	"EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5",
+	# "OpenSSL <openssl@openssl.org>"
+	# https://openssl-library.org/source/index.html
+	# "The current releases are signed by the OpenSSL key with fingerprint:"
+	# https://keys.openpgp.org/search?q=openssl%40openssl.org
+	"BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF",

 	# hack for trailing comma above
 	empty
--- a/Dockerfile-ubuntu.template
+++ b/Dockerfile-ubuntu.template
@ -25,42 +25,14 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com

 ENV OPENSSL_VERSION {{ .openssl.version }}
 ENV OPENSSL_SOURCE_SHA256="{{ .openssl.sha256 }}"
-# https://www.openssl.org/community/otc.html
 # https://www.openssl.org/source/
 ENV OPENSSL_PGP_KEY_IDS="{{
 [
-	# Dmitry Belyavsky
-
-	# Matt Caswell
-	"8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491",
-
-	# Paul Dale
-	"B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45",
-
-	# Tim Hudson
-	"C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD",
-
-	# Hugo Landau
-	"95A9 908D DFA1 6830 BE9F B900 3D30 A3A9 FF13 60DC",
-
-	# Richard Levitte
-	"7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C",
-
-	# Shane Lontis
-
-	# Tomas Mraz
-	"A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C",
-
-	# Kurt Roeckx
-	"E5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D",
-
-	# Matthias St. Pierre
-
-	# Nicola Tuveri
-
-	# OpenSSL OMC key
-	# https://github.com/openssl/web/pull/415
-	"EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5",
+	# "OpenSSL <openssl@openssl.org>"
+	# https://openssl-library.org/source/index.html
+	# "The current releases are signed by the OpenSSL key with fingerprint:"
+	# https://keys.openpgp.org/search?q=openssl%40openssl.org
+	"BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF",

 	# hack for trailing comma above
 	empty
--- a/versions.json
+++ b/versions.json
@ -4,8 +4,8 @@
      "version": "3.20"
    },
    "openssl": {
-      "sha256": "5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7",
-      "version": "3.1.6"
+      "sha256": "053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c",
+      "version": "3.1.7"
    },
    "otp": {
      "sha256": "00c2619648e05a25b39035ea51b65fc79c998e55f178cccc6c1b920f3f10dfba",
@ -22,8 +22,8 @@
      "version": "3.20"
    },
    "openssl": {
-      "sha256": "5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7",
-      "version": "3.1.6"
+      "sha256": "053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c",
+      "version": "3.1.7"
    },
    "otp": {
      "sha256": "e49708cf1f602863e394869af48df4abcb39e3633b96cb4babde3ee7aa724872",
@ -40,8 +40,8 @@
      "version": "3.20"
    },
    "openssl": {
-      "sha256": "777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e",
-      "version": "3.3.1"
+      "sha256": "2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281",
+      "version": "3.3.2"
    },
    "otp": {
      "sha256": "e49708cf1f602863e394869af48df4abcb39e3633b96cb4babde3ee7aa724872",