Merge pull request #721 from LaurentGoderre/remove_keys_from_templates

Insert GPG keys on update
2018-05-09 10:23:09 -04:00 · 2018-05-09 10:23:09 -04:00 · 0d9c13c65e
parent 2ecc9e8579 9e436c3176
commit 0d9c13c65e
8 changed files with 35 additions and 45 deletions
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@ -18,14 +18,7 @@ RUN addgroup -g 1000 node \
        python \
  # gpg keys listed at https://github.com/nodejs/node#release-team
  && for key in \
-    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
-    FD3A5288F042B6850C66B31F09FE44734EB7990E \
-    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
-    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
-    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
-    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
-    56730D5401028683275BD23C23EFEFE93C4CFFFE \
-    77984A986EBC2AA786BC0F66B01FBB92821C587A \
+    "${NODE_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -49,7 +42,7 @@ ENV YARN_VERSION 0.0.0

 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
  && for key in \
-    6A010C5166006599AA17F08146C2130DFD2497F5 \
+    "${YARN_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
--- a/Dockerfile-slim.template
+++ b/Dockerfile-slim.template
@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
 # gpg keys listed at https://github.com/nodejs/node#release-team
 RUN set -ex \
  && for key in \
-    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
-    FD3A5288F042B6850C66B31F09FE44734EB7990E \
-    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
-    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
-    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
-    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
-    56730D5401028683275BD23C23EFEFE93C4CFFFE \
-    77984A986EBC2AA786BC0F66B01FBB92821C587A \
+    "${NODE_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -49,7 +42,7 @@ ENV YARN_VERSION 0.0.0

 RUN set -ex \
  && for key in \
-    6A010C5166006599AA17F08146C2130DFD2497F5 \
+    "${YARN_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
--- a/Dockerfile-stretch.template
+++ b/Dockerfile-stretch.template
@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
 # gpg keys listed at https://github.com/nodejs/node#release-team
 RUN set -ex \
  && for key in \
-    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
-    FD3A5288F042B6850C66B31F09FE44734EB7990E \
-    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
-    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
-    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
-    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
-    56730D5401028683275BD23C23EFEFE93C4CFFFE \
-    77984A986EBC2AA786BC0F66B01FBB92821C587A \
+    "${NODE_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -44,7 +37,7 @@ ENV YARN_VERSION 0.0.0

 RUN set -ex \
  && for key in \
-    6A010C5166006599AA17F08146C2130DFD2497F5 \
+    "${YARN_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
--- a/Dockerfile-wheezy.template
+++ b/Dockerfile-wheezy.template
@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
 # gpg keys listed at https://github.com/nodejs/node#release-team
 RUN set -ex \
  && for key in \
-    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
-    FD3A5288F042B6850C66B31F09FE44734EB7990E \
-    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
-    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
-    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
-    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
-    56730D5401028683275BD23C23EFEFE93C4CFFFE \
-    77984A986EBC2AA786BC0F66B01FBB92821C587A \
+    "${NODE_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -40,7 +33,7 @@ ENV YARN_VERSION 0.0.0

 RUN set -ex \
  && for key in \
-    6A010C5166006599AA17F08146C2130DFD2497F5 \
+    "${YARN_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
--- a/Dockerfile.template
+++ b/Dockerfile.template
@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
 # gpg keys listed at https://github.com/nodejs/node#release-team
 RUN set -ex \
  && for key in \
-    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
-    FD3A5288F042B6850C66B31F09FE44734EB7990E \
-    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
-    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
-    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
-    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
-    56730D5401028683275BD23C23EFEFE93C4CFFFE \
-    77984A986EBC2AA786BC0F66B01FBB92821C587A \
+    "${NODE_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -44,7 +37,7 @@ ENV YARN_VERSION 0.0.0

 RUN set -ex \
  && for key in \
-    6A010C5166006599AA17F08146C2130DFD2497F5 \
+    "${YARN_KEYS[@]}"
  ; do \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
--- a/keys/node.keys
+++ b/keys/node.keys
@ -0,0 +1,8 @@
+94AE36675C464D64BAFA68DD7434390BDBE9B9C5
+FD3A5288F042B6850C66B31F09FE44734EB7990E
+71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
+DD8F2338BAE7501E3DD5AC78C273792F7D83545D
+C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
+B9AE9905FFD7803F25714661B63B535A4C206CA9
+56730D5401028683275BD23C23EFEFE93C4CFFFE
+77984A986EBC2AA786BC0F66B01FBB92821C587A
--- a/keys/yarn.keys
+++ b/keys/yarn.keys
@ -0,0 +1 @@
+6A010C5166006599AA17F08146C2130DFD2497F5
--- a/update.sh
+++ b/update.sh
@ -45,6 +45,22 @@ function update_node_version {
 		sed -E -i.bak 's/^FROM (.*)/FROM '"$fromprefix"'\1/' "$dockerfile" && rm "$dockerfile".bak
 		sed -E -i.bak 's/^(ENV NODE_VERSION |FROM .*node:).*/\1'"$version.${fullVersion:-0}"'/' "$dockerfile" && rm "$dockerfile".bak
 		sed -E -i.bak 's/^(ENV YARN_VERSION ).*/\1'"$yarnVersion"'/' "$dockerfile" && rm "$dockerfile".bak
+
+		# shellcheck disable=SC1004
+		new_line=' \\\
+'
+
+		# Add GPG keys
+		for key_type in "node" "yarn"
+		do
+			while read -r line
+			do
+				pattern="\"\\$\\{$(echo "$key_type" | tr '[:lower:]' '[:upper:]')_KEYS\\[@\\]\\}\""
+				sed -E -i.bak -e "s/([ \\t]*)($pattern)/\\1${line}${new_line}\\1\\2/" "$dockerfile" && rm "$dockerfile".bak
+			done < "keys/$key_type.keys"
+			sed -E -i.bak "/$pattern/d" "$dockerfile" && rm "$dockerfile".bak
+		done
+
 		if [[ "${version/.*/}" -ge 10 ]]; then
 			sed -E -i.bak 's/FROM (.*)alpine:3.4/FROM \1alpine:3.7/' "$dockerfile"
 			rm "$dockerfile.bak"