From 9e436c3176a26d7758daaa565486bc45f1608882 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 7 May 2018 22:39:08 -0400 Subject: [PATCH] Insert GPG keys on update --- Dockerfile-alpine.template | 11 ++--------- Dockerfile-slim.template | 11 ++--------- Dockerfile-stretch.template | 11 ++--------- Dockerfile-wheezy.template | 11 ++--------- Dockerfile.template | 11 ++--------- keys/node.keys | 8 ++++++++ keys/yarn.keys | 1 + update.sh | 16 ++++++++++++++++ 8 files changed, 35 insertions(+), 45 deletions(-) create mode 100644 keys/node.keys create mode 100644 keys/yarn.keys diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 98d92c7b..a96ebf9c 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -18,14 +18,7 @@ RUN addgroup -g 1000 node \ python \ # gpg keys listed at https://github.com/nodejs/node#release-team && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 56730D5401028683275BD23C23EFEFE93C4CFFFE \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + "${NODE_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ @@ -49,7 +42,7 @@ ENV YARN_VERSION 0.0.0 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ + "${YARN_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template index 437c541f..c65f2246 100644 --- a/Dockerfile-slim.template +++ b/Dockerfile-slim.template @@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \ # gpg keys listed at https://github.com/nodejs/node#release-team RUN set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 56730D5401028683275BD23C23EFEFE93C4CFFFE \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + "${NODE_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ @@ -49,7 +42,7 @@ ENV YARN_VERSION 0.0.0 RUN set -ex \ && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ + "${YARN_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ diff --git a/Dockerfile-stretch.template b/Dockerfile-stretch.template index 398e34a2..54034a44 100644 --- a/Dockerfile-stretch.template +++ b/Dockerfile-stretch.template @@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \ # gpg keys listed at https://github.com/nodejs/node#release-team RUN set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 56730D5401028683275BD23C23EFEFE93C4CFFFE \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + "${NODE_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ @@ -44,7 +37,7 @@ ENV YARN_VERSION 0.0.0 RUN set -ex \ && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ + "${YARN_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ diff --git a/Dockerfile-wheezy.template b/Dockerfile-wheezy.template index f7b48742..6ff8fe06 100644 --- a/Dockerfile-wheezy.template +++ b/Dockerfile-wheezy.template @@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \ # gpg keys listed at https://github.com/nodejs/node#release-team RUN set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 56730D5401028683275BD23C23EFEFE93C4CFFFE \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + "${NODE_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ @@ -40,7 +33,7 @@ ENV YARN_VERSION 0.0.0 RUN set -ex \ && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ + "${YARN_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ diff --git a/Dockerfile.template b/Dockerfile.template index e498f07d..689b80a5 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \ # gpg keys listed at https://github.com/nodejs/node#release-team RUN set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 56730D5401028683275BD23C23EFEFE93C4CFFFE \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + "${NODE_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ @@ -44,7 +37,7 @@ ENV YARN_VERSION 0.0.0 RUN set -ex \ && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ + "${YARN_KEYS[@]}" ; do \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ diff --git a/keys/node.keys b/keys/node.keys new file mode 100644 index 00000000..cf989eca --- /dev/null +++ b/keys/node.keys @@ -0,0 +1,8 @@ +94AE36675C464D64BAFA68DD7434390BDBE9B9C5 +FD3A5288F042B6850C66B31F09FE44734EB7990E +71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 +DD8F2338BAE7501E3DD5AC78C273792F7D83545D +C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 +B9AE9905FFD7803F25714661B63B535A4C206CA9 +56730D5401028683275BD23C23EFEFE93C4CFFFE +77984A986EBC2AA786BC0F66B01FBB92821C587A diff --git a/keys/yarn.keys b/keys/yarn.keys new file mode 100644 index 00000000..6b0feed1 --- /dev/null +++ b/keys/yarn.keys @@ -0,0 +1 @@ +6A010C5166006599AA17F08146C2130DFD2497F5 diff --git a/update.sh b/update.sh index 53d5d3da..8252cae9 100755 --- a/update.sh +++ b/update.sh @@ -45,6 +45,22 @@ function update_node_version { sed -E -i.bak 's/^FROM (.*)/FROM '"$fromprefix"'\1/' "$dockerfile" && rm "$dockerfile".bak sed -E -i.bak 's/^(ENV NODE_VERSION |FROM .*node:).*/\1'"$version.${fullVersion:-0}"'/' "$dockerfile" && rm "$dockerfile".bak sed -E -i.bak 's/^(ENV YARN_VERSION ).*/\1'"$yarnVersion"'/' "$dockerfile" && rm "$dockerfile".bak + + # shellcheck disable=SC1004 + new_line=' \\\ +' + + # Add GPG keys + for key_type in "node" "yarn" + do + while read -r line + do + pattern="\"\\$\\{$(echo "$key_type" | tr '[:lower:]' '[:upper:]')_KEYS\\[@\\]\\}\"" + sed -E -i.bak -e "s/([ \\t]*)($pattern)/\\1${line}${new_line}\\1\\2/" "$dockerfile" && rm "$dockerfile".bak + done < "keys/$key_type.keys" + sed -E -i.bak "/$pattern/d" "$dockerfile" && rm "$dockerfile".bak + done + if [[ "${version/.*/}" -ge 10 ]]; then sed -E -i.bak 's/FROM (.*)alpine:3.4/FROM \1alpine:3.7/' "$dockerfile" rm "$dockerfile.bak"