nodejs
/
docker-node
mirror of https://github.com/nodejs/docker-node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #721 from LaurentGoderre/remove_keys_from_templates 

Insert GPG keys on update
This commit is contained in:
Laurent Goderre 2018-05-09 10:23:09 -04:00 committed by GitHub
parent 2ecc9e8579 9e436c3176
commit 0d9c13c65e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 35 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile-alpine.template
View File

@ -18,14 +18,7 @@ RUN addgroup -g 1000 node \
python \ python \
# gpg keys listed at https://github.com/nodejs/node#release-team # gpg keys listed at https://github.com/nodejs/node#release-team
&& for key in \ && for key in \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ "${NODE_KEYS[@]}"
FD3A5288F042B6850C66B31F09FE44734EB7990E \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
56730D5401028683275BD23C23EFEFE93C4CFFFE \
77984A986EBC2AA786BC0F66B01FBB92821C587A \
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -49,7 +42,7 @@ ENV YARN_VERSION 0.0.0
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \ && for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \ "${YARN_KEYS[@]}"
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

11
Dockerfile-slim.template
View File

@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
# gpg keys listed at https://github.com/nodejs/node#release-team # gpg keys listed at https://github.com/nodejs/node#release-team
RUN set -ex \ RUN set -ex \
&& for key in \ && for key in \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ "${NODE_KEYS[@]}"
FD3A5288F042B6850C66B31F09FE44734EB7990E \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
56730D5401028683275BD23C23EFEFE93C4CFFFE \
77984A986EBC2AA786BC0F66B01FBB92821C587A \
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -49,7 +42,7 @@ ENV YARN_VERSION 0.0.0
RUN set -ex \ RUN set -ex \
&& for key in \ && for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \ "${YARN_KEYS[@]}"
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

11
Dockerfile-stretch.template
View File

@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
# gpg keys listed at https://github.com/nodejs/node#release-team # gpg keys listed at https://github.com/nodejs/node#release-team
RUN set -ex \ RUN set -ex \
&& for key in \ && for key in \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ "${NODE_KEYS[@]}"
FD3A5288F042B6850C66B31F09FE44734EB7990E \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
56730D5401028683275BD23C23EFEFE93C4CFFFE \
77984A986EBC2AA786BC0F66B01FBB92821C587A \
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -44,7 +37,7 @@ ENV YARN_VERSION 0.0.0
RUN set -ex \ RUN set -ex \
&& for key in \ && for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \ "${YARN_KEYS[@]}"
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

11
Dockerfile-wheezy.template
View File

@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
# gpg keys listed at https://github.com/nodejs/node#release-team # gpg keys listed at https://github.com/nodejs/node#release-team
RUN set -ex \ RUN set -ex \
&& for key in \ && for key in \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ "${NODE_KEYS[@]}"
FD3A5288F042B6850C66B31F09FE44734EB7990E \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
56730D5401028683275BD23C23EFEFE93C4CFFFE \
77984A986EBC2AA786BC0F66B01FBB92821C587A \
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -40,7 +33,7 @@ ENV YARN_VERSION 0.0.0
RUN set -ex \ RUN set -ex \
&& for key in \ && for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \ "${YARN_KEYS[@]}"
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

11
Dockerfile.template
View File

@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
# gpg keys listed at https://github.com/nodejs/node#release-team # gpg keys listed at https://github.com/nodejs/node#release-team
RUN set -ex \ RUN set -ex \
&& for key in \ && for key in \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ "${NODE_KEYS[@]}"
FD3A5288F042B6850C66B31F09FE44734EB7990E \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
56730D5401028683275BD23C23EFEFE93C4CFFFE \
77984A986EBC2AA786BC0F66B01FBB92821C587A \
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@ -44,7 +37,7 @@ ENV YARN_VERSION 0.0.0
RUN set -ex \ RUN set -ex \
&& for key in \ && for key in \
6A010C5166006599AA17F08146C2130DFD2497F5 \ "${YARN_KEYS[@]}"
; do \ ; do \
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

8
keys/node.keys Normal file
View File

@ -0,0 +1,8 @@
94AE36675C464D64BAFA68DD7434390BDBE9B9C5
FD3A5288F042B6850C66B31F09FE44734EB7990E
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
DD8F2338BAE7501E3DD5AC78C273792F7D83545D
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
B9AE9905FFD7803F25714661B63B535A4C206CA9
56730D5401028683275BD23C23EFEFE93C4CFFFE
77984A986EBC2AA786BC0F66B01FBB92821C587A

1
keys/yarn.keys Normal file
View File

@ -0,0 +1 @@
6A010C5166006599AA17F08146C2130DFD2497F5

16
update.sh
View File

@ -45,6 +45,22 @@ function update_node_version {
sed -E -i.bak 's/^FROM (.*)/FROM '"$fromprefix"'\1/' "$dockerfile" && rm "$dockerfile".bak sed -E -i.bak 's/^FROM (.*)/FROM '"$fromprefix"'\1/' "$dockerfile" && rm "$dockerfile".bak
sed -E -i.bak 's/^(ENV NODE_VERSION |FROM .*node:).*/\1'"$version.${fullVersion:-0}"'/' "$dockerfile" && rm "$dockerfile".bak sed -E -i.bak 's/^(ENV NODE_VERSION |FROM .*node:).*/\1'"$version.${fullVersion:-0}"'/' "$dockerfile" && rm "$dockerfile".bak
sed -E -i.bak 's/^(ENV YARN_VERSION ).*/\1'"$yarnVersion"'/' "$dockerfile" && rm "$dockerfile".bak sed -E -i.bak 's/^(ENV YARN_VERSION ).*/\1'"$yarnVersion"'/' "$dockerfile" && rm "$dockerfile".bak
# shellcheck disable=SC1004
new_line=' \\\
'
# Add GPG keys
for key_type in "node" "yarn"
do
while read -r line
do
pattern="\"\\$\\{$(echo "$key_type" | tr '[:lower:]' '[:upper:]')_KEYS\\[@\\]\\}\""
sed -E -i.bak -e "s/([ \\t]*)($pattern)/\\1${line}${new_line}\\1\\2/" "$dockerfile" && rm "$dockerfile".bak
done < "keys/$key_type.keys"
sed -E -i.bak "/$pattern/d" "$dockerfile" && rm "$dockerfile".bak
done
if [[ "${version/.*/}" -ge 10 ]]; then if [[ "${version/.*/}" -ge 10 ]]; then
sed -E -i.bak 's/FROM (.*)alpine:3.4/FROM \1alpine:3.7/' "$dockerfile" sed -E -i.bak 's/FROM (.*)alpine:3.4/FROM \1alpine:3.7/' "$dockerfile"
rm "$dockerfile.bak" rm "$dockerfile.bak"