repositories / mbt-docker.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[Security] authenticate maven binary
[mbt-docker.git] / Dockerfile
diff --git a/Dockerfile b/Dockerfile
index fd929773639f9342c5418917ab6dc3d1ee7f6cf3..6a4fb36fe99413d4e9980c6d85331d613bdde05c 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,6 +8,8 @@ RUN set -ex \
   && apt-get update \
   && apt-get install -y openssl --no-install-recommends \
   && rm -rf /var/lib/apt/lists/* \
+   # smoke test
+  && openssl version \
   && useradd --home-dir ${USER_HOME_DIR} \
             --create-home \
             --shell /bin/bash \
@@ -132,28 +134,29 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && java --version
 
 ARG MAVEN_VERSION=3.8.6
-ARG SHA=f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26
-ARG BASE_URL=https://apache.osuosl.org/maven/maven-3/${MAVEN_VERSION}/binaries
+ARG BASE_URL=https://downloads.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
 
 ENV MAVEN_HOME /usr/share/maven
 ENV M2_HOME ${MAVEN_HOME}
 
 RUN set -ex \
   && apt-get update \
-  && apt-get install -y ca-certificates curl procps --no-install-recommends \
+  && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
   && rm -rf /var/lib/apt/lists/* \
+  && curl -fsSL --compressed https://downloads.apache.org/maven/KEYS | gpg --import \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
   && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
-  && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
-  && echo "${SHA}  /tmp/apache-maven.tar.gz" | sha512sum -c - \
-  && tar -xzf /tmp/apache-maven.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
-  && rm -f /tmp/apache-maven.tar.gz \
+  && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
+  && rm -f apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && chmod --recursive a+w ${MAVEN_HOME}/conf/* \
   && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
-  && chmod --recursive a+w "${MAVEN_HOME}"/conf/* \
-  && apt-get remove --purge --autoremove -y ca-certificates curl \
+  && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \
   # smoke test
   && mvn --version
 
-ARG MBT_VERSION=1.2.18
+ARG MBT_VERSION=1.2.19
 
 RUN set -ex \
   && npm install -g --unsafe-perm mbt@${MBT_VERSION} \
Custom MBT docker images