From c52f471b4ee4245e17c41b4c7a7d28d4c6b2a1c0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=B4me=20Benoit?= Date: Tue, 1 Nov 2022 23:32:29 +0100 Subject: [PATCH] Get OpenPGP keys from another source that the binaries distribution point MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Jérôme Benoit --- .xmake.cfg | 2 +- Dockerfile | 23 +++++++++++++++++------ 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.xmake.cfg b/.xmake.cfg index 556ae78..3652721 100644 --- a/.xmake.cfg +++ b/.xmake.cfg @@ -1,5 +1,5 @@ [xmake] -version=1.0.4 +version=1.0.5 # https://github.wdf.sap.corp/pages/xmake-ci/User-Guide/Setting_up_a_Build/Release_Procedure/Release_Versions/ [buildplugin] diff --git a/Dockerfile b/Dockerfile index 0c76423..4b04645 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,7 +57,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ B9E2F5981AA6E0CD28160D9FF13993A75599653C \ ; do \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ @@ -90,7 +90,7 @@ RUN set -ex \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \ + gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ @@ -122,14 +122,20 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ esac \ && set -ex \ && apt-get update \ - && apt-get install -y ca-certificates wget --no-install-recommends \ + && apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && wget -q -O - https://dist.sapmachine.io/debian/sapmachine.key | tee /etc/apt/trusted.gpg.d/sapmachine.gpg.asc \ + && for key in \ + 62754C3B3ABCFE23 \ + ; do \ + gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \ + gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ + && chmod 644 /etc/apt/trusted.gpg.d/sapmachine.gpg \ && echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" | tee /etc/apt/sources.list.d/sapmachine.list \ && apt-get update \ && apt-get install -y sapmachine-$(echo ${SAPMACHINE_VERSION} | cut -d. -f1)-jdk=${SAPMACHINE_VERSION} --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && apt-get remove --purge --autoremove -y ca-certificates wget \ + && apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr \ # smoke test && java --version @@ -145,7 +151,12 @@ RUN set -ex \ && rm -rf /var/lib/apt/lists/* \ && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \ && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \ - && curl -fsSL --compressed https://downloads.apache.org/maven/KEYS | gpg --import \ + && for key in \ + 6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \ + ; do \ + gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" || \ + gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \ + done \ && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \ && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \ && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \ -- 2.34.1