From f9ae852a4ae3e118e0c3332251f190acf0933326 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=B4me=20Benoit?= Date: Thu, 7 May 2026 00:44:33 +0200 Subject: [PATCH] chore(sandcastle): install uv, harden APT repo setup - Add uv via griffo.io APT (provides uvx for MCP servers in sandbox) - Eliminate pipe patterns to prevent silent download failures - Migrate GitHub CLI key to /etc/apt/keyrings/ - Remove gpg from base deps (no longer needed) --- .sandcastle/Dockerfile | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/.sandcastle/Dockerfile b/.sandcastle/Dockerfile index 005278a4..ca7ed188 100644 --- a/.sandcastle/Dockerfile +++ b/.sandcastle/Dockerfile @@ -5,24 +5,26 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ curl \ jq \ ca-certificates \ - gpg \ && rm -rf /var/lib/apt/lists/* -# uv (griffo.io APT) — needed for uvx MCP servers -RUN mkdir -p /etc/apt/keyrings \ +# uv +RUN install -m 0755 -d /etc/apt/keyrings \ && curl -fsSL https://debian.griffo.io/EA0F721D231FDD3A0A17B9AC7808B4DD62C41256.asc \ - | gpg --dearmor -o /etc/apt/keyrings/debian.griffo.io.gpg \ - && echo "deb [signed-by=/etc/apt/keyrings/debian.griffo.io.gpg] https://debian.griffo.io/apt trixie main" \ + -o /etc/apt/keyrings/debian.griffo.io.asc \ + && chmod a+r /etc/apt/keyrings/debian.griffo.io.asc \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/debian.griffo.io.asc] https://debian.griffo.io/apt trixie main" \ > /etc/apt/sources.list.d/debian.griffo.io.list \ && apt-get update && apt-get install -y --no-install-recommends uv \ && rm -rf /var/lib/apt/lists/* -# Install GitHub CLI -RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \ - | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \ - | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ - && apt-get update && apt-get install -y gh \ +# GitHub CLI +RUN install -m 0755 -d /etc/apt/keyrings \ + && curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \ + -o /etc/apt/keyrings/githubcli-archive-keyring.gpg \ + && chmod a+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \ + > /etc/apt/sources.list.d/github-cli.list \ + && apt-get update && apt-get install -y --no-install-recommends gh \ && rm -rf /var/lib/apt/lists/* # Install coding agents globally -- 2.53.0