Get OpenPGP keys from another source that the binaries distribution

point

Signed-off-by: Jérôme Benoit <jerome.benoit@sap.com>

diff --git a/.xmake.cfg b/.xmake.cfg
index 556ae7808a9bb5455649ae739aca679b9044a6ad..36527216c90b7903e718a21ef06d605a82bcd0d6 100644 (file)
--- a/.xmake.cfg
+++ b/.xmake.cfg
@@ -1,5 +1,5 @@
 [xmake]
-version=1.0.4
+version=1.0.5
 # https://github.wdf.sap.corp/pages/xmake-ci/User-Guide/Setting_up_a_Build/Release_Procedure/Release_Versions/
 
 [buildplugin]

diff --git a/Dockerfile b/Dockerfile
index 0c76423b4f26522257a58b85d3c0de8b7f2b7e65..4b046454d5adf6d6cedfe9947316bcdad5b9d392 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -57,7 +57,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
       B9E2F5981AA6E0CD28160D9FF13993A75599653C \
     ; do \
       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
-      gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
+      gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
     done \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
@@ -90,7 +90,7 @@ RUN set -ex \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
     gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
-    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
+    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
   done \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
@@ -122,14 +122,20 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     esac \
   && set -ex \
   && apt-get update \
-  && apt-get install -y ca-certificates wget --no-install-recommends \
+  && apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends \
   && rm -rf /var/lib/apt/lists/* \
-  && wget -q -O - https://dist.sapmachine.io/debian/sapmachine.key | tee /etc/apt/trusted.gpg.d/sapmachine.gpg.asc \
+  && for key in \
+    62754C3B3ABCFE23 \
+  ; do \
+    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
+    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/sapmachine.gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
+  done \
+  && chmod 644 /etc/apt/trusted.gpg.d/sapmachine.gpg \
   && echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" | tee /etc/apt/sources.list.d/sapmachine.list \
   && apt-get update \
   && apt-get install -y sapmachine-$(echo ${SAPMACHINE_VERSION} | cut -d. -f1)-jdk=${SAPMACHINE_VERSION} --no-install-recommends \
   && rm -rf /var/lib/apt/lists/* \
-  && apt-get remove --purge --autoremove -y ca-certificates wget \
+  && apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr \
   # smoke test
   && java --version
 
@@ -145,7 +151,12 @@ RUN set -ex \
   && rm -rf /var/lib/apt/lists/* \
   && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
   && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
-  && curl -fsSL --compressed https://downloads.apache.org/maven/KEYS | gpg --import \
+  && for key in \
+    6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
+  ; do \
+    gpg --batch --keyserver hkps://pgp.surf.nl --recv-keys "$key" || \
+    gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys "$key" ; \
+  done \
   && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
   && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
   && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \