From: Jérôme Benoit <jerome.benoit@sap.com>
Date: Sat, 19 Nov 2022 08:58:04 +0000 (+0100)
Subject: Ensure gpg home directory does not end up in the image
X-Git-Url: https://git.piment-noir.org/?p=mbt-docker.git;a=commitdiff_plain;h=7dcc5c4a68695b697853343a700c8ece375fcdfa

Ensure gpg home directory does not end up in the image

Signed-off-by: Jérôme Benoit <jerome.benoit@sap.com>
---

diff --git a/.xmake.cfg b/.xmake.cfg
index 53f8aea..867415f 100644
--- a/.xmake.cfg
+++ b/.xmake.cfg
@@ -1,5 +1,5 @@
 [xmake]
-version=1.0.7
+version=1.0.8
 # https://github.wdf.sap.corp/pages/xmake-ci/User-Guide/Setting_up_a_Build/Release_Procedure/Release_Versions/
 
 [buildplugin]
diff --git a/Dockerfile b/Dockerfile
index 1fe67ce..338d638 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,6 +41,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     # libatomic1 for arm
     && apt-get install -y ca-certificates curl gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
     && rm -rf /var/lib/apt/lists/* \
+    && export GNUPGHOME="$(mktemp -d)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       141F07595B7B3FFE74309A937405533BE57C7D57 \
@@ -60,7 +61,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
     && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
-    && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
+    && rm -rf "$GNUPGHOME" "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
     && apt-mark auto '.*' > /dev/null \
     && find /usr/local -type f -executable -exec ldd '{}' ';' \
       | awk '/=>/ { print $(NF-1) }' \
@@ -82,6 +83,7 @@ RUN set -ex \
   && apt-get update \
   && apt-get install -y ca-certificates curl gnupg dirmngr --no-install-recommends \
   && rm -rf /var/lib/apt/lists/* \
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -95,7 +97,7 @@ RUN set -ex \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
-  && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && rm -rf "$GNUPGHOME" yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
   && apt-mark auto '.*' > /dev/null \
   && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \
   && find /usr/local -type f -executable -exec ldd '{}' ';' \
@@ -120,6 +122,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && apt-get update \
   && apt-get install -y ca-certificates gnupg dirmngr --no-install-recommends \
   && rm -rf /var/lib/apt/lists/* \
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     CACB9FE09150307D1D22D82962754C3B3ABCFE23 \
   ; do \
@@ -130,7 +133,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && echo "deb http://dist.sapmachine.io/debian/${ARCH}/ ./" | tee /etc/apt/sources.list.d/sapmachine.list \
   && apt-get update \
   && apt-get install -y sapmachine-$(echo ${SAPMACHINE_VERSION} | cut -d. -f1)-jdk=${SAPMACHINE_VERSION} --no-install-recommends \
-  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf "$GNUPGHOME" /var/lib/apt/lists/* \
   && apt-get remove --purge --autoremove -y ca-certificates gnupg dirmngr \
   # smoke test
   && java --version
@@ -147,6 +150,7 @@ RUN set -ex \
   && rm -rf /var/lib/apt/lists/* \
   && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
   && curl -fsSLO --compressed ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc \
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688 \
   ; do \
@@ -156,7 +160,7 @@ RUN set -ex \
   && gpg --batch --verify apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
   && mkdir -p ${MAVEN_HOME} ${MAVEN_HOME}/ref \
   && tar -xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz -C ${MAVEN_HOME} --strip-components=1 \
-  && rm -f apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+  && rm -rf  "$GNUPGHOME" apache-maven-${MAVEN_VERSION}-bin.tar.gz.asc apache-maven-${MAVEN_VERSION}-bin.tar.gz \
   && chmod -R a+w ${MAVEN_HOME}/conf/* \
   && ln -s ${MAVEN_HOME}/bin/mvn /usr/bin/mvn \
   && apt-get remove --purge --autoremove -y ca-certificates curl gnupg dirmngr \