commit: 891a45e43d97528e7a36b090f02139123849256f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 3 01:55:35 2026 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jan 3 02:56:52 2026 +0000
URL: https://gitweb.gentoo.org/proj/docker-images.git/commit/?id=891a45e4
stage3.Dockerfile: avoid deprecated `gpg --verify` behaviour
Per gpg(1):
> Note: If the option --batch is not used, gpg may assume that a single
> argument is a file with a detached signature, and it will try to find a
> matching data file by stripping certain suffixes. Using this historical
> feature to verify a detached signature is strongly discouraged; you should
> always specify the data file explicitly.
Do that. We already handle this correctly in portage.Dockerfile.
Signed-off-by: Sam James <sam <AT> gentoo.org>
stage3.Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stage3.Dockerfile b/stage3.Dockerfile
index 21235de..464b62f 100644
--- a/stage3.Dockerfile
+++ b/stage3.Dockerfile
@@ -43,7 +43,7 @@ RUN <<-EOF
echo "STAGE3PATH:" ${STAGE3PATH}
STAGE3="$(basename ${STAGE3PATH})"
wget -q "${DIST}/${STAGE3PATH}" "${DIST}/${STAGE3PATH}.CONTENTS.gz"
"${DIST}/${STAGE3PATH}.asc"
- gpg --verify "${STAGE3}.asc"
+ gpg --verify "${STAGE3}.asc" "${STAGE3}"
tar xpf "${STAGE3}" --xattrs-include='*.*' --numeric-owner
# modify stage3
