commit: ce4d6826e5aa7612221d1049b1f88853f8557a90 Author: Alexys Jacob <ultrabug <AT> gentoo <DOT> org> AuthorDate: Thu Nov 14 22:57:38 2019 +0000 Commit: Alexys Jacob <ultrabug <AT> gentoo <DOT> org> CommitDate: Thu Nov 14 23:00:37 2019 +0000 URL: https://gitweb.gentoo.org/proj/docker-images.git/commit/?id=ce4d6826
Use official Gentoo keyservers (keys.gentoo.org) by @mgorny See https://github.com/gentoo/gentoo-docker-images/pull/64 Signed-off-by: Alexys Jacob <ultrabug <AT> gentoo.org> portage.Dockerfile | 13 +++++-------- stage3.Dockerfile | 13 +++++-------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/portage.Dockerfile b/portage.Dockerfile index 5da2631..5fda6fd 100644 --- a/portage.Dockerfile +++ b/portage.Dockerfile @@ -1,11 +1,8 @@ -# This Dockerfile creates a portage snapshot that can be mounted as a -# container volume. It utilizes a multi-stage build and requires -# docker-17.05.0 or later. It fetches a daily snapshot from the official +# This Dockerfile creates a portage snapshot that can be mounted as a +# container volume. It utilizes a multi-stage build and requires +# docker-17.05.0 or later. It fetches a daily snapshot from the official # sources and verifies its checksum as well as its gpg signature. -# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools -# to fetch the signing key. - FROM alpine:3.7 as builder WORKDIR /portage @@ -14,13 +11,13 @@ ARG SNAPSHOT="portage-latest.tar.xz" ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots"; ARG SIGNING_KEY="0xEC590EEAC9189250" -RUN apk add --no-cache gnupg tar wget xz \ +RUN apk add --no-cache ca-certificates gnupg tar wget xz \ && wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \ && gpg --list-keys \ && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \ && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \ && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \ + && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \ && gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \ && md5sum -c ${SNAPSHOT}.md5sum \ && mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \ diff --git a/stage3.Dockerfile b/stage3.Dockerfile index 0a950d2..ad59ea7 100644 --- a/stage3.Dockerfile +++ b/stage3.Dockerfile @@ -1,11 +1,8 @@ -# This Dockerfile creates a gentoo stage3 container image. By default it -# creates a stage3-amd64 image. It utilizes a multi-stage build and requires -# docker-17.05.0 or later. It fetches a daily snapshot from the official +# This Dockerfile creates a gentoo stage3 container image. By default it +# creates a stage3-amd64 image. It utilizes a multi-stage build and requires +# docker-17.05.0 or later. It fetches a daily snapshot from the official # sources and verifies its checksum as well as its gpg signature. -# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools -# to fetch the signing key. - ARG BOOTSTRAP FROM ${BOOTSTRAP:-alpine:3.7} as builder @@ -18,7 +15,7 @@ ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/releases/${ARCH}/autobuilds"; ARG SIGNING_KEY="0xBB572E0E2D182910" RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \ - && apk --no-cache add gnupg tar wget xz \ + && apk --no-cache add ca-certificates gnupg tar wget xz \ && STAGE3PATH="$(wget -O- "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt" | tail -n 1 | cut -f 1 -d ' ')" \ && echo "STAGE3PATH:" $STAGE3PATH \ && STAGE3="$(basename ${STAGE3PATH})" \ @@ -27,7 +24,7 @@ RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${ && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \ && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \ && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \ + && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \ && gpg --verify "${STAGE3}.DIGESTS.asc" \ && awk '/# SHA512 HASH/{getline; print}' ${STAGE3}.DIGESTS.asc | sha512sum -c \ && tar xpf "${STAGE3}" --xattrs --numeric-owner \
