Skip to content

Commit 0d9c13c

Browse files
LaurentGoderreLaurentGoderre
authored
Merge pull request #721 from LaurentGoderre/remove_keys_from_templates
Insert GPG keys on update
2 parents 2ecc9e8 + 9e436c3 commit 0d9c13c

8 files changed

+35
-45
lines changed

Dockerfile-alpine.template

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,7 @@ RUN addgroup -g 1000 node \
1818
python \
1919
# gpg keys listed at https://github.com/nodejs/node#release-team
2020
&& for key in \
21-
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
22-
FD3A5288F042B6850C66B31F09FE44734EB7990E \
23-
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
24-
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
25-
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
26-
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
27-
56730D5401028683275BD23C23EFEFE93C4CFFFE \
28-
77984A986EBC2AA786BC0F66B01FBB92821C587A \
21+
"${NODE_KEYS[@]}"
2922
; do \
3023
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
3124
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@@ -49,7 +42,7 @@ ENV YARN_VERSION 0.0.0
4942

5043
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
5144
&& for key in \
52-
6A010C5166006599AA17F08146C2130DFD2497F5 \
45+
"${YARN_KEYS[@]}"
5346
; do \
5447
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
5548
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

Dockerfile-slim.template

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
66
# gpg keys listed at https://github.com/nodejs/node#release-team
77
RUN set -ex \
88
&& for key in \
9-
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
10-
FD3A5288F042B6850C66B31F09FE44734EB7990E \
11-
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
12-
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
13-
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
14-
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
15-
56730D5401028683275BD23C23EFEFE93C4CFFFE \
16-
77984A986EBC2AA786BC0F66B01FBB92821C587A \
9+
"${NODE_KEYS[@]}"
1710
; do \
1811
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
1912
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@@ -49,7 +42,7 @@ ENV YARN_VERSION 0.0.0
4942

5043
RUN set -ex \
5144
&& for key in \
52-
6A010C5166006599AA17F08146C2130DFD2497F5 \
45+
"${YARN_KEYS[@]}"
5346
; do \
5447
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
5548
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

Dockerfile-stretch.template

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
66
# gpg keys listed at https://github.com/nodejs/node#release-team
77
RUN set -ex \
88
&& for key in \
9-
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
10-
FD3A5288F042B6850C66B31F09FE44734EB7990E \
11-
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
12-
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
13-
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
14-
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
15-
56730D5401028683275BD23C23EFEFE93C4CFFFE \
16-
77984A986EBC2AA786BC0F66B01FBB92821C587A \
9+
"${NODE_KEYS[@]}"
1710
; do \
1811
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
1912
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@@ -44,7 +37,7 @@ ENV YARN_VERSION 0.0.0
4437

4538
RUN set -ex \
4639
&& for key in \
47-
6A010C5166006599AA17F08146C2130DFD2497F5 \
40+
"${YARN_KEYS[@]}"
4841
; do \
4942
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
5043
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

Dockerfile-wheezy.template

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
66
# gpg keys listed at https://github.com/nodejs/node#release-team
77
RUN set -ex \
88
&& for key in \
9-
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
10-
FD3A5288F042B6850C66B31F09FE44734EB7990E \
11-
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
12-
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
13-
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
14-
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
15-
56730D5401028683275BD23C23EFEFE93C4CFFFE \
16-
77984A986EBC2AA786BC0F66B01FBB92821C587A \
9+
"${NODE_KEYS[@]}"
1710
; do \
1811
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
1912
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@@ -40,7 +33,7 @@ ENV YARN_VERSION 0.0.0
4033

4134
RUN set -ex \
4235
&& for key in \
43-
6A010C5166006599AA17F08146C2130DFD2497F5 \
36+
"${YARN_KEYS[@]}"
4437
; do \
4538
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
4639
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

Dockerfile.template

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,7 @@ RUN groupadd --gid 1000 node \
66
# gpg keys listed at https://github.com/nodejs/node#release-team
77
RUN set -ex \
88
&& for key in \
9-
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
10-
FD3A5288F042B6850C66B31F09FE44734EB7990E \
11-
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
12-
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
13-
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
14-
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
15-
56730D5401028683275BD23C23EFEFE93C4CFFFE \
16-
77984A986EBC2AA786BC0F66B01FBB92821C587A \
9+
"${NODE_KEYS[@]}"
1710
; do \
1811
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
1912
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
@@ -44,7 +37,7 @@ ENV YARN_VERSION 0.0.0
4437

4538
RUN set -ex \
4639
&& for key in \
47-
6A010C5166006599AA17F08146C2130DFD2497F5 \
40+
"${YARN_KEYS[@]}"
4841
; do \
4942
gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
5043
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \

keys/node.keys

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
94AE36675C464D64BAFA68DD7434390BDBE9B9C5
2+
FD3A5288F042B6850C66B31F09FE44734EB7990E
3+
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
4+
DD8F2338BAE7501E3DD5AC78C273792F7D83545D
5+
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
6+
B9AE9905FFD7803F25714661B63B535A4C206CA9
7+
56730D5401028683275BD23C23EFEFE93C4CFFFE
8+
77984A986EBC2AA786BC0F66B01FBB92821C587A

keys/yarn.keys

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
6A010C5166006599AA17F08146C2130DFD2497F5

update.sh

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,22 @@ function update_node_version {
4545
sed -E -i.bak 's/^FROM (.*)/FROM '"$fromprefix"'\1/' "$dockerfile" && rm "$dockerfile".bak
4646
sed -E -i.bak 's/^(ENV NODE_VERSION |FROM .*node:).*/\1'"$version.${fullVersion:-0}"'/' "$dockerfile" && rm "$dockerfile".bak
4747
sed -E -i.bak 's/^(ENV YARN_VERSION ).*/\1'"$yarnVersion"'/' "$dockerfile" && rm "$dockerfile".bak
48+
49+
# shellcheck disable=SC1004
50+
new_line=' \\\
51+
'
52+
53+
# Add GPG keys
54+
for key_type in "node" "yarn"
55+
do
56+
while read -r line
57+
do
58+
pattern="\"\\$\\{$(echo "$key_type" | tr '[:lower:]' '[:upper:]')_KEYS\\[@\\]\\}\""
59+
sed -E -i.bak -e "s/([ \\t]*)($pattern)/\\1${line}${new_line}\\1\\2/" "$dockerfile" && rm "$dockerfile".bak
60+
done < "keys/$key_type.keys"
61+
sed -E -i.bak "/$pattern/d" "$dockerfile" && rm "$dockerfile".bak
62+
done
63+
4864
if [[ "${version/.*/}" -ge 10 ]]; then
4965
sed -E -i.bak 's/FROM (.*)alpine:3.4/FROM \1alpine:3.7/' "$dockerfile"
5066
rm "$dockerfile.bak"

0 commit comments

Comments
 (0)