From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B544B158041 for ; Sun, 3 Mar 2024 04:31:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B6E0AE2A1C; Sun, 3 Mar 2024 04:31:11 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 91F2FE2A1C for ; Sun, 3 Mar 2024 04:31:11 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 691F934301E for ; Sun, 3 Mar 2024 04:31:10 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id CC6AB14A2 for ; Sun, 3 Mar 2024 04:31:08 +0000 (UTC) From: "John Helmert III" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "John Helmert III" Message-ID: <1709439768.ee2fbe2c8354887ff90dd908bc87964bc85f6e9f.ajak@gentoo> Subject: [gentoo-commits] proj/docker-images:master commit in: / X-VCS-Repository: proj/docker-images X-VCS-Files: portage.Dockerfile X-VCS-Directories: / X-VCS-Committer: ajak X-VCS-Committer-Name: John Helmert III X-VCS-Revision: ee2fbe2c8354887ff90dd908bc87964bc85f6e9f X-VCS-Branch: master Date: Sun, 3 Mar 2024 04:31:08 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 3af411e8-fd16-4828-9bfc-3be4dd6467b5 X-Archives-Hash: 3b2d74e543339c1a02ea5517d7760524 commit: ee2fbe2c8354887ff90dd908bc87964bc85f6e9f Author: Rahil Bhimjiani rahil rocks> AuthorDate: Tue Feb 27 16:34:06 2024 +0000 Commit: John Helmert III gentoo org> CommitDate: Sun Mar 3 04:22:48 2024 +0000 URL: https://gitweb.gentoo.org/proj/docker-images.git/commit/?id=ee2fbe2c portage.Dockerfile: use HEREDOC syntax for RUN command HEREDOC syntax is supported in docker https://docs.docker.com/reference/dockerfile/#here-documents Why: 1) better readability 2) ability to add comments 3) can use HEREDOC in RUN command itself (i.e. configuring ~/.gnupg/dirmngr.conf) What else changed: 1) added fallback method to retrieve gpg keys using wkd Signed-off-by: Rahil Bhimjiani rahil.rocks> Closes: https://github.com/gentoo/gentoo-docker-images/pull/139 Signed-off-by: John Helmert III gentoo.org> portage.Dockerfile | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/portage.Dockerfile b/portage.Dockerfile index deb7969..01aa307 100644 --- a/portage.Dockerfile +++ b/portage.Dockerfile @@ -1,3 +1,7 @@ +# syntax=docker/dockerfile:1 + +# FIRST LINE IS VERY IMPORTANT. DO NOT MODIFY + # This Dockerfile creates a portage snapshot that can be mounted as a # container volume. It utilizes a multi-stage build and requires # docker-17.05.0 or later. It fetches a daily snapshot from the official @@ -11,18 +15,29 @@ ARG SNAPSHOT="portage-latest.tar.xz" ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots" ARG SIGNING_KEY="0xEC590EEAC9189250" -RUN apk add --no-cache ca-certificates gnupg tar wget xz \ - && wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \ - && gpg --list-keys \ - && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \ - && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \ - && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \ - && gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \ - && md5sum -c ${SNAPSHOT}.md5sum \ - && mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \ - && tar xJpf ${SNAPSHOT} -C var/db/repos \ - && mv var/db/repos/portage var/db/repos/gentoo \ - && rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum +RUN <<-EOF + set -e + + apk add --no-cache ca-certificates gnupg tar wget xz + wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" + + # setup GPG + gpg --list-keys + # make sure to have in following heredoc + # https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_07_04 + cat <<-GPG >> ~/.gnupg/dirmngr.conf + honor-http-proxy + disable-ipv6 + GPG + gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} || \ + gpg --auto-key-locate=clear,nodefault,wkd --locate-key infrastructure@gentoo.org + gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" + md5sum -c ${SNAPSHOT}.md5sum + mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles + tar xJpf ${SNAPSHOT} -C var/db/repos + mv var/db/repos/portage var/db/repos/gentoo + rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum +EOF FROM busybox:latest