aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRahil Bhimjiani <me@rahil.rocks>2024-02-27 22:04:06 +0530
committerJohn Helmert III <ajak@gentoo.org>2024-03-02 20:22:48 -0800
commitee2fbe2c8354887ff90dd908bc87964bc85f6e9f (patch)
treebef0e61abd5fcde0e77a910f97f156e1a1c84c96
parentpython.Dockerfile: use HEREDOC syntax for RUN command (diff)
downloaddocker-images-ee2fbe2c8354887ff90dd908bc87964bc85f6e9f.tar.gz
docker-images-ee2fbe2c8354887ff90dd908bc87964bc85f6e9f.tar.bz2
docker-images-ee2fbe2c8354887ff90dd908bc87964bc85f6e9f.zip
portage.Dockerfile: use HEREDOC syntax for RUN command
HEREDOC syntax is supported in docker https://docs.docker.com/reference/dockerfile/#here-documents Why: 1) better readability 2) ability to add comments 3) can use HEREDOC in RUN command itself (i.e. configuring ~/.gnupg/dirmngr.conf) What else changed: 1) added fallback method to retrieve gpg keys using wkd Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Closes: https://github.com/gentoo/gentoo-docker-images/pull/139 Signed-off-by: John Helmert III <ajak@gentoo.org>
-rw-r--r--portage.Dockerfile39
1 files changed, 27 insertions, 12 deletions
diff --git a/portage.Dockerfile b/portage.Dockerfile
index deb7969..01aa307 100644
--- a/portage.Dockerfile
+++ b/portage.Dockerfile
@@ -1,3 +1,7 @@
+# syntax=docker/dockerfile:1
+
+# FIRST LINE IS VERY IMPORTANT. DO NOT MODIFY
+
# This Dockerfile creates a portage snapshot that can be mounted as a
# container volume. It utilizes a multi-stage build and requires
# docker-17.05.0 or later. It fetches a daily snapshot from the official
@@ -11,18 +15,29 @@ ARG SNAPSHOT="portage-latest.tar.xz"
ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots"
ARG SIGNING_KEY="0xEC590EEAC9189250"
-RUN apk add --no-cache ca-certificates gnupg tar wget xz \
- && wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \
- && gpg --list-keys \
- && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
- && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
- && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \
- && gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \
- && md5sum -c ${SNAPSHOT}.md5sum \
- && mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \
- && tar xJpf ${SNAPSHOT} -C var/db/repos \
- && mv var/db/repos/portage var/db/repos/gentoo \
- && rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum
+RUN <<-EOF
+ set -e
+
+ apk add --no-cache ca-certificates gnupg tar wget xz
+ wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum"
+
+ # setup GPG
+ gpg --list-keys
+ # make sure to have <tab> in following heredoc
+ # https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_07_04
+ cat <<-GPG >> ~/.gnupg/dirmngr.conf
+ honor-http-proxy
+ disable-ipv6
+ GPG
+ gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} || \
+ gpg --auto-key-locate=clear,nodefault,wkd --locate-key infrastructure@gentoo.org
+ gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}"
+ md5sum -c ${SNAPSHOT}.md5sum
+ mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles
+ tar xJpf ${SNAPSHOT} -C var/db/repos
+ mv var/db/repos/portage var/db/repos/gentoo
+ rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum
+EOF
FROM busybox:latest