diff options
author | Rahil Bhimjiani <me@rahil.rocks> | 2024-02-27 22:04:06 +0530 |
---|---|---|
committer | John Helmert III <ajak@gentoo.org> | 2024-03-02 20:22:48 -0800 |
commit | ee2fbe2c8354887ff90dd908bc87964bc85f6e9f (patch) | |
tree | bef0e61abd5fcde0e77a910f97f156e1a1c84c96 | |
parent | python.Dockerfile: use HEREDOC syntax for RUN command (diff) | |
download | docker-images-ee2fbe2c8354887ff90dd908bc87964bc85f6e9f.tar.gz docker-images-ee2fbe2c8354887ff90dd908bc87964bc85f6e9f.tar.bz2 docker-images-ee2fbe2c8354887ff90dd908bc87964bc85f6e9f.zip |
portage.Dockerfile: use HEREDOC syntax for RUN command
HEREDOC syntax is supported in docker
https://docs.docker.com/reference/dockerfile/#here-documents
Why:
1) better readability
2) ability to add comments
3) can use HEREDOC in RUN command itself (i.e. configuring
~/.gnupg/dirmngr.conf)
What else changed:
1) added fallback method to retrieve gpg keys using wkd
Signed-off-by: Rahil Bhimjiani <me@rahil.rocks>
Closes: https://github.com/gentoo/gentoo-docker-images/pull/139
Signed-off-by: John Helmert III <ajak@gentoo.org>
-rw-r--r-- | portage.Dockerfile | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/portage.Dockerfile b/portage.Dockerfile index deb7969..01aa307 100644 --- a/portage.Dockerfile +++ b/portage.Dockerfile @@ -1,3 +1,7 @@ +# syntax=docker/dockerfile:1 + +# FIRST LINE IS VERY IMPORTANT. DO NOT MODIFY + # This Dockerfile creates a portage snapshot that can be mounted as a # container volume. It utilizes a multi-stage build and requires # docker-17.05.0 or later. It fetches a daily snapshot from the official @@ -11,18 +15,29 @@ ARG SNAPSHOT="portage-latest.tar.xz" ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots" ARG SIGNING_KEY="0xEC590EEAC9189250" -RUN apk add --no-cache ca-certificates gnupg tar wget xz \ - && wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \ - && gpg --list-keys \ - && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \ - && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \ - && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \ - && gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \ - && md5sum -c ${SNAPSHOT}.md5sum \ - && mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \ - && tar xJpf ${SNAPSHOT} -C var/db/repos \ - && mv var/db/repos/portage var/db/repos/gentoo \ - && rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum +RUN <<-EOF + set -e + + apk add --no-cache ca-certificates gnupg tar wget xz + wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" + + # setup GPG + gpg --list-keys + # make sure to have <tab> in following heredoc + # https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_07_04 + cat <<-GPG >> ~/.gnupg/dirmngr.conf + honor-http-proxy + disable-ipv6 + GPG + gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} || \ + gpg --auto-key-locate=clear,nodefault,wkd --locate-key infrastructure@gentoo.org + gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" + md5sum -c ${SNAPSHOT}.md5sum + mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles + tar xJpf ${SNAPSHOT} -C var/db/repos + mv var/db/repos/portage var/db/repos/gentoo + rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum +EOF FROM busybox:latest |