From 79d858e5f341997321c68e2b479d7cdc14c43c72 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 15 Jul 2023 09:50:45 +0200 Subject: [PATCH] include release key, increasing robustness of image build process --- .dockerignore | 2 +- Dockerfile | 6 ++++-- release.asc | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 release.asc diff --git a/.dockerignore b/.dockerignore index 8140350..0151ec8 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,5 +1,5 @@ # Docs -README.md +README*.md # Git .git/ diff --git a/Dockerfile b/Dockerfile index 6343bf7..9a219d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,8 @@ LABEL org.opencontainers.image.authors=support@privatebin.org \ org.opencontainers.image.licenses=zlib-acknowledgement \ org.opencontainers.image.version=${RELEASE} +COPY release.asc /tmp/ + RUN \ # Prepare composer dependencies ALPINE_PACKAGES="$(echo ${ALPINE_PACKAGES} | sed 's/,/ /g')" ;\ @@ -45,11 +47,11 @@ RUN \ # Ensure nginx logs, even if the config has errors, are written to stderr && ln -s /dev/stderr /var/log/nginx/error.log \ # Install PrivateBin + && cd /tmp \ && export GNUPGHOME="$(mktemp -d -p /tmp)" \ && gpg2 --list-public-keys || /bin/true \ - && wget -qO - https://privatebin.info/key/release.asc | gpg2 --import - \ + && gpg2 --import /tmp/release.asc \ && rm -rf /var/www/* \ - && cd /tmp \ && if expr "${RELEASE}" : '[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}$' >/dev/null ; then \ echo "getting release ${RELEASE}"; \ wget -qO ${RELEASE}.tar.gz.asc ${PBURL}releases/download/${RELEASE}/PrivateBin-${RELEASE}.tar.gz.asc \ diff --git a/release.asc b/release.asc new file mode 100644 index 0000000..3efdd3a --- /dev/null +++ b/release.asc @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBFtqB6oBEADM2ydU1BWvAVGbAj6Q8eLEbiXcHAAGdYu6DgQVQo0tsUejbBOj +4YCAjwl8vShGMUlJoXGvR+WOrkB9OHWpl9uI+hS0R6RX7PxF4GpNtO7cnQcAUHc9 +WauAgAfu+3n8t9FRDIzT2lPuSjLFEvmVixfNa41nMG5Zuzf45mJlvTe3CwY85eBW +uWzTKDhCcv+ETdsQGsSCVRqyPztNL9eE6JaNGpxhmGqe9M09DxC73wR/va8zGjrD +uIsxhKRPb7XQaH0nI+s8r+EsWezZD2UNL7Zp3ID6KSVVcYbqXLY/cz4eEVg4hnIJ +WP8OIMPftqXJRt71F13GrtzKE8YXhEo7IE2WcbLCICzD1ZAj1sJizEaXKdSKuAK8 +AL9d9K2PhnzaprKKjLd9TYdeqL9bsRW/il6OrCWvSzevbkX1Z/xU3eeQF4OUrqKe +JddwDqULm7UkL5niFXEFtMXSVLV9ppVU4s2jX7pz+JGyce1S9Nbf+kGT7Ks69XS7 ++ves1uynu8UtBQjv0Xc+NFuzYmthfvB7zvpMTk6nNtN3PpxX8NvcJffR5zNkr15a +2I2+IELhYzGmp1xZeW1kykARX4M4ZD9GW/tAA+5zDoWGdmQv3Zw1ifLieyfhMmKh +5wrQQ6wlM5MCoj1YY4WvnyD68ac/3WTCPKmDtNcXhj3E3tfhDvFKKPXTZQARAQAB +tDVQcml2YXRlQmluIHJlbGVhc2UgKHNvbGVseSB1c2VkIGZvciBzaWduaW5nIHJl +bGVhc2VzKYkCOAQTAQIAIgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAltq +ev0ACgkQ4Rt5UOnhg9u9RQ/+O1R+dMqCTr8iaW7lkdiEEXohy5efUjlqexL+4WRF +/97X4WCEOYNPsUkcOerTCQ8SZlMBLRTQmrTVaKn3Yd0fonMFeDGNyGbuCvWZr96r +6hPbEkXCbD9rBAvhbcAYTCsQyYNtq9DY26PJHd5nOBVoDb4sWkjn5i+/ECKGAjDq +yuvNbB+kjiyBeg8ph6o60m78RL/4wWoGGwBuijaNu1m4WFqneRNz0V+GfNjsPwoh ++XSNBj1C3+Ys9qn3EakLfmmKFkNOBIGyiaWam9c+Anj8w0eC5GlFslTVlx7OpEse +zTP9dCsFoDfpxQT6Fnx128uBGrry5s40fy2hjc3t+RAWWfgkRNupCD7eXeD71EtL +cCvkNPrcCBYAf/0YgbZGmh5HzHnBjPxNYuG/sjIDBPiXWqp0a4legbkWj7WADGv2 +AhspjkUzjnq7yEEu93LnXDvC9nxkUwU5uLWiWkzC4T1+fid5w5+gwNGt7BuG1nzo +ok8SjdHUa3h1N6U9/BLExgM8ptmqxkdT6sAhfPmRKTh483aF4NQChNFBBEUUWR8z +HhAC4GUjhMODtqx1o9+HjPBHtt4tiiPwzcR6zef4nKyi0Y3jrfoGnjWQ1z5JrGqT +mySsBdQ1rmA3N7T3LlDDAr/V6Gvu3aX4PIwNEoxq9gP+XWGpQkd0AxKn2Dvob3jG +iaiJAhwEEAECAAYFAltqfCkACgkQD1yUCmvYH5KxhQ/+O0QmI0HBq404A5Q50P0g +r/f6K33SNuBrC+qrmcshCNGC8AW6dryDvY2+caJx4oeoV4ToBoECPgWwHvUJgF5d +UWBI8gh1Wxs3XSrf++9kmIfoezH8RHsXa03QGCU7AS+0M3zsQjk4dBwRXfwf8/PJ +5tMkkou1sSfFHuAQdjVMzC32Qdru0jaK/HU/Gx/oPoL4obCfniAc8koKDXLHbIYI +FKc3V1jpNShE++yvv3TEr4GDI+DkAkkH1d15pETd331GXrN8djorLMKooS7eJWiU +WMetHUfPAALQImo1wAROQUf5O/2yN+t5HsId9RPQopUtYGf1BIUelSoKU9bn0pMh +yonKR8zCx7VWnIXxoR6fkhGoW/v5XyomthjYKom8Ok1HLPM8/mCRyPSNq3cp/B7n +fcdMkTKc9h9Tv004PA4BjNtVycK34Gj2GsjSzr5THiagsNzvIIfmDKjTirOdXtRA +5/oRKgTNEAz/qT9Y3EfmFni4cq3JBU7sQq6BEy48J4HSrjEVlzwNbXFeT/LTDNKX +wj1GgSM3vK3y1Pt1fH9aKTRL1Awahtn4+LTUrnm7Iq+Kq74n7MtA6WQNy+RjS4DO +9qfhtuJa4Pa4Y/KFc4JoBcsvI7B1PYE2xRRYLBQJak31PIK0+/7gn6mGpMkLRSO8 +PIP40VAkZWr13GxsW+c+2fE= +=zwiR +-----END PGP PUBLIC KEY BLOCK-----