From cc26eb1fa6cd9f52db56125ec01e5e41638ad7ec Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Thu, 1 Jul 2021 13:14:24 -0400 Subject: [PATCH 1/2] chore: Use release-keys CLI --- 12/alpine3.11/Dockerfile | 24 +++++------------------- 12/alpine3.12/Dockerfile | 24 +++++------------------- 12/buster-slim/Dockerfile | 21 +++------------------ 12/buster/Dockerfile | 23 +++-------------------- 12/stretch-slim/Dockerfile | 21 +++------------------ 12/stretch/Dockerfile | 23 +++-------------------- 14/alpine3.11/Dockerfile | 24 +++++------------------- 14/alpine3.12/Dockerfile | 24 +++++------------------- 14/alpine3.13/Dockerfile | 24 +++++------------------- 14/buster-slim/Dockerfile | 21 +++------------------ 14/buster/Dockerfile | 23 +++-------------------- 14/stretch-slim/Dockerfile | 21 +++------------------ 14/stretch/Dockerfile | 23 +++-------------------- 16/alpine3.11/Dockerfile | 24 +++++------------------- 16/alpine3.12/Dockerfile | 24 +++++------------------- 16/alpine3.13/Dockerfile | 24 +++++------------------- 16/buster-slim/Dockerfile | 21 +++------------------ 16/buster/Dockerfile | 23 +++-------------------- 16/stretch-slim/Dockerfile | 21 +++------------------ 16/stretch/Dockerfile | 23 +++-------------------- Dockerfile-alpine.template | 10 +++------- Dockerfile-debian.template | 11 ++--------- Dockerfile-slim.template | 9 ++------- keys/node.keys | 11 ----------- update.sh | 2 +- 25 files changed, 84 insertions(+), 415 deletions(-) delete mode 100644 keys/node.keys diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile index 97532e4541..3874595885 100644 --- a/12/alpine3.11/Dockerfile +++ b/12/alpine3.11/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.11 -ENV NODE_VERSION 12.22.1 +ENV NODE_VERSION 12.22.2 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -12,7 +12,7 @@ RUN addgroup -g 1000 node \ && case "${alpineArch##*-}" in \ x86_64) \ ARCH='x64' \ - CHECKSUM="b7c8a2cb26790b4cc21a69ea5896ecb3e88712a35dcd5f3ef1c799214ad1f5da" \ + CHECKSUM="" \ ;; \ *) ;; \ esac \ @@ -33,25 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ python2 \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -67,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/12/alpine3.12/Dockerfile b/12/alpine3.12/Dockerfile index f8cc9a741c..f303474e32 100644 --- a/12/alpine3.12/Dockerfile +++ b/12/alpine3.12/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.12 -ENV NODE_VERSION 12.22.1 +ENV NODE_VERSION 12.22.2 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -12,7 +12,7 @@ RUN addgroup -g 1000 node \ && case "${alpineArch##*-}" in \ x86_64) \ ARCH='x64' \ - CHECKSUM="b7c8a2cb26790b4cc21a69ea5896ecb3e88712a35dcd5f3ef1c799214ad1f5da" \ + CHECKSUM="" \ ;; \ *) ;; \ esac \ @@ -33,25 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ python2 \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -67,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile index 12a11a54a1..38c11127a5 100644 --- a/12/buster-slim/Dockerfile +++ b/12/buster-slim/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 12.22.1 +ENV NODE_VERSION 12.22.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -19,29 +19,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile index 8a35049d54..7b0cdd1c01 100644 --- a/12/buster/Dockerfile +++ b/12/buster/Dockerfile @@ -3,7 +3,7 @@ FROM buildpack-deps:buster RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 12.22.1 +ENV NODE_VERSION 12.22.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,31 +15,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile index c91acdca26..61071dfc3a 100644 --- a/12/stretch-slim/Dockerfile +++ b/12/stretch-slim/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 12.22.1 +ENV NODE_VERSION 12.22.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -19,29 +19,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile index 269e8a077e..51db7f4f1f 100644 --- a/12/stretch/Dockerfile +++ b/12/stretch/Dockerfile @@ -3,7 +3,7 @@ FROM buildpack-deps:stretch RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 12.22.1 +ENV NODE_VERSION 12.22.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,31 +15,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ diff --git a/14/alpine3.11/Dockerfile b/14/alpine3.11/Dockerfile index 42617d861f..a74f85fad2 100644 --- a/14/alpine3.11/Dockerfile +++ b/14/alpine3.11/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.11 -ENV NODE_VERSION 14.17.1 +ENV NODE_VERSION 14.17.2 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -12,7 +12,7 @@ RUN addgroup -g 1000 node \ && case "${alpineArch##*-}" in \ x86_64) \ ARCH='x64' \ - CHECKSUM="c23931be1470e454ae062d53ffbabd12b8578a3fd23b6575433a220af0b431a9" \ + CHECKSUM="" \ ;; \ *) ;; \ esac \ @@ -33,25 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ python3 \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -67,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/14/alpine3.12/Dockerfile b/14/alpine3.12/Dockerfile index 1a92b93798..53ff0a1d54 100644 --- a/14/alpine3.12/Dockerfile +++ b/14/alpine3.12/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.12 -ENV NODE_VERSION 14.17.1 +ENV NODE_VERSION 14.17.2 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -12,7 +12,7 @@ RUN addgroup -g 1000 node \ && case "${alpineArch##*-}" in \ x86_64) \ ARCH='x64' \ - CHECKSUM="c23931be1470e454ae062d53ffbabd12b8578a3fd23b6575433a220af0b431a9" \ + CHECKSUM="" \ ;; \ *) ;; \ esac \ @@ -33,25 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ python3 \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -67,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/14/alpine3.13/Dockerfile b/14/alpine3.13/Dockerfile index aa1964e9ad..d3507947ce 100644 --- a/14/alpine3.13/Dockerfile +++ b/14/alpine3.13/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.13 -ENV NODE_VERSION 14.17.1 +ENV NODE_VERSION 14.17.2 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -12,7 +12,7 @@ RUN addgroup -g 1000 node \ && case "${alpineArch##*-}" in \ x86_64) \ ARCH='x64' \ - CHECKSUM="c23931be1470e454ae062d53ffbabd12b8578a3fd23b6575433a220af0b431a9" \ + CHECKSUM="" \ ;; \ *) ;; \ esac \ @@ -33,25 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ python3 \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -67,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/14/buster-slim/Dockerfile b/14/buster-slim/Dockerfile index 44b675e7cf..edaad85ead 100644 --- a/14/buster-slim/Dockerfile +++ b/14/buster-slim/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 14.17.1 +ENV NODE_VERSION 14.17.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -19,29 +19,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ diff --git a/14/buster/Dockerfile b/14/buster/Dockerfile index ceb6b5b053..63defefbea 100644 --- a/14/buster/Dockerfile +++ b/14/buster/Dockerfile @@ -3,7 +3,7 @@ FROM buildpack-deps:buster RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 14.17.1 +ENV NODE_VERSION 14.17.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,31 +15,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ diff --git a/14/stretch-slim/Dockerfile b/14/stretch-slim/Dockerfile index 9726e5c05d..a627812f04 100644 --- a/14/stretch-slim/Dockerfile +++ b/14/stretch-slim/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 14.17.1 +ENV NODE_VERSION 14.17.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -19,29 +19,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ diff --git a/14/stretch/Dockerfile b/14/stretch/Dockerfile index 41023679d9..249217f543 100644 --- a/14/stretch/Dockerfile +++ b/14/stretch/Dockerfile @@ -3,7 +3,7 @@ FROM buildpack-deps:stretch RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 14.17.1 +ENV NODE_VERSION 14.17.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,31 +15,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ diff --git a/16/alpine3.11/Dockerfile b/16/alpine3.11/Dockerfile index 8cb312bdee..e9b35ef1f9 100644 --- a/16/alpine3.11/Dockerfile +++ b/16/alpine3.11/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.11 -ENV NODE_VERSION 16.3.0 +ENV NODE_VERSION 16.4.1 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -12,7 +12,7 @@ RUN addgroup -g 1000 node \ && case "${alpineArch##*-}" in \ x86_64) \ ARCH='x64' \ - CHECKSUM="d73505cf34e881703324265ef9d7a753b1db2d62ab326be01d1ea73c858d4ca7" \ + CHECKSUM="" \ ;; \ *) ;; \ esac \ @@ -33,25 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ python3 \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -67,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/16/alpine3.12/Dockerfile b/16/alpine3.12/Dockerfile index 56fe4e6260..c94ddaec95 100644 --- a/16/alpine3.12/Dockerfile +++ b/16/alpine3.12/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.12 -ENV NODE_VERSION 16.3.0 +ENV NODE_VERSION 16.4.1 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -12,7 +12,7 @@ RUN addgroup -g 1000 node \ && case "${alpineArch##*-}" in \ x86_64) \ ARCH='x64' \ - CHECKSUM="d73505cf34e881703324265ef9d7a753b1db2d62ab326be01d1ea73c858d4ca7" \ + CHECKSUM="" \ ;; \ *) ;; \ esac \ @@ -33,25 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ python3 \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -67,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/16/alpine3.13/Dockerfile b/16/alpine3.13/Dockerfile index dc20ece789..755f0137ea 100644 --- a/16/alpine3.13/Dockerfile +++ b/16/alpine3.13/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.13 -ENV NODE_VERSION 16.3.0 +ENV NODE_VERSION 16.4.1 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -12,7 +12,7 @@ RUN addgroup -g 1000 node \ && case "${alpineArch##*-}" in \ x86_64) \ ARCH='x64' \ - CHECKSUM="d73505cf34e881703324265ef9d7a753b1db2d62ab326be01d1ea73c858d4ca7" \ + CHECKSUM="" \ ;; \ *) ;; \ esac \ @@ -33,25 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ python3 \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -67,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/16/buster-slim/Dockerfile b/16/buster-slim/Dockerfile index 0a34a08065..2f3fe60941 100644 --- a/16/buster-slim/Dockerfile +++ b/16/buster-slim/Dockerfile @@ -3,7 +3,7 @@ FROM debian:buster-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 16.3.0 +ENV NODE_VERSION 16.4.1 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -19,29 +19,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ diff --git a/16/buster/Dockerfile b/16/buster/Dockerfile index 8a7a63dc9a..3a2e13ada8 100644 --- a/16/buster/Dockerfile +++ b/16/buster/Dockerfile @@ -3,7 +3,7 @@ FROM buildpack-deps:buster RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 16.3.0 +ENV NODE_VERSION 16.4.1 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,31 +15,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ diff --git a/16/stretch-slim/Dockerfile b/16/stretch-slim/Dockerfile index e70447430a..dc44e79717 100644 --- a/16/stretch-slim/Dockerfile +++ b/16/stretch-slim/Dockerfile @@ -3,7 +3,7 @@ FROM debian:stretch-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 16.3.0 +ENV NODE_VERSION 16.4.1 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -19,29 +19,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ diff --git a/16/stretch/Dockerfile b/16/stretch/Dockerfile index 9f1821fc82..8aa30ec0ea 100644 --- a/16/stretch/Dockerfile +++ b/16/stretch/Dockerfile @@ -3,7 +3,7 @@ FROM buildpack-deps:stretch RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 16.3.0 +ENV NODE_VERSION 16.4.1 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,31 +15,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - 74F12602B6F1C4E913FAA37AD3A89613643B6201 \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - 108F52B48DB57BB0CC439B2997B01419BD92F80A \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index f5c4c949f7..27198c0c88 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -33,15 +33,10 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ + bash \ ${PYTHON_VERSION} \ # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - "${NODE_KEYS[@]}" - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ @@ -57,6 +52,7 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apk del .build-deps \ # smoke tests && node --version \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1c3dcf4acf..cc67214cbe 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -15,21 +15,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - "${NODE_KEYS[@]}" - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template index 0056b4a97e..4ad2000201 100644 --- a/Dockerfile-slim.template +++ b/Dockerfile-slim.template @@ -19,19 +19,14 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - "${NODE_KEYS[@]}" - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s import \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && curl -s https://raw.githubusercontent.com/nodejs/release-keys/HEAD/cli.sh | bash -s clear \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ | awk '/=>/ { print $(NF-1) }' \ diff --git a/keys/node.keys b/keys/node.keys deleted file mode 100644 index d6d3c68b79..0000000000 --- a/keys/node.keys +++ /dev/null @@ -1,11 +0,0 @@ -4ED778F539E3634C779C87C6D7062848A1AB005C -94AE36675C464D64BAFA68DD7434390BDBE9B9C5 -74F12602B6F1C4E913FAA37AD3A89613643B6201 -71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 -8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 -C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 -C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C -DD8F2338BAE7501E3DD5AC78C273792F7D83545D -A48C2BEE680E841632CD4E44F07496B3EB3C1762 -108F52B48DB57BB0CC439B2997B01419BD92F80A -B9E2F5981AA6E0CD28160D9FF13993A75599653C diff --git a/update.sh b/update.sh index 507af21a75..83966befd5 100755 --- a/update.sh +++ b/update.sh @@ -146,7 +146,7 @@ function update_node_version() { ' # Add GPG keys - for key_type in "node" "yarn"; do + for key_type in "yarn"; do while read -r line; do pattern='"\$\{'$(echo "${key_type}" | tr '[:lower:]' '[:upper:]')'_KEYS\[@\]\}"' sed -Ei -e "s/([ \\t]*)(${pattern})/\\1${line}${new_line}\\1\\2/" "${dockerfile}-tmp" From eb12d367885a2833cb40d9ee8e85002265753d91 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Thu, 1 Jul 2021 13:35:09 -0400 Subject: [PATCH 2/2] chore: Use Yarn pubkey.gpg --- 12/alpine3.11/Dockerfile | 8 +------- 12/alpine3.12/Dockerfile | 8 +------- 12/buster-slim/Dockerfile | 8 +------- 12/buster/Dockerfile | 8 +------- 12/stretch-slim/Dockerfile | 8 +------- 12/stretch/Dockerfile | 8 +------- 14/alpine3.11/Dockerfile | 8 +------- 14/alpine3.12/Dockerfile | 8 +------- 14/alpine3.13/Dockerfile | 8 +------- 14/buster-slim/Dockerfile | 8 +------- 14/buster/Dockerfile | 8 +------- 14/stretch-slim/Dockerfile | 8 +------- 14/stretch/Dockerfile | 8 +------- 16/alpine3.11/Dockerfile | 8 +------- 16/alpine3.12/Dockerfile | 8 +------- 16/alpine3.13/Dockerfile | 8 +------- 16/buster-slim/Dockerfile | 8 +------- 16/buster/Dockerfile | 8 +------- 16/stretch-slim/Dockerfile | 8 +------- 16/stretch/Dockerfile | 8 +------- Dockerfile-alpine.template | 8 +------- Dockerfile-debian.template | 8 +------- Dockerfile-slim.template | 8 +------- 23 files changed, 23 insertions(+), 161 deletions(-) diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile index 3874595885..b40f0c704e 100644 --- a/12/alpine3.11/Dockerfile +++ b/12/alpine3.11/Dockerfile @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/12/alpine3.12/Dockerfile b/12/alpine3.12/Dockerfile index f303474e32..df0972cd79 100644 --- a/12/alpine3.12/Dockerfile +++ b/12/alpine3.12/Dockerfile @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile index 38c11127a5..45697f304d 100644 --- a/12/buster-slim/Dockerfile +++ b/12/buster-slim/Dockerfile @@ -47,13 +47,7 @@ RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile index 7b0cdd1c01..b2a3b6a5f1 100644 --- a/12/buster/Dockerfile +++ b/12/buster/Dockerfile @@ -31,13 +31,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ ENV YARN_VERSION 1.22.5 RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile index 61071dfc3a..fffb115773 100644 --- a/12/stretch-slim/Dockerfile +++ b/12/stretch-slim/Dockerfile @@ -47,13 +47,7 @@ RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile index 51db7f4f1f..ebef4acd67 100644 --- a/12/stretch/Dockerfile +++ b/12/stretch/Dockerfile @@ -31,13 +31,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ ENV YARN_VERSION 1.22.5 RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/14/alpine3.11/Dockerfile b/14/alpine3.11/Dockerfile index a74f85fad2..dee4dae7f3 100644 --- a/14/alpine3.11/Dockerfile +++ b/14/alpine3.11/Dockerfile @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/14/alpine3.12/Dockerfile b/14/alpine3.12/Dockerfile index 53ff0a1d54..39dfcc2ac1 100644 --- a/14/alpine3.12/Dockerfile +++ b/14/alpine3.12/Dockerfile @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/14/alpine3.13/Dockerfile b/14/alpine3.13/Dockerfile index d3507947ce..c7fb0cbc04 100644 --- a/14/alpine3.13/Dockerfile +++ b/14/alpine3.13/Dockerfile @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/14/buster-slim/Dockerfile b/14/buster-slim/Dockerfile index edaad85ead..af9b871b8e 100644 --- a/14/buster-slim/Dockerfile +++ b/14/buster-slim/Dockerfile @@ -47,13 +47,7 @@ RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/14/buster/Dockerfile b/14/buster/Dockerfile index 63defefbea..a517ae2ec9 100644 --- a/14/buster/Dockerfile +++ b/14/buster/Dockerfile @@ -31,13 +31,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ ENV YARN_VERSION 1.22.5 RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/14/stretch-slim/Dockerfile b/14/stretch-slim/Dockerfile index a627812f04..b6303cfee6 100644 --- a/14/stretch-slim/Dockerfile +++ b/14/stretch-slim/Dockerfile @@ -47,13 +47,7 @@ RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/14/stretch/Dockerfile b/14/stretch/Dockerfile index 249217f543..8b21225346 100644 --- a/14/stretch/Dockerfile +++ b/14/stretch/Dockerfile @@ -31,13 +31,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ ENV YARN_VERSION 1.22.5 RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/16/alpine3.11/Dockerfile b/16/alpine3.11/Dockerfile index e9b35ef1f9..244fc7b84a 100644 --- a/16/alpine3.11/Dockerfile +++ b/16/alpine3.11/Dockerfile @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/16/alpine3.12/Dockerfile b/16/alpine3.12/Dockerfile index c94ddaec95..e94e654bc3 100644 --- a/16/alpine3.12/Dockerfile +++ b/16/alpine3.12/Dockerfile @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/16/alpine3.13/Dockerfile b/16/alpine3.13/Dockerfile index 755f0137ea..fcece511cc 100644 --- a/16/alpine3.13/Dockerfile +++ b/16/alpine3.13/Dockerfile @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/16/buster-slim/Dockerfile b/16/buster-slim/Dockerfile index 2f3fe60941..34f38e2f5c 100644 --- a/16/buster-slim/Dockerfile +++ b/16/buster-slim/Dockerfile @@ -47,13 +47,7 @@ RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/16/buster/Dockerfile b/16/buster/Dockerfile index 3a2e13ada8..11c6c4be9c 100644 --- a/16/buster/Dockerfile +++ b/16/buster/Dockerfile @@ -31,13 +31,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ ENV YARN_VERSION 1.22.5 RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/16/stretch-slim/Dockerfile b/16/stretch-slim/Dockerfile index dc44e79717..d49085656c 100644 --- a/16/stretch-slim/Dockerfile +++ b/16/stretch-slim/Dockerfile @@ -47,13 +47,7 @@ RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/16/stretch/Dockerfile b/16/stretch/Dockerfile index 8aa30ec0ea..a9328e2109 100644 --- a/16/stretch/Dockerfile +++ b/16/stretch/Dockerfile @@ -31,13 +31,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ ENV YARN_VERSION 1.22.5 RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 27198c0c88..75055c07c7 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -61,13 +61,7 @@ RUN addgroup -g 1000 node \ ENV YARN_VERSION 0.0.0 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - "${YARN_KEYS[@]}" - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index cc67214cbe..520bed5ca7 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -31,13 +31,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ ENV YARN_VERSION 0.0.0 RUN set -ex \ - && for key in \ - "${YARN_KEYS[@]}" - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template index 4ad2000201..da46651b1b 100644 --- a/Dockerfile-slim.template +++ b/Dockerfile-slim.template @@ -47,13 +47,7 @@ RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ - && for key in \ - "${YARN_KEYS[@]}" - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --import \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \