From ce4d6826e5aa7612221d1049b1f88853f8557a90 Mon Sep 17 00:00:00 2001 From: Alexys Jacob Date: Thu, 14 Nov 2019 23:57:38 +0100 Subject: Use official Gentoo keyservers (keys.gentoo.org) by @mgorny See https://github.com/gentoo/gentoo-docker-images/pull/64 Signed-off-by: Alexys Jacob --- stage3.Dockerfile | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'stage3.Dockerfile') diff --git a/stage3.Dockerfile b/stage3.Dockerfile index 0a950d2..ad59ea7 100644 --- a/stage3.Dockerfile +++ b/stage3.Dockerfile @@ -1,11 +1,8 @@ -# This Dockerfile creates a gentoo stage3 container image. By default it -# creates a stage3-amd64 image. It utilizes a multi-stage build and requires -# docker-17.05.0 or later. It fetches a daily snapshot from the official +# This Dockerfile creates a gentoo stage3 container image. By default it +# creates a stage3-amd64 image. It utilizes a multi-stage build and requires +# docker-17.05.0 or later. It fetches a daily snapshot from the official # sources and verifies its checksum as well as its gpg signature. -# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools -# to fetch the signing key. - ARG BOOTSTRAP FROM ${BOOTSTRAP:-alpine:3.7} as builder @@ -18,7 +15,7 @@ ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/releases/${ARCH}/autobuilds" ARG SIGNING_KEY="0xBB572E0E2D182910" RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \ - && apk --no-cache add gnupg tar wget xz \ + && apk --no-cache add ca-certificates gnupg tar wget xz \ && STAGE3PATH="$(wget -O- "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt" | tail -n 1 | cut -f 1 -d ' ')" \ && echo "STAGE3PATH:" $STAGE3PATH \ && STAGE3="$(basename ${STAGE3PATH})" \ @@ -27,7 +24,7 @@ RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${ && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \ && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \ && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \ - && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \ + && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \ && gpg --verify "${STAGE3}.DIGESTS.asc" \ && awk '/# SHA512 HASH/{getline; print}' ${STAGE3}.DIGESTS.asc | sha512sum -c \ && tar xpf "${STAGE3}" --xattrs --numeric-owner \ -- cgit v1.2.3-65-gdbad