Skip to content

Commit 65d976a

Browse files
jnoordsijjnoordsij
committed
Use temporary GNUPGHOME directory when using gpg in image builds
1 parent c9270c6 commit 65d976a

File tree

14 files changed

+119
-0
lines changed

14 files changed

+119
-0
lines changed

16/bullseye-slim/Dockerfile

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1919
# libatomic1 for arm
2020
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
2121
&& rm -rf /var/lib/apt/lists/* \
22+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
23+
&& export GNUPGHOME="$(mktemp -d)" \
24+
# gpg keys listed at https://github.com/nodejs/node#release-keys
2225
&& for key in \
2326
4ED778F539E3634C779C87C6D7062848A1AB005C \
2427
141F07595B7B3FFE74309A937405533BE57C7D57 \
@@ -37,6 +40,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3740
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3841
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3942
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
43+
&& gpgconf --kill all \
44+
&& rm -rf "$GNUPGHOME" \
4045
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4146
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4247
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -60,6 +65,8 @@ RUN set -ex \
6065
&& savedAptMark="$(apt-mark showmanual)" \
6166
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \
6267
&& rm -rf /var/lib/apt/lists/* \
68+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
69+
&& export GNUPGHOME="$(mktemp -d)" \
6370
&& for key in \
6471
6A010C5166006599AA17F08146C2130DFD2497F5 \
6572
; do \
@@ -69,6 +76,8 @@ RUN set -ex \
6976
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
7077
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
7178
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
79+
&& gpgconf --kill all \
80+
&& rm -rf "$GNUPGHOME" \
7281
&& mkdir -p /opt \
7382
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
7483
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

16/bullseye/Dockerfile

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1515
i386) ARCH='x86';; \
1616
*) echo "unsupported architecture"; exit 1 ;; \
1717
esac \
18+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
19+
&& export GNUPGHOME="$(mktemp -d)" \
1820
# gpg keys listed at https://github.com/nodejs/node#release-keys
1921
&& set -ex \
2022
&& for key in \
@@ -35,6 +37,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3537
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3638
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3739
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
40+
&& gpgconf --kill all \
41+
&& rm -rf "$GNUPGHOME" \
3842
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
3943
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4044
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -46,6 +50,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
4650
ENV YARN_VERSION 1.22.19
4751

4852
RUN set -ex \
53+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
54+
&& export GNUPGHOME="$(mktemp -d)" \
4955
&& for key in \
5056
6A010C5166006599AA17F08146C2130DFD2497F5 \
5157
; do \
@@ -55,6 +61,8 @@ RUN set -ex \
5561
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
5662
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
5763
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
64+
&& gpgconf --kill all \
65+
&& rm -rf "$GNUPGHOME" \
5866
&& mkdir -p /opt \
5967
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
6068
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

16/buster-slim/Dockerfile

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1919
# libatomic1 for arm
2020
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
2121
&& rm -rf /var/lib/apt/lists/* \
22+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
23+
&& export GNUPGHOME="$(mktemp -d)" \
24+
# gpg keys listed at https://github.com/nodejs/node#release-keys
2225
&& for key in \
2326
4ED778F539E3634C779C87C6D7062848A1AB005C \
2427
141F07595B7B3FFE74309A937405533BE57C7D57 \
@@ -37,6 +40,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3740
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3841
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3942
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
43+
&& gpgconf --kill all \
44+
&& rm -rf "$GNUPGHOME" \
4045
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4146
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4247
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -60,6 +65,8 @@ RUN set -ex \
6065
&& savedAptMark="$(apt-mark showmanual)" \
6166
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \
6267
&& rm -rf /var/lib/apt/lists/* \
68+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
69+
&& export GNUPGHOME="$(mktemp -d)" \
6370
&& for key in \
6471
6A010C5166006599AA17F08146C2130DFD2497F5 \
6572
; do \
@@ -69,6 +76,8 @@ RUN set -ex \
6976
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
7077
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
7178
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
79+
&& gpgconf --kill all \
80+
&& rm -rf "$GNUPGHOME" \
7281
&& mkdir -p /opt \
7382
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
7483
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

16/buster/Dockerfile

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1515
i386) ARCH='x86';; \
1616
*) echo "unsupported architecture"; exit 1 ;; \
1717
esac \
18+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
19+
&& export GNUPGHOME="$(mktemp -d)" \
1820
# gpg keys listed at https://github.com/nodejs/node#release-keys
1921
&& set -ex \
2022
&& for key in \
@@ -35,6 +37,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3537
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3638
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3739
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
40+
&& gpgconf --kill all \
41+
&& rm -rf "$GNUPGHOME" \
3842
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
3943
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4044
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -46,6 +50,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
4650
ENV YARN_VERSION 1.22.19
4751

4852
RUN set -ex \
53+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
54+
&& export GNUPGHOME="$(mktemp -d)" \
4955
&& for key in \
5056
6A010C5166006599AA17F08146C2130DFD2497F5 \
5157
; do \
@@ -55,6 +61,8 @@ RUN set -ex \
5561
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
5662
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
5763
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
64+
&& gpgconf --kill all \
65+
&& rm -rf "$GNUPGHOME" \
5866
&& mkdir -p /opt \
5967
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
6068
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

18/bullseye-slim/Dockerfile

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1919
# libatomic1 for arm
2020
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
2121
&& rm -rf /var/lib/apt/lists/* \
22+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
23+
&& export GNUPGHOME="$(mktemp -d)" \
24+
# gpg keys listed at https://github.com/nodejs/node#release-keys
2225
&& for key in \
2326
4ED778F539E3634C779C87C6D7062848A1AB005C \
2427
141F07595B7B3FFE74309A937405533BE57C7D57 \
@@ -37,6 +40,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3740
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3841
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3942
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
43+
&& gpgconf --kill all \
44+
&& rm -rf "$GNUPGHOME" \
4045
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4146
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4247
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -60,6 +65,8 @@ RUN set -ex \
6065
&& savedAptMark="$(apt-mark showmanual)" \
6166
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \
6267
&& rm -rf /var/lib/apt/lists/* \
68+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
69+
&& export GNUPGHOME="$(mktemp -d)" \
6370
&& for key in \
6471
6A010C5166006599AA17F08146C2130DFD2497F5 \
6572
; do \
@@ -69,6 +76,8 @@ RUN set -ex \
6976
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
7077
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
7178
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
79+
&& gpgconf --kill all \
80+
&& rm -rf "$GNUPGHOME" \
7281
&& mkdir -p /opt \
7382
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
7483
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

18/bullseye/Dockerfile

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1515
i386) ARCH='x86';; \
1616
*) echo "unsupported architecture"; exit 1 ;; \
1717
esac \
18+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
19+
&& export GNUPGHOME="$(mktemp -d)" \
1820
# gpg keys listed at https://github.com/nodejs/node#release-keys
1921
&& set -ex \
2022
&& for key in \
@@ -35,6 +37,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3537
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3638
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3739
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
40+
&& gpgconf --kill all \
41+
&& rm -rf "$GNUPGHOME" \
3842
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
3943
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4044
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -46,6 +50,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
4650
ENV YARN_VERSION 1.22.19
4751

4852
RUN set -ex \
53+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
54+
&& export GNUPGHOME="$(mktemp -d)" \
4955
&& for key in \
5056
6A010C5166006599AA17F08146C2130DFD2497F5 \
5157
; do \
@@ -55,6 +61,8 @@ RUN set -ex \
5561
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
5662
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
5763
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
64+
&& gpgconf --kill all \
65+
&& rm -rf "$GNUPGHOME" \
5866
&& mkdir -p /opt \
5967
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
6068
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

18/buster-slim/Dockerfile

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1919
# libatomic1 for arm
2020
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
2121
&& rm -rf /var/lib/apt/lists/* \
22+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
23+
&& export GNUPGHOME="$(mktemp -d)" \
24+
# gpg keys listed at https://github.com/nodejs/node#release-keys
2225
&& for key in \
2326
4ED778F539E3634C779C87C6D7062848A1AB005C \
2427
141F07595B7B3FFE74309A937405533BE57C7D57 \
@@ -37,6 +40,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3740
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3841
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3942
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
43+
&& gpgconf --kill all \
44+
&& rm -rf "$GNUPGHOME" \
4045
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4146
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4247
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -60,6 +65,8 @@ RUN set -ex \
6065
&& savedAptMark="$(apt-mark showmanual)" \
6166
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \
6267
&& rm -rf /var/lib/apt/lists/* \
68+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
69+
&& export GNUPGHOME="$(mktemp -d)" \
6370
&& for key in \
6471
6A010C5166006599AA17F08146C2130DFD2497F5 \
6572
; do \
@@ -69,6 +76,8 @@ RUN set -ex \
6976
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
7077
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
7178
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
79+
&& gpgconf --kill all \
80+
&& rm -rf "$GNUPGHOME" \
7281
&& mkdir -p /opt \
7382
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
7483
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

18/buster/Dockerfile

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1515
i386) ARCH='x86';; \
1616
*) echo "unsupported architecture"; exit 1 ;; \
1717
esac \
18+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
19+
&& export GNUPGHOME="$(mktemp -d)" \
1820
# gpg keys listed at https://github.com/nodejs/node#release-keys
1921
&& set -ex \
2022
&& for key in \
@@ -35,6 +37,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3537
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3638
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3739
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
40+
&& gpgconf --kill all \
41+
&& rm -rf "$GNUPGHOME" \
3842
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
3943
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4044
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -46,6 +50,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
4650
ENV YARN_VERSION 1.22.19
4751

4852
RUN set -ex \
53+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
54+
&& export GNUPGHOME="$(mktemp -d)" \
4955
&& for key in \
5056
6A010C5166006599AA17F08146C2130DFD2497F5 \
5157
; do \
@@ -55,6 +61,8 @@ RUN set -ex \
5561
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
5662
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
5763
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
64+
&& gpgconf --kill all \
65+
&& rm -rf "$GNUPGHOME" \
5866
&& mkdir -p /opt \
5967
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
6068
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

20/bullseye-slim/Dockerfile

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1919
# libatomic1 for arm
2020
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
2121
&& rm -rf /var/lib/apt/lists/* \
22+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
23+
&& export GNUPGHOME="$(mktemp -d)" \
24+
# gpg keys listed at https://github.com/nodejs/node#release-keys
2225
&& for key in \
2326
4ED778F539E3634C779C87C6D7062848A1AB005C \
2427
141F07595B7B3FFE74309A937405533BE57C7D57 \
@@ -37,6 +40,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
3740
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
3841
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
3942
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
43+
&& gpgconf --kill all \
44+
&& rm -rf "$GNUPGHOME" \
4045
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4146
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
4247
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -60,6 +65,8 @@ RUN set -ex \
6065
&& savedAptMark="$(apt-mark showmanual)" \
6166
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \
6267
&& rm -rf /var/lib/apt/lists/* \
68+
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
69+
&& export GNUPGHOME="$(mktemp -d)" \
6370
&& for key in \
6471
6A010C5166006599AA17F08146C2130DFD2497F5 \
6572
; do \
@@ -69,6 +76,8 @@ RUN set -ex \
6976
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
7077
&& curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
7178
&& gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
79+
&& gpgconf --kill all \
80+
&& rm -rf "$GNUPGHOME" \
7281
&& mkdir -p /opt \
7382
&& tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
7483
&& ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \

0 commit comments

Comments
 (0)