Skip to content

Commit 93dd203

Browse files
tianontianon
committed
Fix "gpg" usage to stop relying on deprecated and insecure behavior
1 parent 17f2bb9 commit 93dd203

File tree

15 files changed

+80
-63
lines changed

15 files changed

+80
-63
lines changed

2.7/Dockerfile

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,15 @@ ENV PYTHON_VERSION 2.7.11
1616
ENV PYTHON_PIP_VERSION 8.0.3
1717

1818
RUN set -ex \
19+
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
20+
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
21+
&& export GNUPGHOME="$(mktemp -d)" \
1922
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
20-
&& curl -fSL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
21-
&& curl -fSL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
22-
&& gpg --verify python.tar.xz.asc \
23+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
24+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
2325
&& mkdir -p /usr/src/python \
2426
&& tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
25-
&& rm python.tar.xz* \
26-
&& rm -r ~/.gnupg \
27+
&& rm python.tar.xz \
2728
\
2829
&& cd /usr/src/python \
2930
&& ./configure --enable-shared --enable-unicode=ucs4 \

2.7/alpine/Dockerfile

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,16 @@ ENV PYTHON_PIP_VERSION 8.0.3
1414

1515
RUN set -ex \
1616
&& apk add --no-cache --virtual .fetch-deps curl gnupg \
17+
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
18+
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
19+
&& export GNUPGHOME="$(mktemp -d)" \
1720
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
18-
&& curl -fSL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
19-
&& curl -fSL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
20-
&& gpg --verify python.tar.xz.asc \
21+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
22+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
2123
&& mkdir -p /usr/src \
2224
&& tar -xJC /usr/src -f python.tar.xz \
2325
&& mv "/usr/src/Python-$PYTHON_VERSION" /usr/src/python \
24-
&& rm python.tar.xz* \
25-
&& rm -r ~/.gnupg \
26+
&& rm python.tar.xz \
2627
\
2728
&& apk add --no-cache --virtual .build-deps \
2829
bzip2-dev \

2.7/slim/Dockerfile

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,14 +36,15 @@ RUN set -ex \
3636
zlib1g-dev \
3737
' \
3838
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends && rm -rf /var/lib/apt/lists/* \
39+
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
40+
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
41+
&& export GNUPGHOME="$(mktemp -d)" \
3942
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
40-
&& curl -fSL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
41-
&& curl -fSL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
42-
&& gpg --verify python.tar.xz.asc \
43+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
44+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
4345
&& mkdir -p /usr/src/python \
4446
&& tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
45-
&& rm python.tar.xz* \
46-
&& rm -r ~/.gnupg \
47+
&& rm python.tar.xz \
4748
\
4849
&& cd /usr/src/python \
4950
&& ./configure --enable-shared --enable-unicode=ucs4 \

2.7/wheezy/Dockerfile

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,16 @@ ENV PYTHON_VERSION 2.7.11
1616
ENV PYTHON_PIP_VERSION 8.0.3
1717

1818
RUN set -ex \
19+
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
20+
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
21+
&& export GNUPGHOME="$(mktemp -d)" \
1922
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
20-
&& curl -fSL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
21-
&& curl -fSL "https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
22-
&& gpg --verify python.tar.xz.asc \
23+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
24+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
2325
&& mkdir -p /usr/src/python \
2426
&& tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
25-
&& rm python.tar.xz* \
27+
&& rm python.tar.xz \
28+
\
2629
&& cd /usr/src/python \
2730
&& ./configure --enable-shared --enable-unicode=ucs4 \
2831
&& make -j$(nproc) \

3.3/Dockerfile

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,15 @@ ENV PYTHON_VERSION 3.3.6
1616
ENV PYTHON_PIP_VERSION 8.0.3
1717

1818
RUN set -ex \
19-
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
2019
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
2120
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
22-
&& gpg --verify python.tar.xz.asc \
21+
&& export GNUPGHOME="$(mktemp -d)" \
22+
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
23+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
24+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
2325
&& mkdir -p /usr/src/python \
2426
&& tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
25-
&& rm python.tar.xz* \
26-
&& rm -r ~/.gnupg \
27+
&& rm python.tar.xz \
2728
\
2829
&& cd /usr/src/python \
2930
&& ./configure --enable-shared --enable-unicode=ucs4 \

3.3/alpine/Dockerfile

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,16 @@ ENV PYTHON_PIP_VERSION 8.0.3
1414

1515
RUN set -ex \
1616
&& apk add --no-cache --virtual .fetch-deps curl gnupg \
17-
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
1817
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
1918
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
20-
&& gpg --verify python.tar.xz.asc \
19+
&& export GNUPGHOME="$(mktemp -d)" \
20+
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
21+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
22+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
2123
&& mkdir -p /usr/src \
2224
&& tar -xJC /usr/src -f python.tar.xz \
2325
&& mv "/usr/src/Python-$PYTHON_VERSION" /usr/src/python \
24-
&& rm python.tar.xz* \
25-
&& rm -r ~/.gnupg \
26+
&& rm python.tar.xz \
2627
\
2728
&& apk add --no-cache --virtual .build-deps \
2829
bzip2-dev \

3.3/slim/Dockerfile

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,14 +36,15 @@ RUN set -ex \
3636
zlib1g-dev \
3737
' \
3838
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends && rm -rf /var/lib/apt/lists/* \
39-
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
4039
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
4140
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
42-
&& gpg --verify python.tar.xz.asc \
41+
&& export GNUPGHOME="$(mktemp -d)" \
42+
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
43+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
44+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
4345
&& mkdir -p /usr/src/python \
4446
&& tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
45-
&& rm python.tar.xz* \
46-
&& rm -r ~/.gnupg \
47+
&& rm python.tar.xz \
4748
\
4849
&& cd /usr/src/python \
4950
&& ./configure --enable-shared --enable-unicode=ucs4 \

3.3/wheezy/Dockerfile

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,15 @@ ENV PYTHON_VERSION 3.3.6
1616
ENV PYTHON_PIP_VERSION 8.0.3
1717

1818
RUN set -ex \
19-
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
2019
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
2120
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
22-
&& gpg --verify python.tar.xz.asc \
21+
&& export GNUPGHOME="$(mktemp -d)" \
22+
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
23+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
24+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
2325
&& mkdir -p /usr/src/python \
2426
&& tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
25-
&& rm python.tar.xz* \
26-
&& rm -r ~/.gnupg \
27+
&& rm python.tar.xz \
2728
\
2829
&& cd /usr/src/python \
2930
&& ./configure --enable-shared --enable-unicode=ucs4 \

3.4/Dockerfile

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,15 @@ ENV PYTHON_VERSION 3.4.4
1616
ENV PYTHON_PIP_VERSION 8.0.3
1717

1818
RUN set -ex \
19-
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
2019
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
2120
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
22-
&& gpg --verify python.tar.xz.asc \
21+
&& export GNUPGHOME="$(mktemp -d)" \
22+
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
23+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
24+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
2325
&& mkdir -p /usr/src/python \
2426
&& tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz \
25-
&& rm python.tar.xz* \
26-
&& rm -r ~/.gnupg \
27+
&& rm python.tar.xz \
2728
\
2829
&& cd /usr/src/python \
2930
&& ./configure --enable-shared --enable-unicode=ucs4 \

3.4/alpine/Dockerfile

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,16 @@ ENV PYTHON_PIP_VERSION 8.0.3
1414

1515
RUN set -ex \
1616
&& apk add --no-cache --virtual .fetch-deps curl gnupg \
17-
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
1817
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" -o python.tar.xz \
1918
&& curl -fSL "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" -o python.tar.xz.asc \
20-
&& gpg --verify python.tar.xz.asc \
19+
&& export GNUPGHOME="$(mktemp -d)" \
20+
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
21+
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
22+
&& rm -r "$GNUPGHOME" python.tar.xz.asc \
2123
&& mkdir -p /usr/src \
2224
&& tar -xJC /usr/src -f python.tar.xz \
2325
&& mv "/usr/src/Python-$PYTHON_VERSION" /usr/src/python \
24-
&& rm python.tar.xz* \
25-
&& rm -r ~/.gnupg \
26+
&& rm python.tar.xz \
2627
&& apk del .fetch-deps \
2728
\
2829
&& apk add --no-cache --virtual .build-deps \

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy