From aa2c42c75a2f61407ae070cfc9263f62e7da3029 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 12 Jun 2018 01:13:03 +0200 Subject: [PATCH 1/2] Update Debain base to stretch --- 3.2/32bit/Dockerfile | 9 +++++++-- 3.2/Dockerfile | 9 +++++++-- 4.0/32bit/Dockerfile | 9 +++++++-- 4.0/Dockerfile | 9 +++++++-- 4 files changed, 28 insertions(+), 8 deletions(-) diff --git a/3.2/32bit/Dockerfile b/3.2/32bit/Dockerfile index fc40596a8..360c6cced 100644 --- a/3.2/32bit/Dockerfile +++ b/3.2/32bit/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:jessie-slim +FROM debian:stretch-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r redis && useradd -r -g redis redis @@ -8,7 +8,12 @@ RUN groupadd -r redis && useradd -r -g redis redis ENV GOSU_VERSION 1.10 RUN set -ex; \ \ - fetchDeps='ca-certificates wget'; \ + fetchDeps=" \ + ca-certificates \ + dirmngr \ + gnupg \ + wget \ + "; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ rm -rf /var/lib/apt/lists/*; \ diff --git a/3.2/Dockerfile b/3.2/Dockerfile index ff930210c..8d8f41d25 100644 --- a/3.2/Dockerfile +++ b/3.2/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:jessie-slim +FROM debian:stretch-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r redis && useradd -r -g redis redis @@ -8,7 +8,12 @@ RUN groupadd -r redis && useradd -r -g redis redis ENV GOSU_VERSION 1.10 RUN set -ex; \ \ - fetchDeps='ca-certificates wget'; \ + fetchDeps=" \ + ca-certificates \ + dirmngr \ + gnupg \ + wget \ + "; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ rm -rf /var/lib/apt/lists/*; \ diff --git a/4.0/32bit/Dockerfile b/4.0/32bit/Dockerfile index d0689efef..f571058dd 100644 --- a/4.0/32bit/Dockerfile +++ b/4.0/32bit/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:jessie-slim +FROM debian:stretch-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r redis && useradd -r -g redis redis @@ -8,7 +8,12 @@ RUN groupadd -r redis && useradd -r -g redis redis ENV GOSU_VERSION 1.10 RUN set -ex; \ \ - fetchDeps='ca-certificates wget'; \ + fetchDeps=" \ + ca-certificates \ + dirmngr \ + gnupg \ + wget \ + "; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ rm -rf /var/lib/apt/lists/*; \ diff --git a/4.0/Dockerfile b/4.0/Dockerfile index b2c7c7ada..adc64576f 100644 --- a/4.0/Dockerfile +++ b/4.0/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:jessie-slim +FROM debian:stretch-slim # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN groupadd -r redis && useradd -r -g redis redis @@ -8,7 +8,12 @@ RUN groupadd -r redis && useradd -r -g redis redis ENV GOSU_VERSION 1.10 RUN set -ex; \ \ - fetchDeps='ca-certificates wget'; \ + fetchDeps=" \ + ca-certificates \ + dirmngr \ + gnupg \ + wget \ + "; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ rm -rf /var/lib/apt/lists/*; \ From bac9a55b33a9a4635f2f3cbbb0754a2e7f549e15 Mon Sep 17 00:00:00 2001 From: J0WI Date: Tue, 12 Jun 2018 01:14:07 +0200 Subject: [PATCH 2/2] Adjust gpg code to kill daemons, cutting down on race conditions --- 3.2/32bit/Dockerfile | 1 + 3.2/Dockerfile | 1 + 4.0/32bit/Dockerfile | 1 + 4.0/Dockerfile | 1 + 4 files changed, 4 insertions(+) diff --git a/3.2/32bit/Dockerfile b/3.2/32bit/Dockerfile index 360c6cced..e84280f39 100644 --- a/3.2/32bit/Dockerfile +++ b/3.2/32bit/Dockerfile @@ -24,6 +24,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ diff --git a/3.2/Dockerfile b/3.2/Dockerfile index 8d8f41d25..195292521 100644 --- a/3.2/Dockerfile +++ b/3.2/Dockerfile @@ -24,6 +24,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ diff --git a/4.0/32bit/Dockerfile b/4.0/32bit/Dockerfile index f571058dd..b5f4acb00 100644 --- a/4.0/32bit/Dockerfile +++ b/4.0/32bit/Dockerfile @@ -24,6 +24,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ chmod +x /usr/local/bin/gosu; \ gosu nobody true; \ diff --git a/4.0/Dockerfile b/4.0/Dockerfile index adc64576f..b7a45a9cc 100644 --- a/4.0/Dockerfile +++ b/4.0/Dockerfile @@ -24,6 +24,7 @@ RUN set -ex; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ chmod +x /usr/local/bin/gosu; \ gosu nobody true; \