Skip to content

Commit 29a50e9

Browse files
aduh95aduh95
committed
fixup! chore: switch to official release-keys repo to verify Node.js
update files
1 parent 48c743a commit 29a50e9

File tree

34 files changed

+270
-704
lines changed

34 files changed

+270
-704
lines changed

20/alpine3.22/Dockerfile

Lines changed: 8 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -31,43 +31,29 @@ RUN addgroup -g 1000 node \
3131
binutils-gold \
3232
g++ \
3333
gcc \
34-
gnupg \
34+
gpgv \
3535
libgcc \
3636
linux-headers \
3737
make \
3838
python3 \
3939
py-setuptools \
40-
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
4140
&& export GNUPGHOME="$(mktemp -d)" \
42-
# gpg keys listed at https://github.com/nodejs/node#release-keys
43-
&& for key in \
44-
5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
45-
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
46-
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
47-
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
48-
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
49-
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
50-
108F52B48DB57BB0CC439B2997B01419BD92F80A \
51-
A363A499291CBBC940DD62E41F10027AF002F8B0 \
52-
; do \
53-
{ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \
54-
{ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \
55-
done \
41+
&& (cd "$GNUPGHOME" && curl -fsSLO --compressed "https://raw.githubusercontent.com/nodejs/release-keys/b362bd15f2ac7ce350d7563fc03e0c625e455e5f/gpg-only-active-keys/pubring.kbx" && echo "6676a927d6261a7ab6bb4ddc69614823567426bb9ac77aee484cfb5d66f4a148 pubring.kbx" | sha256sum -c) \
5642
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
57-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
58-
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
59-
&& gpgconf --kill all \
43+
&& curl -fsSL --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
44+
| gpgv --keyring="$GNUPGHOME/pubring.kbx" --output - \
45+
| grep " node-v$NODE_VERSION.tar.xz\$"
46+
| sha256sum -c - \
6047
&& rm -rf "$GNUPGHOME" \
61-
&& grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
62-
&& tar -xf "node-v$NODE_VERSION.tar.xz" \
48+
&& tar -xJf "node-v$NODE_VERSION.tar.xz" \
6349
&& cd "node-v$NODE_VERSION" \
6450
&& ./configure \
6551
&& make -j$(getconf _NPROCESSORS_ONLN) V= \
6652
&& make install \
6753
&& apk del .build-deps-full \
6854
&& cd .. \
6955
&& rm -Rf "node-v$NODE_VERSION" \
70-
&& rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
56+
&& rm "node-v$NODE_VERSION.tar.xz"; \
7157
fi \
7258
&& rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \
7359
# Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451

20/alpine3.23/Dockerfile

Lines changed: 8 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -31,43 +31,29 @@ RUN addgroup -g 1000 node \
3131
binutils-gold \
3232
g++ \
3333
gcc \
34-
gnupg \
34+
gpgv \
3535
libgcc \
3636
linux-headers \
3737
make \
3838
python3 \
3939
py-setuptools \
40-
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
4140
&& export GNUPGHOME="$(mktemp -d)" \
42-
# gpg keys listed at https://github.com/nodejs/node#release-keys
43-
&& for key in \
44-
5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
45-
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
46-
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
47-
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
48-
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
49-
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
50-
108F52B48DB57BB0CC439B2997B01419BD92F80A \
51-
A363A499291CBBC940DD62E41F10027AF002F8B0 \
52-
; do \
53-
{ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \
54-
{ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \
55-
done \
41+
&& (cd "$GNUPGHOME" && curl -fsSLO --compressed "https://raw.githubusercontent.com/nodejs/release-keys/b362bd15f2ac7ce350d7563fc03e0c625e455e5f/gpg-only-active-keys/pubring.kbx" && echo "6676a927d6261a7ab6bb4ddc69614823567426bb9ac77aee484cfb5d66f4a148 pubring.kbx" | sha256sum -c) \
5642
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
57-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
58-
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
59-
&& gpgconf --kill all \
43+
&& curl -fsSL --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
44+
| gpgv --keyring="$GNUPGHOME/pubring.kbx" --output - \
45+
| grep " node-v$NODE_VERSION.tar.xz\$"
46+
| sha256sum -c - \
6047
&& rm -rf "$GNUPGHOME" \
61-
&& grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
62-
&& tar -xf "node-v$NODE_VERSION.tar.xz" \
48+
&& tar -xJf "node-v$NODE_VERSION.tar.xz" \
6349
&& cd "node-v$NODE_VERSION" \
6450
&& ./configure \
6551
&& make -j$(getconf _NPROCESSORS_ONLN) V= \
6652
&& make install \
6753
&& apk del .build-deps-full \
6854
&& cd .. \
6955
&& rm -Rf "node-v$NODE_VERSION" \
70-
&& rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
56+
&& rm "node-v$NODE_VERSION.tar.xz"; \
7157
fi \
7258
&& rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \
7359
# Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451

20/bookworm-slim/Dockerfile

Lines changed: 9 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -17,32 +17,19 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1717
esac \
1818
&& set -ex \
1919
# libatomic1 for arm
20-
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
20+
&& apt-get update && apt-get install -y ca-certificates curl wget gpgv dirmngr xz-utils libatomic1 --no-install-recommends \
2121
&& rm -rf /var/lib/apt/lists/* \
22-
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
2322
&& export GNUPGHOME="$(mktemp -d)" \
24-
# gpg keys listed at https://github.com/nodejs/node#release-keys
25-
&& for key in \
26-
5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
27-
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
28-
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
29-
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
30-
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
31-
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
32-
108F52B48DB57BB0CC439B2997B01419BD92F80A \
33-
A363A499291CBBC940DD62E41F10027AF002F8B0 \
34-
; do \
35-
{ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \
36-
{ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \
37-
done \
38-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
39-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
40-
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
41-
&& gpgconf --kill all \
23+
&& set -exo pipefail \
24+
&& (cd "$GNUPGHOME" && curl -fsSLO --compressed "https://raw.githubusercontent.com/nodejs/release-keys/b362bd15f2ac7ce350d7563fc03e0c625e455e5f/gpg-only-active-keys/pubring.kbx" && echo "6676a927d6261a7ab6bb4ddc69614823567426bb9ac77aee484cfb5d66f4a148 pubring.kbx" | sha256sum -c) \
25+
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
26+
&& curl -fsSL --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
27+
| gpgv --keyring="$GNUPGHOME/pubring.kbx" --output - \
28+
| grep " node-v$NODE_VERSION.tar.xz\$"
29+
| sha256sum -c - \
4230
&& rm -rf "$GNUPGHOME" \
43-
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4431
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
45-
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
32+
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
4633
# Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451
4734
&& find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \
4835
&& apt-mark auto '.*' > /dev/null \

20/bookworm/Dockerfile

Lines changed: 8 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -15,31 +15,17 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1515
i386) ARCH='x86';; \
1616
*) echo "unsupported architecture"; exit 1 ;; \
1717
esac \
18-
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
1918
&& export GNUPGHOME="$(mktemp -d)" \
20-
# gpg keys listed at https://github.com/nodejs/node#release-keys
21-
&& set -ex \
22-
&& for key in \
23-
5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
24-
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
25-
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
26-
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
27-
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
28-
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
29-
108F52B48DB57BB0CC439B2997B01419BD92F80A \
30-
A363A499291CBBC940DD62E41F10027AF002F8B0 \
31-
; do \
32-
{ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \
33-
{ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \
34-
done \
35-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
36-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
37-
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
38-
&& gpgconf --kill all \
19+
&& set -exo pipefail \
20+
&& (cd "$GNUPGHOME" && curl -fsSLO --compressed "https://raw.githubusercontent.com/nodejs/release-keys/b362bd15f2ac7ce350d7563fc03e0c625e455e5f/gpg-only-active-keys/pubring.kbx" && echo "6676a927d6261a7ab6bb4ddc69614823567426bb9ac77aee484cfb5d66f4a148 pubring.kbx" | sha256sum -c) \
21+
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
22+
&& curl -fsSL --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
23+
| gpgv --keyring="$GNUPGHOME/pubring.kbx" --output - \
24+
| grep " node-v$NODE_VERSION.tar.xz\$"
25+
| sha256sum -c - \
3926
&& rm -rf "$GNUPGHOME" \
40-
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4127
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
42-
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
28+
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
4329
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs \
4430
# smoke tests
4531
&& node --version \

20/bullseye-slim/Dockerfile

Lines changed: 9 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -17,32 +17,19 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1717
esac \
1818
&& set -ex \
1919
# libatomic1 for arm
20-
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
20+
&& apt-get update && apt-get install -y ca-certificates curl wget gpgv dirmngr xz-utils libatomic1 --no-install-recommends \
2121
&& rm -rf /var/lib/apt/lists/* \
22-
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
2322
&& export GNUPGHOME="$(mktemp -d)" \
24-
# gpg keys listed at https://github.com/nodejs/node#release-keys
25-
&& for key in \
26-
5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
27-
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
28-
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
29-
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
30-
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
31-
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
32-
108F52B48DB57BB0CC439B2997B01419BD92F80A \
33-
A363A499291CBBC940DD62E41F10027AF002F8B0 \
34-
; do \
35-
{ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \
36-
{ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \
37-
done \
38-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
39-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
40-
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
41-
&& gpgconf --kill all \
23+
&& set -exo pipefail \
24+
&& (cd "$GNUPGHOME" && curl -fsSLO --compressed "https://raw.githubusercontent.com/nodejs/release-keys/b362bd15f2ac7ce350d7563fc03e0c625e455e5f/gpg-only-active-keys/pubring.kbx" && echo "6676a927d6261a7ab6bb4ddc69614823567426bb9ac77aee484cfb5d66f4a148 pubring.kbx" | sha256sum -c) \
25+
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
26+
&& curl -fsSL --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
27+
| gpgv --keyring="$GNUPGHOME/pubring.kbx" --output - \
28+
| grep " node-v$NODE_VERSION.tar.xz\$"
29+
| sha256sum -c - \
4230
&& rm -rf "$GNUPGHOME" \
43-
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4431
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
45-
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
32+
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
4633
# Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451
4734
&& find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \
4835
&& apt-mark auto '.*' > /dev/null \

20/bullseye/Dockerfile

Lines changed: 8 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -15,31 +15,17 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1515
i386) ARCH='x86';; \
1616
*) echo "unsupported architecture"; exit 1 ;; \
1717
esac \
18-
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
1918
&& export GNUPGHOME="$(mktemp -d)" \
20-
# gpg keys listed at https://github.com/nodejs/node#release-keys
21-
&& set -ex \
22-
&& for key in \
23-
5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
24-
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
25-
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
26-
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
27-
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
28-
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
29-
108F52B48DB57BB0CC439B2997B01419BD92F80A \
30-
A363A499291CBBC940DD62E41F10027AF002F8B0 \
31-
; do \
32-
{ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \
33-
{ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \
34-
done \
35-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
36-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
37-
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
38-
&& gpgconf --kill all \
19+
&& set -exo pipefail \
20+
&& (cd "$GNUPGHOME" && curl -fsSLO --compressed "https://raw.githubusercontent.com/nodejs/release-keys/b362bd15f2ac7ce350d7563fc03e0c625e455e5f/gpg-only-active-keys/pubring.kbx" && echo "6676a927d6261a7ab6bb4ddc69614823567426bb9ac77aee484cfb5d66f4a148 pubring.kbx" | sha256sum -c) \
21+
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
22+
&& curl -fsSL --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
23+
| gpgv --keyring="$GNUPGHOME/pubring.kbx" --output - \
24+
| grep " node-v$NODE_VERSION.tar.xz\$"
25+
| sha256sum -c - \
3926
&& rm -rf "$GNUPGHOME" \
40-
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4127
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
42-
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
28+
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
4329
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs \
4430
# smoke tests
4531
&& node --version \

20/trixie-slim/Dockerfile

Lines changed: 9 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -17,32 +17,19 @@ RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \
1717
esac \
1818
&& set -ex \
1919
# libatomic1 for arm
20-
&& apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \
20+
&& apt-get update && apt-get install -y ca-certificates curl wget gpgv dirmngr xz-utils libatomic1 --no-install-recommends \
2121
&& rm -rf /var/lib/apt/lists/* \
22-
# use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
2322
&& export GNUPGHOME="$(mktemp -d)" \
24-
# gpg keys listed at https://github.com/nodejs/node#release-keys
25-
&& for key in \
26-
5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
27-
DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
28-
CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
29-
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
30-
890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
31-
C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
32-
108F52B48DB57BB0CC439B2997B01419BD92F80A \
33-
A363A499291CBBC940DD62E41F10027AF002F8B0 \
34-
; do \
35-
{ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \
36-
{ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \
37-
done \
38-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
39-
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
40-
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
41-
&& gpgconf --kill all \
23+
&& set -exo pipefail \
24+
&& (cd "$GNUPGHOME" && curl -fsSLO --compressed "https://raw.githubusercontent.com/nodejs/release-keys/b362bd15f2ac7ce350d7563fc03e0c625e455e5f/gpg-only-active-keys/pubring.kbx" && echo "6676a927d6261a7ab6bb4ddc69614823567426bb9ac77aee484cfb5d66f4a148 pubring.kbx" | sha256sum -c) \
25+
&& curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
26+
&& curl -fsSL --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
27+
| gpgv --keyring="$GNUPGHOME/pubring.kbx" --output - \
28+
| grep " node-v$NODE_VERSION.tar.xz\$"
29+
| sha256sum -c - \
4230
&& rm -rf "$GNUPGHOME" \
43-
&& grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
4431
&& tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
45-
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
32+
&& rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
4633
# Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451
4734
&& find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \
4835
&& apt-mark auto '.*' > /dev/null \

0 commit comments

Comments
 (0)