Skip to content

Commit

Permalink
Upgrade security of Dockerfile
Browse files Browse the repository at this point in the history 
* Use https to retrieve archive from Rakudo server
* Retrieve PGP signature from Rakudo server (https)
* Retrieve PGP public key over hkps and using full fingerprint
* Verify archive using signature (explicitly with gpg2)
  • Loading branch information
@jstuder-gh
jstuder-gh committed Aug 9, 2018
1 parent 048e15a commit 33cba95
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,22 @@ RUN buildDeps=' \
libencode-perl \
make \
' \
url="https://rakudo.org/downloads/star/rakudo-star-${rakudo_version}.tar.gz" \
keyserver='hkps.pool.sks-keyservers.net' \
keyfp='ECF8B611205B447E091246AF959E3D6197190DD5' \
tmpdir="$(mktemp -d)" \
&& set -x \
&& export GNUPGHOME="$tmpdir" \
&& apt-get update \
&& apt-get --yes install --no-install-recommends $buildDeps \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir ${tmpdir}/rakudo \
&& curl -fsSL http://rakudo.org/downloads/star/rakudo-star-${rakudo_version}.tar.gz -o ${tmpdir}/rakudo.tar.gz \
\
&& curl -fsSL ${url}.asc -o ${tmpdir}/rakudo.tar.gz.asc \
&& curl -fsSL $url -o ${tmpdir}/rakudo.tar.gz \
&& gpg2 --keyserver $keyserver --recv-keys $keyfp \
&& gpg2 --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \
\
&& tar xzf ${tmpdir}/rakudo.tar.gz --strip-components=1 -C ${tmpdir}/rakudo \
&& ( \
cd ${tmpdir}/rakudo \
Expand Down

0 comments on commit 33cba95

Please sign in to comment.