From a5313cb6beeb715b84e262ca218f2607d3d24718 Mon Sep 17 00:00:00 2001 From: Shaun Date: Thu, 30 May 2024 18:43:34 +0100 Subject: [PATCH] Update debian build stages to use `gpg` over `sq` (#5664) --- build/Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index f5a52862e1..1a956030e8 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -155,13 +155,13 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode --mount=type=bind,from=nginx-files,src=debian-plus-12.sources,target=/etc/apt/sources.list.d/nginx-plus.sources \ apt-get update \ && apt-get upgrade -y \ - && apt-get install --no-install-recommends --no-install-suggests -y sq ca-certificates libcap2-bin libcurl4 \ + && apt-get install --no-install-recommends --no-install-suggests -y gpg ca-certificates libcap2-bin libcurl4 \ && groupadd --system --gid 101 nginx \ && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ - && sq dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg /tmp/nginx_signing.key \ + && gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg /tmp/nginx_signing.key \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check \ - && apt-get purge --auto-remove -y sq \ + && apt-get purge --auto-remove -y gpg \ && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && ldconfig \ && rm -rf /var/lib/apt/lists/* @@ -190,11 +190,11 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode fi \ && apt-get update \ && apt-get upgrade -y \ - && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates sq \ + && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gpg \ && groupadd --system --gid 101 nginx \ && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ - && sq dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg /tmp/nginx_signing.key \ - && sq dearmor -o /usr/share/keyrings/app-protect-archive-keyring.gpg /tmp/app-protect-security-updates.key \ + && gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg /tmp/nginx_signing.key \ + && gpg --dearmor -o /usr/share/keyrings/app-protect-archive-keyring.gpg /tmp/app-protect-security-updates.key \ && apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing nginx-plus-module-fips-check libcap2-bin libcurl4 \ ## end of duplicated code @@ -205,7 +205,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && if [ -z "${NAP_MODULES##*dos*}" ]; then \ apt-get install --no-install-recommends --no-install-suggests -y app-protect-dos; \ fi \ - && apt-get purge --auto-remove -y sq \ + && apt-get purge --auto-remove -y gpg \ ## the code below is duplicated from the debian-plus image because NAP doesn't support debian 12 && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && ldconfig \