From 4c64514dc0f1aa0aed906af3a9a135d684c7d49e Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 26 Feb 2016 17:07:10 -0800 Subject: [PATCH] Fix "gpg" usage to stop relying on deprecated and insecure behavior --- Dockerfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2e773d40..a793ff53 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,6 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends ca-certificates git \ && rm -rf /var/lib/apt/lists/* -# http://julialang.org/juliareleases.asc -# Julia (Binary signing key) -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 3673DF529D9049477F76B37566E3C7DC03D6E495 - ENV JULIA_PATH /usr/local/julia ENV JULIA_VERSION 0.4.3 @@ -15,7 +11,12 @@ RUN mkdir $JULIA_PATH \ && apt-get update && apt-get install -y curl \ && curl -sSL "https://julialang.s3.amazonaws.com/bin/linux/x64/${JULIA_VERSION%[.-]*}/julia-${JULIA_VERSION}-linux-x86_64.tar.gz" -o julia.tar.gz \ && curl -sSL "https://julialang.s3.amazonaws.com/bin/linux/x64/${JULIA_VERSION%[.-]*}/julia-${JULIA_VERSION}-linux-x86_64.tar.gz.asc" -o julia.tar.gz.asc \ - && gpg --verify julia.tar.gz.asc \ + && export GNUPGHOME="$(mktemp -d)" \ +# http://julialang.org/juliareleases.asc +# Julia (Binary signing key) + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 3673DF529D9049477F76B37566E3C7DC03D6E495 \ + && gpg --batch --verify julia.tar.gz.asc julia.tar.gz \ + && rm -r "$GNUPGHOME" julia.tar.gz.asc \ && tar -xzf julia.tar.gz -C $JULIA_PATH --strip-components 1 \ && rm -rf /var/lib/apt/lists/* julia.tar.gz*