From b606ae998472df66e0c8e769ed070129edad12be Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 26 Feb 2016 17:15:38 -0800 Subject: [PATCH] Fix "gpg" usage to stop relying on deprecated and insecure behavior --- 4.0/Dockerfile | 33 +++++++++++++++++++-------------- 4.1/Dockerfile | 33 +++++++++++++++++++-------------- 4.2/Dockerfile | 33 +++++++++++++++++++-------------- 4.3/Dockerfile | 33 +++++++++++++++++++-------------- 4.4/Dockerfile | 29 +++++++++++++++++------------ 5 files changed, 93 insertions(+), 68 deletions(-) diff --git a/4.0/Dockerfile b/4.0/Dockerfile index 071b5e8..b3b1434 100644 --- a/4.0/Dockerfile +++ b/4.0/Dockerfile @@ -3,26 +3,31 @@ FROM debian:jessie # add our user and group first to make sure their IDs get assigned consistently RUN groupadd -r kibana && useradd -r -m -g kibana kibana -RUN apt-get update && apt-get install -y ca-certificates curl --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y \ + ca-certificates \ + wget \ + --no-install-recommends && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 -RUN arch="$(dpkg --print-architecture)" \ - && set -x \ - && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch" \ - && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch.asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu +ENV GOSU_VERSION 1.7 +RUN set -x \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true # grab tini for signal processing and zombie killing ENV TINI_VERSION v0.9.0 RUN set -x \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" -o /usr/local/bin/tini \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" -o /usr/local/bin/tini.asc \ + && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" \ + && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --verify /usr/local/bin/tini.asc \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ && tini -h @@ -31,8 +36,8 @@ ENV KIBANA_VERSION 4.0.3 ENV KIBANA_SHA1 75312e930466430167a7e01be3ae41aeaf01a26c RUN set -x \ - && curl -fSL "https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x64.tar.gz" -o kibana.tar.gz \ - && echo "${KIBANA_SHA1} kibana.tar.gz" | sha1sum -c - \ + && wget -O kibana.tar.gz "https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x64.tar.gz" \ + && echo "${KIBANA_SHA1} *kibana.tar.gz" | sha1sum -c - \ && mkdir -p /opt/kibana \ && tar -xz --strip-components=1 -C /opt/kibana -f kibana.tar.gz \ && chown -R kibana:kibana /opt/kibana \ diff --git a/4.1/Dockerfile b/4.1/Dockerfile index be2b8d0..12580b7 100644 --- a/4.1/Dockerfile +++ b/4.1/Dockerfile @@ -3,26 +3,31 @@ FROM debian:jessie # add our user and group first to make sure their IDs get assigned consistently RUN groupadd -r kibana && useradd -r -m -g kibana kibana -RUN apt-get update && apt-get install -y ca-certificates curl --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y \ + ca-certificates \ + wget \ + --no-install-recommends && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 -RUN arch="$(dpkg --print-architecture)" \ - && set -x \ - && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch" \ - && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch.asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu +ENV GOSU_VERSION 1.7 +RUN set -x \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true # grab tini for signal processing and zombie killing ENV TINI_VERSION v0.9.0 RUN set -x \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" -o /usr/local/bin/tini \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" -o /usr/local/bin/tini.asc \ + && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" \ + && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --verify /usr/local/bin/tini.asc \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ && tini -h @@ -31,8 +36,8 @@ ENV KIBANA_VERSION 4.1.5 ENV KIBANA_SHA1 7c1e597f69abd2c9c2b4de045350199d8b187a9a RUN set -x \ - && curl -fSL "https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x64.tar.gz" -o kibana.tar.gz \ - && echo "${KIBANA_SHA1} kibana.tar.gz" | sha1sum -c - \ + && wget -O kibana.tar.gz "https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x64.tar.gz" \ + && echo "${KIBANA_SHA1} *kibana.tar.gz" | sha1sum -c - \ && mkdir -p /opt/kibana \ && tar -xz --strip-components=1 -C /opt/kibana -f kibana.tar.gz \ && chown -R kibana:kibana /opt/kibana \ diff --git a/4.2/Dockerfile b/4.2/Dockerfile index e95f882..47f5472 100644 --- a/4.2/Dockerfile +++ b/4.2/Dockerfile @@ -3,26 +3,31 @@ FROM debian:jessie # add our user and group first to make sure their IDs get assigned consistently RUN groupadd -r kibana && useradd -r -m -g kibana kibana -RUN apt-get update && apt-get install -y ca-certificates curl --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y \ + ca-certificates \ + wget \ + --no-install-recommends && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 -RUN arch="$(dpkg --print-architecture)" \ - && set -x \ - && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch" \ - && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch.asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu +ENV GOSU_VERSION 1.7 +RUN set -x \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true # grab tini for signal processing and zombie killing ENV TINI_VERSION v0.9.0 RUN set -x \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" -o /usr/local/bin/tini \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" -o /usr/local/bin/tini.asc \ + && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" \ + && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --verify /usr/local/bin/tini.asc \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ && tini -h @@ -31,8 +36,8 @@ ENV KIBANA_VERSION 4.2.2 ENV KIBANA_SHA1 f0daf9cd0b949c0ec7a3be300ee876fba17d1570 RUN set -x \ - && curl -fSL "https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x64.tar.gz" -o kibana.tar.gz \ - && echo "${KIBANA_SHA1} kibana.tar.gz" | sha1sum -c - \ + && wget -O kibana.tar.gz "https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x64.tar.gz" \ + && echo "${KIBANA_SHA1} *kibana.tar.gz" | sha1sum -c - \ && mkdir -p /opt/kibana \ && tar -xz --strip-components=1 -C /opt/kibana -f kibana.tar.gz \ && chown -R kibana:kibana /opt/kibana \ diff --git a/4.3/Dockerfile b/4.3/Dockerfile index 14cdc1e..ae4f518 100644 --- a/4.3/Dockerfile +++ b/4.3/Dockerfile @@ -3,26 +3,31 @@ FROM debian:jessie # add our user and group first to make sure their IDs get assigned consistently RUN groupadd -r kibana && useradd -r -m -g kibana kibana -RUN apt-get update && apt-get install -y ca-certificates curl --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y \ + ca-certificates \ + wget \ + --no-install-recommends && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 -RUN arch="$(dpkg --print-architecture)" \ - && set -x \ - && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch" \ - && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch.asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu +ENV GOSU_VERSION 1.7 +RUN set -x \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true # grab tini for signal processing and zombie killing ENV TINI_VERSION v0.9.0 RUN set -x \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" -o /usr/local/bin/tini \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" -o /usr/local/bin/tini.asc \ + && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" \ + && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --verify /usr/local/bin/tini.asc \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ && tini -h @@ -31,8 +36,8 @@ ENV KIBANA_VERSION 4.3.2 ENV KIBANA_SHA1 7156fc24ccb8b6c07019dfcc4f7bdccdc97a4e10 RUN set -x \ - && curl -fSL "https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x64.tar.gz" -o kibana.tar.gz \ - && echo "${KIBANA_SHA1} kibana.tar.gz" | sha1sum -c - \ + && wget -O kibana.tar.gz "https://download.elastic.co/kibana/kibana/kibana-${KIBANA_VERSION}-linux-x64.tar.gz" \ + && echo "${KIBANA_SHA1} *kibana.tar.gz" | sha1sum -c - \ && mkdir -p /opt/kibana \ && tar -xz --strip-components=1 -C /opt/kibana -f kibana.tar.gz \ && chown -R kibana:kibana /opt/kibana \ diff --git a/4.4/Dockerfile b/4.4/Dockerfile index c49da64..e9b1583 100644 --- a/4.4/Dockerfile +++ b/4.4/Dockerfile @@ -3,26 +3,31 @@ FROM debian:jessie # add our user and group first to make sure their IDs get assigned consistently RUN groupadd -r kibana && useradd -r -m -g kibana kibana -RUN apt-get update && apt-get install -y ca-certificates curl --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y \ + ca-certificates \ + wget \ + --no-install-recommends && rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root -RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 -RUN arch="$(dpkg --print-architecture)" \ - && set -x \ - && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch" \ - && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.3/gosu-$arch.asc" \ - && gpg --verify /usr/local/bin/gosu.asc \ - && rm /usr/local/bin/gosu.asc \ - && chmod +x /usr/local/bin/gosu +ENV GOSU_VERSION 1.7 +RUN set -x \ + && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ + && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \ + && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \ + && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \ + && chmod +x /usr/local/bin/gosu \ + && gosu nobody true # grab tini for signal processing and zombie killing ENV TINI_VERSION v0.9.0 RUN set -x \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" -o /usr/local/bin/tini \ - && curl -fSL "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" -o /usr/local/bin/tini.asc \ + && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" \ + && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" \ && export GNUPGHOME="$(mktemp -d)" \ && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \ - && gpg --verify /usr/local/bin/tini.asc \ + && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \ && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \ && chmod +x /usr/local/bin/tini \ && tini -h