Skip to content

Commit 0fa62a8

Browse files
yosifkityosifkit
committed
Narrow postgres apt key package scope
1 parent a83005b commit 0fa62a8

File tree

10 files changed

+60
-50
lines changed

10 files changed

+60
-50
lines changed

10/bullseye/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

10/stretch/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

11/bullseye/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

11/stretch/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

12/bullseye/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

13/bullseye/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

14/bullseye/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

9.6/bullseye/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

9.6/stretch/Dockerfile

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Dockerfile-debian.template

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -75,11 +75,11 @@ RUN set -ex; \
7575
# uid PostgreSQL Debian Repository
7676
key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \
7777
export GNUPGHOME="$(mktemp -d)"; \
78+
mkdir -p /usr/local/share/keyrings/; \
7879
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
79-
gpg --batch --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \
80+
gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; \
8081
command -v gpgconf > /dev/null && gpgconf --kill all; \
81-
rm -rf "$GNUPGHOME"; \
82-
apt-key list
82+
rm -rf "$GNUPGHOME"
8383

8484
ENV PG_MAJOR {{ env.version }}
8585
ENV PATH $PATH:/usr/lib/postgresql/$PG_MAJOR/bin
@@ -92,16 +92,17 @@ RUN set -ex; \
9292
export PYTHONDONTWRITEBYTECODE=1; \
9393
\
9494
dpkgArch="$(dpkg --print-architecture)"; \
95+
aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR"; \
9596
case "$dpkgArch" in \
9697
{{ .[env.variant].arches | join(" | ") }}) \
9798
# arches officialy built by upstream
98-
echo "deb http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \
99+
echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \
99100
apt-get update; \
100101
;; \
101102
*) \
102103
# we're on an architecture upstream doesn't officially build for
103104
# let's build binaries from their published source packages
104-
echo "deb-src http://apt.postgresql.org/pub/repos/apt/ {{ env.variant }}-pgdg main $PG_MAJOR" > /etc/apt/sources.list.d/pgdg.list; \
105+
echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; \
105106
\
106107
{{ if env.variant == "stretch" and .major >= 11 then ( -}}
107108
# https://github.com/docker-library/postgres/issues/484 (clang-6.0 required, only available in stretch-backports)

0 commit comments

Comments
 (0)