Merge branch 'master' of github.com:jessfraz/dockerfiles

* 'master' of github.com:jessfraz/dockerfiles:
  Follow Dockerfile best practice by verifying file download against GPG signature. (#485)
This commit is contained in:
Jess Frazelle 2019-09-16 11:36:49 -07:00
commit 5664d34535
No known key found for this signature in database
GPG Key ID: C0B444E6A3EFD4C1

View File

@ -22,7 +22,11 @@ RUN set -x \
nghttp2-dev \
openssl-dev \
perl \
gnupg \
&& wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2 \
&& wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2.asc \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
&& gpg --verify curl-$CURL_VERSION.tar.bz2.asc \
&& tar xjvf curl-$CURL_VERSION.tar.bz2 \
&& rm curl-$CURL_VERSION.tar.bz2 \
&& ( \