mirror of
https://github.com/jessfraz/dockerfiles.git
synced 2025-04-13 15:42:46 +02:00
Follow Dockerfile best practice by verifying file download against GPG signature. (#485)
This commit is contained in:
Michael Lescisin
Jess Frazelle
parent
7ed006e246
commit
f2889f0383
@ -22,7 +22,11 @@ RUN set -x \
|
|||||||
nghttp2-dev \
|
nghttp2-dev \
|
||||||
openssl-dev \
|
openssl-dev \
|
||||||
perl \
|
perl \
|
||||||
|
gnupg \
|
||||||
&& wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2 \
|
&& wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2 \
|
||||||
|
&& wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2.asc \
|
||||||
|
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
|
||||||
|
&& gpg --verify curl-$CURL_VERSION.tar.bz2.asc \
|
||||||
&& tar xjvf curl-$CURL_VERSION.tar.bz2 \
|
&& tar xjvf curl-$CURL_VERSION.tar.bz2 \
|
||||||
&& rm curl-$CURL_VERSION.tar.bz2 \
|
&& rm curl-$CURL_VERSION.tar.bz2 \
|
||||||
&& ( \
|
&& ( \
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user