docker: Copy GPG key from the build phase to reduce spurious failures

arr2036 · arr2036 · commit 6e7c5aff67f2 · 2026-03-05T18:08:44.000-08:00
diff --git a/scripts/docker/build/debian12/Dockerfile b/scripts/docker/build/debian12/Dockerfile
@@ -42,8 +42,11 @@ RUN git clean -fdxx \
 
 #
 #  Install build dependencies
+#  Debian sid fails if debian/control doesn't exist due to an issue
+#  in one of the included make files, so we create a blank file.
 #
 RUN if [ -e ./debian/control.in ]; then \
+        touch -t 202001010000 debian/control; \
         debian/rules debian/control; \
     fi; \
     echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control
@@ -61,20 +64,12 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 COPY --from=build /usr/local/src/repositories/*.deb /tmp/
 
-#
-#  We need curl to get the signing key
-#
-RUN apt-get update \
- && apt-get install -y curl \
- && apt-get clean \
- && rm -r /var/lib/apt/lists/*
-
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
-RUN install -d -o root -g root -m 0755 /etc/apt/keyrings \
- && curl -o /etc/apt/keyrings/packages.networkradius.com.asc "https://packages.inkbridgenetworks.com/pgp/packages%40networkradius.com" \
- && echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/debian/bookworm bookworm main" > /etc/apt/sources.list.d/networkradius-extras.list
+COPY --from=build /etc/apt/keyrings/packages.networkradius.com.asc /etc/apt/keyrings/packages.networkradius.com.asc
+RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/debian/bookworm bookworm main" > /etc/apt/sources.list.d/networkradius-extras.list
 
 ARG freerad_uid=101
 ARG freerad_gid=101
diff --git a/scripts/docker/build/debian13/Dockerfile b/scripts/docker/build/debian13/Dockerfile
@@ -42,8 +42,11 @@ RUN git clean -fdxx \
 
 #
 #  Install build dependencies
+#  Debian sid fails if debian/control doesn't exist due to an issue
+#  in one of the included make files, so we create a blank file.
 #
 RUN if [ -e ./debian/control.in ]; then \
+        touch -t 202001010000 debian/control; \
         debian/rules debian/control; \
     fi; \
     echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control
@@ -61,20 +64,12 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 COPY --from=build /usr/local/src/repositories/*.deb /tmp/
 
-#
-#  We need curl to get the signing key
-#
-RUN apt-get update \
- && apt-get install -y curl \
- && apt-get clean \
- && rm -r /var/lib/apt/lists/*
-
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
-RUN install -d -o root -g root -m 0755 /etc/apt/keyrings \
- && curl -o /etc/apt/keyrings/packages.networkradius.com.asc "https://packages.inkbridgenetworks.com/pgp/packages%40networkradius.com" \
- && echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/debian/trixie trixie main" > /etc/apt/sources.list.d/networkradius-extras.list
+COPY --from=build /etc/apt/keyrings/packages.networkradius.com.asc /etc/apt/keyrings/packages.networkradius.com.asc
+RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/debian/trixie trixie main" > /etc/apt/sources.list.d/networkradius-extras.list
 
 ARG freerad_uid=101
 ARG freerad_gid=101
diff --git a/scripts/docker/build/debiansid/Dockerfile b/scripts/docker/build/debiansid/Dockerfile
@@ -64,20 +64,12 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 COPY --from=build /usr/local/src/repositories/*.deb /tmp/
 
-#
-#  We need curl to get the signing key
-#
-RUN apt-get update \
- && apt-get install -y curl \
- && apt-get clean \
- && rm -r /var/lib/apt/lists/*
-
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
-RUN install -d -o root -g root -m 0755 /etc/apt/keyrings \
- && curl -o /etc/apt/keyrings/packages.networkradius.com.asc "https://packages.inkbridgenetworks.com/pgp/packages%40networkradius.com" \
- && echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/debian/sid sid main" > /etc/apt/sources.list.d/networkradius-extras.list
+COPY --from=build /etc/apt/keyrings/packages.networkradius.com.asc /etc/apt/keyrings/packages.networkradius.com.asc
+RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/debian/sid sid main" > /etc/apt/sources.list.d/networkradius-extras.list
 
 ARG freerad_uid=101
 ARG freerad_gid=101
diff --git a/scripts/docker/build/rocky10/Dockerfile b/scripts/docker/build/rocky10/Dockerfile
@@ -20,14 +20,15 @@ RUN dnf config-manager --set-enabled crb
 #
 #  Set up NetworkRADIUS extras repository
 #
+RUN curl -o /etc/pki/rpm-gpg/packages.networkradius.com.asc "https://packages.networkradius.com/pgp/packages%40networkradius.com"
 RUN echo $'[networkradius-extras]\n\
 name=NetworkRADIUS-extras-$releasever\n\
 baseurl=http://packages.networkradius.com/extras/rocky/$releasever/\n\
 enabled=1\n\
 gpgcheck=1\n\
-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\
+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\
 > /etc/yum.repos.d/networkradius-extras.repo
-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com
+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc
 
 #
 #  Create build directory
@@ -89,15 +90,17 @@ COPY --from=build /root/rpms /tmp/
 
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
+COPY --from=build /etc/pki/rpm-gpg/packages.networkradius.com.asc /etc/pki/rpm-gpg/packages.networkradius.com.asc
 RUN echo $'[networkradius-extras]\n\
 name=NetworkRADIUS-extras-$releasever\n\
 baseurl=http://packages.networkradius.com/extras/rocky/$releasever/\n\
 enabled=1\n\
 gpgcheck=1\n\
-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\
+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\
 > /etc/yum.repos.d/networkradius-extras.repo
-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com
+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc
 
 #
 #  Other requirements
diff --git a/scripts/docker/build/rocky9/Dockerfile b/scripts/docker/build/rocky9/Dockerfile
@@ -20,14 +20,15 @@ RUN dnf config-manager --set-enabled crb
 #
 #  Set up NetworkRADIUS extras repository
 #
+RUN curl -o /etc/pki/rpm-gpg/packages.networkradius.com.asc "https://packages.networkradius.com/pgp/packages%40networkradius.com"
 RUN echo $'[networkradius-extras]\n\
 name=NetworkRADIUS-extras-$releasever\n\
 baseurl=http://packages.networkradius.com/extras/rocky/$releasever/\n\
 enabled=1\n\
 gpgcheck=1\n\
-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\
+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\
 > /etc/yum.repos.d/networkradius-extras.repo
-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com
+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc
 
 #
 #  Create build directory
@@ -89,15 +90,17 @@ COPY --from=build /root/rpms /tmp/
 
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
+COPY --from=build /etc/pki/rpm-gpg/packages.networkradius.com.asc /etc/pki/rpm-gpg/packages.networkradius.com.asc
 RUN echo $'[networkradius-extras]\n\
 name=NetworkRADIUS-extras-$releasever\n\
 baseurl=http://packages.networkradius.com/extras/rocky/$releasever/\n\
 enabled=1\n\
 gpgcheck=1\n\
-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\
+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\
 > /etc/yum.repos.d/networkradius-extras.repo
-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com
+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc
 
 #
 #  Other requirements
diff --git a/scripts/docker/build/ubuntu22/Dockerfile b/scripts/docker/build/ubuntu22/Dockerfile
@@ -42,8 +42,11 @@ RUN git clean -fdxx \
 
 #
 #  Install build dependencies
+#  Debian sid fails if debian/control doesn't exist due to an issue
+#  in one of the included make files, so we create a blank file.
 #
 RUN if [ -e ./debian/control.in ]; then \
+        touch -t 202001010000 debian/control; \
         debian/rules debian/control; \
     fi; \
     echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control
@@ -61,20 +64,12 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 COPY --from=build /usr/local/src/repositories/*.deb /tmp/
 
-#
-#  We need curl to get the signing key
-#
-RUN apt-get update \
- && apt-get install -y curl \
- && apt-get clean \
- && rm -r /var/lib/apt/lists/*
-
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
-RUN install -d -o root -g root -m 0755 /etc/apt/keyrings \
- && curl -o /etc/apt/keyrings/packages.networkradius.com.asc "https://packages.inkbridgenetworks.com/pgp/packages%40networkradius.com" \
- && echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/ubuntu/jammy jammy main" > /etc/apt/sources.list.d/networkradius-extras.list
+COPY --from=build /etc/apt/keyrings/packages.networkradius.com.asc /etc/apt/keyrings/packages.networkradius.com.asc
+RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/ubuntu/jammy jammy main" > /etc/apt/sources.list.d/networkradius-extras.list
 
 ARG freerad_uid=101
 ARG freerad_gid=101
diff --git a/scripts/docker/build/ubuntu24/Dockerfile b/scripts/docker/build/ubuntu24/Dockerfile
@@ -42,8 +42,11 @@ RUN git clean -fdxx \
 
 #
 #  Install build dependencies
+#  Debian sid fails if debian/control doesn't exist due to an issue
+#  in one of the included make files, so we create a blank file.
 #
 RUN if [ -e ./debian/control.in ]; then \
+        touch -t 202001010000 debian/control; \
         debian/rules debian/control; \
     fi; \
     echo 'y' | mk-build-deps -irt'apt-get -yV' debian/control
@@ -61,20 +64,12 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 COPY --from=build /usr/local/src/repositories/*.deb /tmp/
 
-#
-#  We need curl to get the signing key
-#
-RUN apt-get update \
- && apt-get install -y curl \
- && apt-get clean \
- && rm -r /var/lib/apt/lists/*
-
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
-RUN install -d -o root -g root -m 0755 /etc/apt/keyrings \
- && curl -o /etc/apt/keyrings/packages.networkradius.com.asc "https://packages.inkbridgenetworks.com/pgp/packages%40networkradius.com" \
- && echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/ubuntu/noble noble main" > /etc/apt/sources.list.d/networkradius-extras.list
+COPY --from=build /etc/apt/keyrings/packages.networkradius.com.asc /etc/apt/keyrings/packages.networkradius.com.asc
+RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/ubuntu/noble noble main" > /etc/apt/sources.list.d/networkradius-extras.list
 
 ARG freerad_uid=101
 ARG freerad_gid=101
diff --git a/scripts/docker/m4/docker.deb.m4 b/scripts/docker/m4/docker.deb.m4
@@ -59,20 +59,12 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 COPY --from=build /usr/local/src/repositories/*.deb /tmp/
 
-#
-#  We need curl to get the signing key
-#
-RUN apt-get update \
- && apt-get install -y curl \
- && apt-get clean \
- && rm -r /var/lib/apt/lists/*
-
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
-RUN install -d -o root -g root -m 0755 /etc/apt/keyrings \
- && curl -o /etc/apt/keyrings/packages.networkradius.com.asc "https://packages.inkbridgenetworks.com/pgp/packages%40networkradius.com" \
- && echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/OS_NAME/OS_CODENAME OS_CODENAME main" > /etc/apt/sources.list.d/networkradius-extras.list
+COPY --from=build /etc/apt/keyrings/packages.networkradius.com.asc /etc/apt/keyrings/packages.networkradius.com.asc
+RUN echo "deb [signed-by=/etc/apt/keyrings/packages.networkradius.com.asc] http://packages.networkradius.com/extras/OS_NAME/OS_CODENAME OS_CODENAME main" > /etc/apt/sources.list.d/networkradius-extras.list
 
 ifelse(ifelse(
 	D_NAME, `debian10', no,
diff --git a/scripts/docker/m4/docker.rpm.m4 b/scripts/docker/m4/docker.rpm.m4
@@ -15,14 +15,15 @@ RUN dnf config-manager --set-enabled crb
 #
 #  Set up NetworkRADIUS extras repository
 #
+RUN curl -o /etc/pki/rpm-gpg/packages.networkradius.com.asc "https://packages.networkradius.com/pgp/packages%40networkradius.com"
 RUN echo $'[networkradius-extras]\n\
 name=NetworkRADIUS-extras-$releasever\n\
 baseurl=http://packages.networkradius.com/extras/OS_NAME/$releasever/\n\
 enabled=1\n\
 gpgcheck=1\n\
-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\
+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\
 > /etc/yum.repos.d/networkradius-extras.repo
-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com
+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc
 
 #
 #  Create build directory
@@ -84,15 +85,17 @@ COPY --from=build /root/rpms /tmp/
 
 #
 #  Set up NetworkRADIUS extras repository
+#  Reuse the signing key from the build stage instead of fetching it again
 #
+COPY --from=build /etc/pki/rpm-gpg/packages.networkradius.com.asc /etc/pki/rpm-gpg/packages.networkradius.com.asc
 RUN echo $'[networkradius-extras]\n\
 name=NetworkRADIUS-extras-$releasever\n\
 baseurl=http://packages.networkradius.com/extras/OS_NAME/$releasever/\n\
 enabled=1\n\
 gpgcheck=1\n\
-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\
+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\
 > /etc/yum.repos.d/networkradius-extras.repo
-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com
+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc
 
 #
 #  Other requirements

Original file line number	Diff line number	Diff line change
`@@ -20,14 +20,15 @@ RUN dnf config-manager --set-enabled crb`
`20`	`20`	`#`
`21`	`21`	`# Set up NetworkRADIUS extras repository`
`22`	`22`	`#`
	`23`	`+RUN curl -o /etc/pki/rpm-gpg/packages.networkradius.com.asc "https://packages.networkradius.com/pgp/packages%40networkradius.com"`
`23`	`24`	`RUN echo $'[networkradius-extras]\n\`
`24`	`25`	`name=NetworkRADIUS-extras-$releasever\n\`
`25`	`26`	`baseurl=http://packages.networkradius.com/extras/rocky/$releasever/\n\`
`26`	`27`	`enabled=1\n\`
`27`	`28`	`gpgcheck=1\n\`
`28`		`-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\`
	`29`	`+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\`
`29`	`30`	`> /etc/yum.repos.d/networkradius-extras.repo`
`30`		`-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com`
	`31`	`+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc`
`31`	`32`
`32`	`33`	`#`
`33`	`34`	`# Create build directory`
`@@ -89,15 +90,17 @@ COPY --from=build /root/rpms /tmp/`
`89`	`90`
`90`	`91`	`#`
`91`	`92`	`# Set up NetworkRADIUS extras repository`
	`93`	`+# Reuse the signing key from the build stage instead of fetching it again`
`92`	`94`	`#`
	`95`	`+COPY --from=build /etc/pki/rpm-gpg/packages.networkradius.com.asc /etc/pki/rpm-gpg/packages.networkradius.com.asc`
`93`	`96`	`RUN echo $'[networkradius-extras]\n\`
`94`	`97`	`name=NetworkRADIUS-extras-$releasever\n\`
`95`	`98`	`baseurl=http://packages.networkradius.com/extras/rocky/$releasever/\n\`
`96`	`99`	`enabled=1\n\`
`97`	`100`	`gpgcheck=1\n\`
`98`		`-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\`
	`101`	`+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\`
`99`	`102`	`> /etc/yum.repos.d/networkradius-extras.repo`
`100`		`-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com`
	`103`	`+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc`
`101`	`104`
`102`	`105`	`#`
`103`	`106`	`# Other requirements`
Original file line number	Diff line number	Diff line change
`@@ -15,14 +15,15 @@ RUN dnf config-manager --set-enabled crb`
`15`	`15`	`#`
`16`	`16`	`# Set up NetworkRADIUS extras repository`
`17`	`17`	`#`
	`18`	`+RUN curl -o /etc/pki/rpm-gpg/packages.networkradius.com.asc "https://packages.networkradius.com/pgp/packages%40networkradius.com"`
`18`	`19`	`RUN echo $'[networkradius-extras]\n\`
`19`	`20`	`name=NetworkRADIUS-extras-$releasever\n\`
`20`	`21`	`baseurl=http://packages.networkradius.com/extras/OS_NAME/$releasever/\n\`
`21`	`22`	`enabled=1\n\`
`22`	`23`	`gpgcheck=1\n\`
`23`		`-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\`
	`24`	`+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\`
`24`	`25`	`> /etc/yum.repos.d/networkradius-extras.repo`
`25`		`-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com`
	`26`	`+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc`
`26`	`27`
`27`	`28`	`#`
`28`	`29`	`# Create build directory`
`@@ -84,15 +85,17 @@ COPY --from=build /root/rpms /tmp/`
`84`	`85`
`85`	`86`	`#`
`86`	`87`	`# Set up NetworkRADIUS extras repository`
	`88`	`+# Reuse the signing key from the build stage instead of fetching it again`
`87`	`89`	`#`
	`90`	`+COPY --from=build /etc/pki/rpm-gpg/packages.networkradius.com.asc /etc/pki/rpm-gpg/packages.networkradius.com.asc`
`88`	`91`	`RUN echo $'[networkradius-extras]\n\`
`89`	`92`	`name=NetworkRADIUS-extras-$releasever\n\`
`90`	`93`	`baseurl=http://packages.networkradius.com/extras/OS_NAME/$releasever/\n\`
`91`	`94`	`enabled=1\n\`
`92`	`95`	`gpgcheck=1\n\`
`93`		`-gpgkey=https://packages.networkradius.com/pgp/packages@networkradius.com'\`
	`96`	`+gpgkey=file:///etc/pki/rpm-gpg/packages.networkradius.com.asc'\`
`94`	`97`	`> /etc/yum.repos.d/networkradius-extras.repo`
`95`		`-RUN rpm --import https://packages.networkradius.com/pgp/packages@networkradius.com`
	`98`	`+RUN rpm --import /etc/pki/rpm-gpg/packages.networkradius.com.asc`
`96`	`99`
`97`	`100`	`#`
`98`	`101`	`# Other requirements`