chore: fixup gnupg key fetching logic (chronograf)

Author: bnpfeife

chronograf/1.6/Dockerfile

@@ -1,14 +1,19 @@
 FROM debian:bullseye-slim
 
-RUN set -ex && \
-    mkdir ~/.gnupg; \
-    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
-    apt-get update && apt-get install -y gnupg ca-certificates dirmngr --no-install-recommends && \
-    rm -rf /var/lib/apt/lists/* && \
-    for key in \
-        05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+      ca-certificates \
+      curl \
+      dirmngr \
+      gnupg && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN for attempt in 1 2 3 ; \
     do \
-        gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
+      sleep 1 && \
+      gpg --yes --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys \
+        05CE15085FC09D18E99EFB22684A14CF2582E0C5 && \
+      break ; \
     done
 
 ENV CHRONOGRAF_VERSION 1.6.2
@@ -21,14 +26,11 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" && \
       *)     echo "Unsupported architecture: ${dpkgArch}"; exit 1;; \
     esac && \
     set -x && \
-    apt-get update && apt-get install -y ca-certificates curl --no-install-recommends && \
-    rm -rf /var/lib/apt/lists/* && \
     curl -SLO "https://dl.influxdata.com/chronograf/releases/chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb.asc" && \
     curl -SLO "https://dl.influxdata.com/chronograf/releases/chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb" && \
     gpg --batch --verify chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb.asc chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb && \
     dpkg -i chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb && \
-    rm -f chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb* && \
-    apt-get purge -y --auto-remove $buildDeps
+    rm -f chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb*
 
 COPY LICENSE /usr/share/chronograf/LICENSE
 COPY agpl-3.0.md /usr/share/chronograf/agpl-3.0.md

chronograf/1.6/alpine/Dockerfile

@@ -1,20 +1,21 @@
 FROM alpine:3.14
 
 RUN echo 'hosts: files dns' >> /etc/nsswitch.conf
-RUN apk add --no-cache ca-certificates && \
+RUN apk add --no-cache ca-certificates gnupg && \
     update-ca-certificates
 
+RUN for attempt in 1 2 3 ; \
+    do \
+      sleep 1 && \
+      gpg --yes --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys \
+        05CE15085FC09D18E99EFB22684A14CF2582E0C5 && \
+      break ; \
+    done
+
 ENV CHRONOGRAF_VERSION 1.6.2
 
 RUN set -ex && \
-    mkdir ~/.gnupg; \
-    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
-    apk add --no-cache --virtual .build-deps wget gnupg tar && \
-    for key in \
-        05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
-    do \
-        gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
-    done && \
+    apk add --no-cache --virtual .build-deps wget tar && \
     wget --no-verbose https://dl.influxdata.com/chronograf/releases/chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz.asc && \
     wget --no-verbose https://dl.influxdata.com/chronograf/releases/chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz && \
     gpg --batch --verify chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz.asc chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz && \
@@ -23,8 +24,7 @@ RUN set -ex && \
     rm -f /usr/src/chronograf-*/chronograf.conf && \
     chmod +x /usr/src/chronograf-*/* && \
     cp -a /usr/src/chronograf-*/* /usr/bin/ && \
-    gpgconf --kill all && \
-    rm -rf *.tar.gz* /usr/src /root/.gnupg && \
+    rm -rf *.tar.gz* /usr/src && \
     apk del .build-deps
 
 COPY LICENSE /usr/share/chronograf/LICENSE

chronograf/1.7/Dockerfile

@@ -1,14 +1,19 @@
 FROM debian:bullseye-slim
 
-RUN set -ex && \
-    mkdir ~/.gnupg; \
-    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
-    apt-get update && apt-get install -y gnupg dirmngr --no-install-recommends && \
-    rm -rf /var/lib/apt/lists/* && \
-    for key in \
-        05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+      ca-certificates \
+      curl \
+      dirmngr \
+      gnupg && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN for attempt in 1 2 3 ; \
     do \
-        gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
+      sleep 1 && \
+      gpg --yes --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys \
+        05CE15085FC09D18E99EFB22684A14CF2582E0C5 && \
+      break ; \
     done
 
 ENV CHRONOGRAF_VERSION 1.7.17
@@ -27,8 +32,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" && \
     curl -SLO "https://dl.influxdata.com/chronograf/releases/chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb" && \
     gpg --batch --verify chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb.asc chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb && \
     dpkg -i chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb && \
-    rm -f chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb* && \
-    apt-get purge -y --auto-remove $buildDeps
+    rm -f chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb*
 
 COPY LICENSE /usr/share/chronograf/LICENSE
 COPY agpl-3.0.md /usr/share/chronograf/agpl-3.0.md

chronograf/1.7/alpine/Dockerfile

@@ -1,20 +1,20 @@
 FROM alpine:3.14
 
 RUN echo 'hosts: files dns' >> /etc/nsswitch.conf
-RUN apk add --no-cache ca-certificates && \
+RUN apk add --no-cache ca-certificates gnupg && \
     update-ca-certificates
 
-ENV CHRONOGRAF_VERSION 1.7.17
+RUN for attempt in 1 2 3 ; \
+    do \
+      sleep 1 && \
+      gpg --yes --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys \
+        05CE15085FC09D18E99EFB22684A14CF2582E0C5 && \
+      break ; \
+    done
 
+ENV CHRONOGRAF_VERSION 1.7.17
 RUN set -ex && \
-    mkdir ~/.gnupg; \
-    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
-    apk add --no-cache --virtual .build-deps wget gnupg tar && \
-    for key in \
-        05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
-    do \
-        gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
-    done && \
+    apk add --no-cache --virtual .build-deps wget tar && \
     wget --no-verbose https://dl.influxdata.com/chronograf/releases/chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz.asc && \
     wget --no-verbose https://dl.influxdata.com/chronograf/releases/chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz && \
     gpg --batch --verify chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz.asc chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz && \
@@ -23,8 +23,7 @@ RUN set -ex && \
     rm -f /usr/src/chronograf-*/chronograf.conf && \
     chmod +x /usr/src/chronograf-*/* && \
     cp -a /usr/src/chronograf-*/* /usr/bin/ && \
-    gpgconf --kill all && \
-    rm -rf *.tar.gz* /usr/src /root/.gnupg && \
+    rm -rf *.tar.gz* /usr/src && \
     apk del .build-deps
 
 COPY LICENSE /usr/share/chronograf/LICENSE

chronograf/1.8/Dockerfile

@@ -1,14 +1,19 @@
 FROM debian:bullseye-slim
 
-RUN set -ex && \
-    mkdir ~/.gnupg; \
-    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
-    apt-get update && apt-get install -y gnupg ca-certificates dirmngr --no-install-recommends && \
-    rm -rf /var/lib/apt/lists/* && \
-    for key in \
-        05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+      ca-certificates \
+      curl \
+      dirmngr \
+      gnupg && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN for attempt in 1 2 3 ; \
     do \
-        gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
+      sleep 1 && \
+      gpg --yes --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys \
+        05CE15085FC09D18E99EFB22684A14CF2582E0C5 && \
+      break ; \
     done
 
 ENV CHRONOGRAF_VERSION 1.8.10
@@ -21,14 +26,11 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" && \
       *)     echo "Unsupported architecture: ${dpkgArch}"; exit 1;; \
     esac && \
     set -x && \
-    apt-get update && apt-get install -y ca-certificates curl --no-install-recommends && \
-    rm -rf /var/lib/apt/lists/* && \
     curl -SLO "https://dl.influxdata.com/chronograf/releases/chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb.asc" && \
     curl -SLO "https://dl.influxdata.com/chronograf/releases/chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb" && \
     gpg --batch --verify chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb.asc chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb && \
     dpkg -i chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb && \
-    rm -f chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb* && \
-    apt-get purge -y --auto-remove $buildDeps
+    rm -f chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb*
 
 COPY LICENSE /usr/share/chronograf/LICENSE
 COPY agpl-3.0.md /usr/share/chronograf/agpl-3.0.md

chronograf/1.8/alpine/Dockerfile

@@ -1,20 +1,21 @@
 FROM alpine:3.14
 
 RUN echo 'hosts: files dns' >> /etc/nsswitch.conf
-RUN apk add --no-cache ca-certificates && \
+RUN apk add --no-cache ca-certificates gnupg && \
     update-ca-certificates
 
+RUN for attempt in 1 2 3 ; \
+    do \
+      sleep 1 && \
+      gpg --yes --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys \
+        05CE15085FC09D18E99EFB22684A14CF2582E0C5 && \
+      break ; \
+    done
+
 ENV CHRONOGRAF_VERSION 1.8.10
 
 RUN set -ex && \
-    mkdir ~/.gnupg; \
-    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
-    apk add --no-cache --virtual .build-deps wget gnupg tar && \
-    for key in \
-        05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
-    do \
-        gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
-    done && \
+    apk add --no-cache --virtual .build-deps wget tar && \
     wget --no-verbose https://dl.influxdata.com/chronograf/releases/chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz.asc && \
     wget --no-verbose https://dl.influxdata.com/chronograf/releases/chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz && \
     gpg --batch --verify chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz.asc chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz && \
@@ -23,8 +24,7 @@ RUN set -ex && \
     rm -f /usr/src/chronograf-*/chronograf.conf && \
     chmod +x /usr/src/chronograf-*/* && \
     cp -a /usr/src/chronograf-*/* /usr/bin/ && \
-    gpgconf --kill all && \
-    rm -rf *.tar.gz* /usr/src /root/.gnupg && \
+    rm -rf *.tar.gz* /usr/src && \
     apk del .build-deps
 
 COPY LICENSE /usr/share/chronograf/LICENSE

chronograf/1.9/Dockerfile

@@ -1,14 +1,19 @@
 FROM debian:bullseye-slim
 
-RUN set -ex && \
-    mkdir ~/.gnupg; \
-    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
-    apt-get update && apt-get install -y gnupg ca-certificates dirmngr --no-install-recommends && \
-    rm -rf /var/lib/apt/lists/* && \
-    for key in \
-        05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y \
+      ca-certificates \
+      curl \
+      dirmngr \
+      gnupg && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN for attempt in 1 2 3 ; \
     do \
-        gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
+      sleep 1 && \
+      gpg --yes --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys \
+        05CE15085FC09D18E99EFB22684A14CF2582E0C5 && \
+      break ; \
     done
 
 ENV CHRONOGRAF_VERSION 1.9.4
@@ -21,14 +26,11 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" && \
       *)     echo "Unsupported architecture: ${dpkgArch}"; exit 1;; \
     esac && \
     set -x && \
-    apt-get update && apt-get install -y ca-certificates curl --no-install-recommends && \
-    rm -rf /var/lib/apt/lists/* && \
     curl -SLO "https://dl.influxdata.com/chronograf/releases/chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb.asc" && \
     curl -SLO "https://dl.influxdata.com/chronograf/releases/chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb" && \
     gpg --batch --verify chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb.asc chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb && \
     dpkg -i chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb && \
-    rm -f chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb* && \
-    apt-get purge -y --auto-remove $buildDeps
+    rm -f chronograf_${CHRONOGRAF_VERSION}_${ARCH}.deb*
 
 COPY LICENSE /usr/share/chronograf/LICENSE
 COPY agpl-3.0.md /usr/share/chronograf/agpl-3.0.md

chronograf/1.9/alpine/Dockerfile

@@ -1,20 +1,21 @@
 FROM alpine:3.14
 
 RUN echo 'hosts: files dns' >> /etc/nsswitch.conf
-RUN apk add --no-cache ca-certificates && \
+RUN apk add --no-cache ca-certificates gnupg && \
     update-ca-certificates
 
+RUN for attempt in 1 2 3 ; \
+    do \
+      sleep 1 && \
+      gpg --yes --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys \
+        05CE15085FC09D18E99EFB22684A14CF2582E0C5 && \
+      break ; \
+    done
+
 ENV CHRONOGRAF_VERSION 1.9.4
 
 RUN set -ex && \
-    mkdir ~/.gnupg; \
-    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
-    apk add --no-cache --virtual .build-deps wget gnupg tar && \
-    for key in \
-        05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
-    do \
-        gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
-    done && \
+    apk add --no-cache --virtual .build-deps wget tar && \
     wget --no-verbose https://dl.influxdata.com/chronograf/releases/chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz.asc && \
     wget --no-verbose https://dl.influxdata.com/chronograf/releases/chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz && \
     gpg --batch --verify chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz.asc chronograf-${CHRONOGRAF_VERSION}-static_linux_amd64.tar.gz && \
@@ -23,8 +24,7 @@ RUN set -ex && \
     rm -f /usr/src/chronograf-*/chronograf.conf && \
     chmod +x /usr/src/chronograf-*/* && \
     cp -a /usr/src/chronograf-*/* /usr/bin/ && \
-    gpgconf --kill all && \
-    rm -rf *.tar.gz* /usr/src /root/.gnupg && \
+    rm -rf *.tar.gz* /usr/src && \
     apk del .build-deps
 
 COPY LICENSE /usr/share/chronograf/LICENSE