This repository was archived by the owner on Jan 22, 2025. It is now read-only.
File tree Expand file tree Collapse file tree 2 files changed +14
-26
lines changed
Expand file tree Collapse file tree 2 files changed +14
-26
lines changed Original file line number Diff line number Diff line change @@ -13,19 +13,13 @@ WORKDIR /home/keybase
1313# Key fingerprint from https://keybase.io/docs/server_security/our_code_signing_key
1414RUN curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
1515RUN curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb.sig
16- # GPG has no easy way of getting the ID associated with a key, so we do this :(
17- # This line will error if the fingerprint of the key in the file does not match
18- # Key fingerprint from https://keybase.io/docs/server_security/our_code_signing_key
19- # Note that we do it this way rather than via the key servers since pulling from the
20- # key servers caused a flakey build
21- RUN gpg --with-colons --fingerprint $( \
22- curl -sSL https://keybase.io/docs/server_security/code_signing_key.asc | \
23- gpg --import 2>&1 | \
24- grep -v created | \
25- head -n 1 | \
26- cut -d ' ' -f 3 | \
27- cut -d ':' -f 1 \
28- ) | grep fpr | cut -d ':' -f 10 | grep 222B85B0F90BE2D24CFEB93F47484E50656D16C7
16+ # Import our gpg key from our website. Pulling from key servers caused a flakey build so
17+ # we get the key from the Keybase website instead.
18+ RUN curl -sSL https://keybase.io/docs/server_security/code_signing_key.asc | gpg --import
19+ # This line will error if the fingerprint of the key in the file does not match the
20+ # known fingerprint of the our PGP key
21+ RUN gpg --fingerprint 222B85B0F90BE2D24CFEB93F47484E50656D16C7
22+ # And then verify the signature now that we have the key
2923RUN gpg --verify keybase_amd64.deb.sig keybase_amd64.deb
3024
3125# Silence the error from dpkg about failing to configure keybase since `apt-get install -f` fixes it
Original file line number Diff line number Diff line change @@ -12,19 +12,13 @@ WORKDIR /home/keybase
1212# Download and verify the deb
1313RUN curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
1414RUN curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb.sig
15- # GPG has no easy way of getting the ID associated with a key, so we do this :(
16- # This line will error if the fingerprint of the key in the file does not match
17- # Key fingerprint from https://keybase.io/docs/server_security/our_code_signing_key
18- # Note that we do it this way rather than via the key servers since pulling from the
19- # key servers caused a flakey build
20- RUN gpg --with-colons --fingerprint $( \
21- curl -sSL https://keybase.io/docs/server_security/code_signing_key.asc | \
22- gpg --import 2>&1 | \
23- grep -v created | \
24- head -n 1 | \
25- cut -d ' ' -f 3 | \
26- cut -d ':' -f 1 \
27- ) | grep fpr | cut -d ':' -f 10 | grep 222B85B0F90BE2D24CFEB93F47484E50656D16C7
15+ # Import our gpg key from our website. Pulling from key servers caused a flakey build so
16+ # we get the key from the Keybase website instead.
17+ RUN curl -sSL https://keybase.io/docs/server_security/code_signing_key.asc | gpg --import
18+ # This line will error if the fingerprint of the key in the file does not match the
19+ # known fingerprint of the our PGP key
20+ RUN gpg --fingerprint 222B85B0F90BE2D24CFEB93F47484E50656D16C7
21+ # And then verify the signature now that we have the key
2822RUN gpg --verify keybase_amd64.deb.sig keybase_amd64.deb
2923
3024# Silence the error from dpkg about failing to configure keybase since `apt-get install -f` fixes it
You can’t perform that action at this time.
0 commit comments