Skip to content
This repository was archived by the owner on Jan 22, 2025. It is now read-only.

Commit 79a7d86

Browse files
ddworkenddworken
authored
Merge pull request #55 from keybase/david/docker-build-verify-pgp
Verify pgp signatures on the downloaded deb file
2 parents a08fe36 + 2c57a86 commit 79a7d86

File tree

2 files changed

+22
-4
lines changed

2 files changed

+22
-4
lines changed

docker/Dockerfile-ca

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,24 @@
22
# between this file and Dockerfile-kssh.
33
FROM ubuntu:18.04
44

5+
# Dependencies
56
RUN apt-get -qq update
6-
RUN apt-get -qq install curl software-properties-common -y
7+
RUN apt-get -qq install curl software-properties-common ca-certificates gnupg -y
78
RUN useradd -ms /bin/bash keybase
89
USER keybase
910
WORKDIR /home/keybase
11+
12+
# Download and verify the deb
13+
# Key fingerprint from https://keybase.io/docs/server_security/our_code_signing_key
1014
RUN curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
11-
USER root
15+
RUN curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb.sig
16+
RUN gpg --keyserver pgp.mit.edu --recv-keys "222B85B0F90BE2D24CFEB93F47484E50656D16C7" || \
17+
gpg --keyserver keyserver.pgp.com --recv-keys "222B85B0F90BE2D24CFEB93F47484E50656D16C7" || \
18+
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "222B85B0F90BE2D24CFEB93F47484E50656D16C7"
19+
RUN gpg --verify keybase_amd64.deb.sig keybase_amd64.deb
1220

1321
# Silence the error from dpkg about failing to configure keybase since `apt-get install -f` fixes it
22+
USER root
1423
RUN dpkg -i keybase_amd64.deb || true
1524
RUN apt-get install -fy
1625
USER keybase

tests/Dockerfile-kssh

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,24 @@
22
# between this file and Dockerfile-ca.
33
FROM ubuntu:18.04
44

5+
# Dependencies
56
RUN apt-get -qq update
6-
RUN apt-get -qq install curl software-properties-common -y
7+
RUN apt-get -qq install curl software-properties-common ca-certificates gnupg -y
78
RUN useradd -ms /bin/bash keybase
89
USER keybase
910
WORKDIR /home/keybase
11+
12+
# Download and verify the deb
13+
# Key fingerprint from https://keybase.io/docs/server_security/our_code_signing_key
1014
RUN curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
11-
USER root
15+
RUN curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb.sig
16+
RUN gpg --keyserver pgp.mit.edu --recv-keys "222B85B0F90BE2D24CFEB93F47484E50656D16C7" || \
17+
gpg --keyserver keyserver.pgp.com --recv-keys "222B85B0F90BE2D24CFEB93F47484E50656D16C7" || \
18+
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "222B85B0F90BE2D24CFEB93F47484E50656D16C7"
19+
RUN gpg --verify keybase_amd64.deb.sig keybase_amd64.deb
1220

1321
# Silence the error from dpkg about failing to configure keybase since `apt-get install -f` fixes it
22+
USER root
1423
RUN dpkg -i keybase_amd64.deb || true
1524
RUN apt-get install -fy
1625
USER keybase

0 commit comments

Comments
 (0)