portage.Dockerfile: use HEREDOC syntax for RUN command

HEREDOC syntax is supported in docker https://docs.docker.com/reference/dockerfile/#here-documents Why: 1) better readability 2) ability to add comments 3) can use HEREDOC in RUN command itself (i.e. configuring ~/.gnupg/dirmngr.conf) What else changed: 1) added fallback method to retrieve gpg keys using wkd Signed-off-by: Rahil Bhimjiani <me@rahil.rocks> Closes: #139 Signed-off-by: John Helmert III <ajak@gentoo.org>
gentoo · Mar 3, 2024 · ee2fbe2 · ee2fbe2
1 parent b34b405
commit ee2fbe2
Showing 1 changed file with 27 additions and 12 deletions.
diff --git a/portage.Dockerfile b/portage.Dockerfile
@@ -1,3 +1,7 @@
+# syntax=docker/dockerfile:1
+
+# FIRST LINE IS VERY IMPORTANT. DO NOT MODIFY
+
 # This Dockerfile creates a portage snapshot that can be mounted as a
 # container volume. It utilizes a multi-stage build and requires
 # docker-17.05.0 or later. It fetches a daily snapshot from the official
@@ -11,18 +15,29 @@ ARG SNAPSHOT="portage-latest.tar.xz"
 ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots"
 ARG SIGNING_KEY="0xEC590EEAC9189250"
 
-RUN apk add --no-cache ca-certificates gnupg tar wget xz \
- && wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \
- && gpg --list-keys \
- && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
- && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
- && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \
- && gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \
- && md5sum -c ${SNAPSHOT}.md5sum \
- && mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \
- && tar xJpf ${SNAPSHOT} -C var/db/repos \
- && mv var/db/repos/portage var/db/repos/gentoo \
- && rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum
+RUN <<-EOF
+    set -e
+
+    apk add --no-cache ca-certificates gnupg tar wget xz
+    wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum"
+
+    # setup GPG
+    gpg --list-keys
+    # make sure to have <tab> in following heredoc
+    # https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_07_04
+    cat <<-GPG >> ~/.gnupg/dirmngr.conf
+	honor-http-proxy
+	disable-ipv6
+	GPG
+    gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} || \
+    	gpg --auto-key-locate=clear,nodefault,wkd --locate-key infrastructure@gentoo.org
+    gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}"
+    md5sum -c ${SNAPSHOT}.md5sum
+    mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles
+    tar xJpf ${SNAPSHOT} -C var/db/repos
+    mv var/db/repos/portage var/db/repos/gentoo
+    rm ${SNAPSHOT} ${SNAPSHOT}.gpgsig ${SNAPSHOT}.md5sum
+EOF
 
 FROM busybox:latest