Skip to content

Commit 03e8477

Browse files
jennifer-richardsjennifer-richards
authored
chore: drop apt-key + old pg utilities (#10029)
* chore: refactor to drop apt-key + consistency Updates postgres apt setup to use current recommendation + not use apt-key. Moves all installed keyrings to /etc/apt/keyrings instead of /usr/share/keyrings. Either is a reasonable place, but let's just use one. * chore: no duplicate key install, drop pg client 14 * chore: drop pgloader, too
1 parent 3afa3d0 commit 03e8477

File tree

3 files changed

+14
-23
lines changed

3 files changed

+14
-23
lines changed

docker/app.Dockerfile

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,7 @@ ARG USER_GID=$USER_UID
1010
COPY docker/scripts/app-setup-debian.sh /tmp/library-scripts/docker-setup-debian.sh
1111
RUN sed -i 's/\r$//' /tmp/library-scripts/docker-setup-debian.sh && chmod +x /tmp/library-scripts/docker-setup-debian.sh
1212

13-
# Add Postgresql Apt Repository to get 14
14-
RUN echo "deb http://apt.postgresql.org/pub/repos/apt $(. /etc/os-release && echo "$VERSION_CODENAME")-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
15-
RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
16-
1713
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
18-
&& apt-get install -y --no-install-recommends postgresql-client-14 pgloader \
1914
# Remove imagemagick due to https://security-tracker.debian.org/tracker/CVE-2019-10131
2015
&& apt-get purge -y imagemagick imagemagick-6-common \
2116
# Install common packages, non-root user

docker/base.Dockerfile

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,21 +11,22 @@ RUN apt-get update \
1111

1212
# Add Node.js Source
1313
RUN apt-get install -y --no-install-recommends ca-certificates curl gnupg \
14-
&& mkdir -p /etc/apt/keyrings\
15-
&& curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
16-
RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
17-
RUN echo "Package: nodejs" >> /etc/apt/preferences.d/preferences && \
18-
echo "Pin: origin deb.nodesource.com" >> /etc/apt/preferences.d/preferences && \
19-
echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/preferences
14+
&& mkdir -p /etc/apt/keyrings \
15+
&& curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
16+
&& echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
17+
RUN echo "Package: nodejs" >> /etc/apt/preferences.d/preferences \
18+
&& echo "Pin: origin deb.nodesource.com" >> /etc/apt/preferences.d/preferences \
19+
&& echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/preferences
2020

2121
# Add Docker Source
22-
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
23-
RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
24-
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
25-
26-
# Add PostgreSQL Source
27-
RUN echo "deb http://apt.postgresql.org/pub/repos/apt $(. /etc/os-release && echo "$VERSION_CODENAME")-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
28-
RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
22+
RUN mkdir -p /etc/apt/keyrings \
23+
&& curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker-archive-keyring.gpg \
24+
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list
25+
26+
# Add PostgreSQL Source
27+
RUN mkdir -p /etc/apt/keyrings \
28+
&& curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/apt.postgresql.org.gpg \
29+
&& echo "deb [signed-by=/etc/apt/keyrings/apt.postgresql.org.gpg] https://apt.postgresql.org/pub/repos/apt $(. /etc/os-release && echo "$VERSION_CODENAME")-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
2930

3031
# Install the packages we need
3132
RUN apt-get update --fix-missing && apt-get install -qy --no-install-recommends \

docker/celery.Dockerfile

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,7 @@ ARG USER_GID=$USER_UID
1010
COPY docker/scripts/app-setup-debian.sh /tmp/library-scripts/docker-setup-debian.sh
1111
RUN sed -i 's/\r$//' /tmp/library-scripts/docker-setup-debian.sh && chmod +x /tmp/library-scripts/docker-setup-debian.sh
1212

13-
# Add Postgresql Apt Repository to get 14
14-
RUN echo "deb http://apt.postgresql.org/pub/repos/apt $(. /etc/os-release && echo "$VERSION_CODENAME")-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
15-
RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
16-
1713
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
18-
&& apt-get install -y --no-install-recommends postgresql-client-14 pgloader \
1914
# Remove imagemagick due to https://security-tracker.debian.org/tracker/CVE-2019-10131
2015
&& apt-get purge -y imagemagick imagemagick-6-common \
2116
# Install common packages, non-root user

0 commit comments

Comments
 (0)