leplusorg/pgp-verify-jar

Sponsored OSS

By Leplus.org

Updated about 10 hours ago

Multi-platform Docker container to verify jars PGP signatures.

Image
Security
Integration & delivery
0

50K+

Dockerfile
FROM alpine:3.24.1@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b

HEALTHCHECK NONE

ARG USER_NAME=default
ARG USER_HOME=/home/default
ARG USER_ID=1000
ARG USER_GECOS=Default

SHELL ["/bin/ash", "-euo", "pipefail", "-c"]

RUN apk upgrade --no-cache \
    && apk add --no-cache \
    bash=5.3.9-r1 \
    curl=8.21.0-r0 \
    git=2.54.0-r0 \
    gnupg=2.4.9-r1 \
    && apk cache --no-cache clean \
    && rm -rf /var/cache/apk/*
    
# create gpg directory to prevent keyboxd to automagically start, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
RUN mkdir -m 700 /root/.gnupg \
    && gpg --list-keys \
    && gpgconf --kill all

RUN mkdir -m 777 /tmp/pgp-verify-jar

COPY pgp-verify-jar.sh /opt/pgp-verify-jar.sh

RUN chmod ugo+rx /opt/pgp-verify-jar.sh

RUN adduser \
  --home "${USER_HOME}" \
  --uid "${USER_ID}" \
  --gecos "${USER_GECOS}" \
  --disabled-password \
  "${USER_NAME}"

USER "${USER_NAME}"

ENV HOME="${USER_HOME}"

WORKDIR "${HOME}"

ENTRYPOINT ["/opt/pgp-verify-jar.sh"]

CMD []