Merge pull request #426 from paritytech/wk-parity-keyring-image

chevdor · web-flow · commit 48197a67837e · 2022-06-01T16:58:28.000+02:00
New `parity-keyring` image
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 .*.swp
+.env
diff --git a/dockerfiles/gnupg/Dockerfile b/dockerfiles/gnupg/Dockerfile
@@ -6,6 +6,8 @@ FROM docker.io/library/ubuntu:latest
 ARG GPG_KEYID=9D4B2B6EB8F97156D19669A9FF0812D491B96798
 ARG VCS_REF=master
 ARG BUILD_DATE=""
+ARG UID=1000
+ARG GID=1000
 
 # metadata
 LABEL summary="Base image for GnuPG operations" \
@@ -22,8 +24,8 @@ LABEL summary="Base image for GnuPG operations" \
 RUN apt-get update && apt-get install -yq --no-install-recommends bash ca-certificates curl gnupg
 
 RUN set -x \
-    && groupadd -g 1000 nonroot \
-    && useradd -u 1000 -g 1000 -s /bin/bash -m nonroot
+    && groupadd -g $GID nonroot \
+    && useradd -u $UID -g $GID -s /bin/bash -m nonroot
 
 USER nonroot:nonroot
 
diff --git a/dockerfiles/parity-keyring/Dockerfile b/dockerfiles/parity-keyring/Dockerfile
@@ -0,0 +1,36 @@
+ARG REGISTRY_PATH=docker.io/paritytech
+
+FROM docker.io/paritytech/gnupg:latest
+
+# 'Parity Security Team <security@parity.io>'
+ARG KEY_ID=9D4B2B6EB8F97156D19669A9FF0812D491B96798
+ARG KEY_SERVER=hkps://keys.mailvelope.com
+ARG VCS_REF=master
+ARG BUILD_DATE=""
+
+# metadata
+LABEL summary="Base image with Parity-Keyring" \
+	name="${REGISTRY_PATH}/parity-keyring" \
+	maintainer="devops-team@parity.io" \
+	version="1.0" \
+	description="Parity Keyring base container" \
+	io.parity.image.vendor="Parity Technologies" \
+	io.parity.image.source="https://github.com/paritytech/scripts/blob/${VCS_REF}/dockerfiles/parity-keyring/Dockerfile" \
+	io.parity.image.documentation="https://github.com/paritytech/scripts/blob/${VCS_REF}/dockerfiles/parity-keyring/README.md" \
+	io.parity.image.revision="${VCS_REF}" \
+	io.parity.image.created="${BUILD_DATE}"
+
+USER root
+
+RUN gpg --recv-keys --keyserver $KEY_SERVER $KEY_ID && \
+	gpg --export $KEY_ID > /usr/share/keyrings/parity.gpg && \
+	echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list && \
+	apt update && \
+	apt install parity-keyring
+
+USER nonroot:nonroot
+
+RUN gpg /usr/share/keyrings/parity.gpg | grep -v expired
+
+WORKDIR /home/nonroot
+CMD ["/bin/bash"]
diff --git a/dockerfiles/parity-keyring/README.md b/dockerfiles/parity-keyring/README.md
@@ -0,0 +1,11 @@
+# parity-keyring
+
+A base Docker image based on [our gnupg image](https://hub.docker.com/repository/docker/paritytech/gnupg) and coming pre-installed with the parity keyring.
+
+[Click here](https://hub.docker.com/repository/docker/paritytech/parity-keyring) for the registry.
+
+## Usage
+
+```
+docker run --rm -it docker.io/paritytech/parity-keyring gpg --list-keys $KEY_ID
+```
