Merge branch 'checksums'

This commit is contained in:
Henrik Jonsson 2016-04-13 06:08:03 +02:00
commit c93fe88875
2 changed files with 6 additions and 6 deletions

View File

@ -1,6 +1,6 @@
FROM debian FROM debian
# TODO(hkjn): Use hkjn/arch as base. # TODO(hkjn): Use alpine as base.
MAINTAINER Henrik Jonsson <me@hkjn.me> MAINTAINER Henrik Jonsson <me@hkjn.me>
@ -9,7 +9,7 @@ ENV LANG C.UTF-8
ENV RELEASE_FILE tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz ENV RELEASE_FILE tor-browser-linux64-${TOR_VERSION}_ALL.tar.xz
ENV RELEASE_KEY 0x4E2C6E8793298290 ENV RELEASE_KEY 0x4E2C6E8793298290
ENV CHECKSUMS_FILE sha256sums-unsigned-build.txt ENV CHECKSUMS_FILE sha256sums-unsigned-build.txt
ENV CHECKSUMS_URL https://dist.torproject.org/torbrowser/${TOR_VERSION}/${CHECKSUMS_FILE}
ENV RELEASE_URL https://dist.torproject.org/torbrowser/${TOR_VERSION}/${RELEASE_FILE} ENV RELEASE_URL https://dist.torproject.org/torbrowser/${TOR_VERSION}/${RELEASE_FILE}
RUN apt-get update && \ RUN apt-get update && \
@ -29,14 +29,13 @@ RUN useradd --create-home --home-dir $HOME user && \
chown -R user:user $HOME chown -R user:user $HOME
WORKDIR /usr/local/bin WORKDIR /usr/local/bin
# TODO(hkjn): Actually check ${CHECKSUMS_FILE}.asc against release binary.
COPY $CHECKSUMS_FILE .
RUN gpg --keyserver pgp.mit.edu --recv-keys $RELEASE_KEY RUN gpg --keyserver pgp.mit.edu --recv-keys $RELEASE_KEY
RUN curl --fail -O -sSL ${RELEASE_URL} && \ RUN curl --fail -O -sSL ${RELEASE_URL} && \
curl --fail -O -sSL ${RELEASE_URL}.asc && \ curl --fail -O -sSL ${RELEASE_URL}.asc && \
curl --fail -O -sSL ${CHECKSUMS_URL} && \
curl --fail -O -sSL ${CHECKSUMS_URL}.asc && \
gpg --verify ${RELEASE_FILE}.asc && \ gpg --verify ${RELEASE_FILE}.asc && \
gpg --verify ${CHECKSUMS_FILE}.asc && \ sha256sum -c sha256sums-unsigned-build.txt && \
tar --strip-components=1 -vxJf ${RELEASE_FILE} && \ tar --strip-components=1 -vxJf ${RELEASE_FILE} && \
rm -v ${RELEASE_FILE}* rm -v ${RELEASE_FILE}*

View File

@ -0,0 +1 @@
f5224c78c3f0da2df4286a6e33a4afec3339a9d6848ff9b6480a42214b8bed8c tor-browser-linux64-6.0a4-hardened_ALL.tar.xz