在 Alpine 容器中使用 PGP 验证 GDB
Using PGP to verify GDB in an Alpine container
我已经编译了来自 GNU.org、博客和其他 SO 帖子的信息,但是我缺少一个关键组件来正确验证我正在下载到我的容器中的 GDB 版本。
# Install GNU GDB
RUN ["/bin/ash","-c","\
mkdir gdb-build \
&& cd gdb-build \
&& wget https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz \
&& wget https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz.sig \
&& gpg --import https://ftp.gnu.org/gnu/gnu-keyring.gpg \
&& gpg --verify --keyring ./gnu-keyring.gpg gdb-8.1.tar.xz.sig \
&& tar -xvf gdb-8.1.tar.xz \
&& cd gdb-8.1 \
&& ./configure --prefix=/usr \
&& make \
&& make -C gdb install \
&& cd .. \
&& rm -rf gdb-build/ \
"]
输出如下所示:
...
2018-03-10 18:04:52 (5.92 MB/s) - 'gdb-8.1.tar.xz' saved [20095080/20095080]
--2018-03-10 18:04:52-- https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz.sig
Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b
Connecting to ftp.gnu.org|208.118.235.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 72 [application/pgp-signature]
Saving to: 'gdb-8.1.tar.xz.sig'
0K 100% 1.27M=0s
2018-03-10 18:04:52 (1.27 MB/s) - 'gdb-8.1.tar.xz.sig' saved [72/72]
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: can't open 'https://ftp.gnu.org/gnu/gnu-keyring.gpg': No such file or directory
gpg: Total number processed: 0
我错过了哪一步?如何正确配置 GnuPG 以访问密钥?
gpg 命令的正确语法是:
Syntax: gpg [options] [files]
Sign, check, encrypt or decrypt
Default operation depends on the input data
命令 gpg --import 需要文件,而不是 link,因此 gnu-keyring.gpg 应该在 gpg 命令之前下载。
Dockerfile的正确部分是:
RUN ["/bin/ash","-c","\
mkdir gdb-build \
&& cd gdb-build \
&& wget https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz \
&& wget https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz.sig \
&& wget https://ftp.gnu.org/gnu/gnu-keyring.gpg \
&& gpg --import ./gnu-keyring.gpg \
&& gpg --verify --keyring ./gnu-keyring.gpg gdb-8.1.tar.xz.sig \
&& tar -xvf gdb-8.1.tar.xz \
&& cd gdb-8.1 \
&& ./configure --prefix=/usr \
&& make \
&& make -C gdb install \
&& cd .. \
&& rm -rf gdb-build/ \
"]
我已经编译了来自 GNU.org、博客和其他 SO 帖子的信息,但是我缺少一个关键组件来正确验证我正在下载到我的容器中的 GDB 版本。
# Install GNU GDB
RUN ["/bin/ash","-c","\
mkdir gdb-build \
&& cd gdb-build \
&& wget https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz \
&& wget https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz.sig \
&& gpg --import https://ftp.gnu.org/gnu/gnu-keyring.gpg \
&& gpg --verify --keyring ./gnu-keyring.gpg gdb-8.1.tar.xz.sig \
&& tar -xvf gdb-8.1.tar.xz \
&& cd gdb-8.1 \
&& ./configure --prefix=/usr \
&& make \
&& make -C gdb install \
&& cd .. \
&& rm -rf gdb-build/ \
"]
输出如下所示:
...
2018-03-10 18:04:52 (5.92 MB/s) - 'gdb-8.1.tar.xz' saved [20095080/20095080]
--2018-03-10 18:04:52-- https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz.sig
Resolving ftp.gnu.org... 208.118.235.20, 2001:4830:134:3::b
Connecting to ftp.gnu.org|208.118.235.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 72 [application/pgp-signature]
Saving to: 'gdb-8.1.tar.xz.sig'
0K 100% 1.27M=0s
2018-03-10 18:04:52 (1.27 MB/s) - 'gdb-8.1.tar.xz.sig' saved [72/72]
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: can't open 'https://ftp.gnu.org/gnu/gnu-keyring.gpg': No such file or directory
gpg: Total number processed: 0
我错过了哪一步?如何正确配置 GnuPG 以访问密钥?
gpg 命令的正确语法是:
Syntax: gpg [options] [files]
Sign, check, encrypt or decrypt
Default operation depends on the input data
命令 gpg --import 需要文件,而不是 link,因此 gnu-keyring.gpg 应该在 gpg 命令之前下载。
Dockerfile的正确部分是:
RUN ["/bin/ash","-c","\
mkdir gdb-build \
&& cd gdb-build \
&& wget https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz \
&& wget https://ftp.gnu.org/gnu/gdb/gdb-8.1.tar.xz.sig \
&& wget https://ftp.gnu.org/gnu/gnu-keyring.gpg \
&& gpg --import ./gnu-keyring.gpg \
&& gpg --verify --keyring ./gnu-keyring.gpg gdb-8.1.tar.xz.sig \
&& tar -xvf gdb-8.1.tar.xz \
&& cd gdb-8.1 \
&& ./configure --prefix=/usr \
&& make \
&& make -C gdb install \
&& cd .. \
&& rm -rf gdb-build/ \
"]