Merge pull request docker-library#148 from infosiftr/fix-gpg

Fix "gpg" usage to stop relying on deprecated and insecure behavior

Author: yosifkit

5.5/Dockerfile

@@ -15,9 +15,6 @@ RUN apt-get update && apt-get install -y perl --no-install-recommends && rm -rf
 # mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory
 RUN apt-get update && apt-get install -y libaio1 pwgen && rm -rf /var/lib/apt/lists/*
 
-# gpg: key 5072E1F5: public key "MySQL Release Engineering <[email protected]>" imported
-RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5
-
 ENV MYSQL_MAJOR 5.5
 ENV MYSQL_VERSION 5.5.48
 
@@ -26,10 +23,14 @@ RUN apt-get update && apt-get install -y curl --no-install-recommends && rm -rf
 	&& curl -SL "http://dev.mysql.com/get/Downloads/MySQL-$MYSQL_MAJOR/mysql-$MYSQL_VERSION-linux2.6-x86_64.tar.gz" -o mysql.tar.gz \
 	&& curl -SL "http://mysql.he.net/Downloads/MySQL-$MYSQL_MAJOR/mysql-$MYSQL_VERSION-linux2.6-x86_64.tar.gz.asc" -o mysql.tar.gz.asc \
 	&& apt-get purge -y --auto-remove curl \
-	&& gpg --verify mysql.tar.gz.asc \
+	&& export GNUPGHOME="$(mktemp -d)" \
+# gpg: key 5072E1F5: public key "MySQL Release Engineering <[email protected]>" imported
+	&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5 \
+	&& gpg --batch --verify mysql.tar.gz.asc mysql.tar.gz \
+	&& rm -r "$GNUPGHOME" mysql.tar.gz.asc \
 	&& mkdir /usr/local/mysql \
 	&& tar -xzf mysql.tar.gz -C /usr/local/mysql --strip-components=1 \
-	&& rm mysql.tar.gz* \
+	&& rm mysql.tar.gz \
 	&& rm -rf /usr/local/mysql/mysql-test /usr/local/mysql/sql-bench \
 	&& rm -rf /usr/local/mysql/bin/*-debug /usr/local/mysql/bin/*_embedded \
 	&& find /usr/local/mysql -type f -name "*.a" -delete \