From c30f51f6d247ce804c9bda31b83eea4848cbb325 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Fri, 26 Feb 2021 17:01:39 +0200
Subject: [PATCH] Don't use apt-key, it's deprecated.

Inspired by
https://michael-prokop.at/blog/2021/02/16/how-to-properly-use-3rd-party-debian-repository-signing-keys-with-apt/
and https://wiki.debian.org/DebianRepository/UseThirdParty. Also use the
newer deb822 sources format.
---
 sogo/.dockerignore   |  1 +
 sogo/Dockerfile      | 23 +++++++++++++++++++----
 sogo/inverse.sources |  5 +++++
 3 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 sogo/inverse.sources

diff --git a/sogo/.dockerignore b/sogo/.dockerignore
index 72e8ffc..c42863b 100644
--- a/sogo/.dockerignore
+++ b/sogo/.dockerignore
@@ -1 +1,2 @@
 *
+!inverse.sources
diff --git a/sogo/Dockerfile b/sogo/Dockerfile
index e8b6852..e6f8e3a 100644
--- a/sogo/Dockerfile
+++ b/sogo/Dockerfile
@@ -1,14 +1,29 @@
+FROM registry.hub.docker.com/library/debian:buster-slim as repo-key
+# hadolint ignore=DL3008
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        gnupg \
+    && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+WORKDIR /gnupghome
+ENV GNUPGHOME /gnupghome
+RUN gpg --keyserver hkp://keys.gnupg.net --recv-key 0x810273C4 && \
+    gpg --output inverse.gpg --export-options=export-minimal --export 0x810273C4
+
 FROM registry.hub.docker.com/library/debian:buster-slim
 # hadolint ignore=DL3008
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         apt-transport-https \
         ca-certificates \
-        gnupg \
     && \
-    apt-key adv --keyserver hkp://keys.gnupg.net --recv-key 0x810273C4 && \
-    echo 'deb https://packages.inverse.ca/SOGo/nightly/5/debian/ buster buster' > /etc/apt/sources.list.d/sogo.list && \
-    apt-get update && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+COPY --from=repo-key /gnupghome/inverse.gpg /usr/share/keyrings/
+COPY inverse.sources /etc/apt/sources.list.d/
+# hadolint ignore=DL3008
+RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         sogo-activesync \
         sogo \
diff --git a/sogo/inverse.sources b/sogo/inverse.sources
new file mode 100644
index 0000000..dad1d56
--- /dev/null
+++ b/sogo/inverse.sources
@@ -0,0 +1,5 @@
+Types: deb
+URIs: https://packages.inverse.ca/SOGo/nightly/5/debian/
+Suites: buster
+Components: buster
+Signed-By: /usr/share/keyrings/inverse.gpg
-- 
GitLab