Use a long keyid for Onlyoffice's Debian repo

Short keyids are easy to spoof, making the GPG signature verification of packages ineffective against most attackers. See https://evil32.com/
This commit is contained in:
Valentin Lorentz 2018-03-31 08:36:10 +02:00 committed by GitHub
parent 8a02d9fbe4
commit c4f20cf8ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -6,7 +6,7 @@ ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=nonint
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
apt-get -y update && \
apt-get -yq install wget apt-transport-https curl locales && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CB2DE8E5 && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
locale-gen en_US.UTF-8 && \
curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
apt-get -y update && \