From 503f526328ed3f7475ddc59eefabe18a8095bf9f Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Wed, 1 Aug 2018 15:55:40 +0200
Subject: [PATCH] adding signature check for PrivateBin archive

---
 privatebin/Dockerfile | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/privatebin/Dockerfile b/privatebin/Dockerfile
index 9d20833..0f43318 100644
--- a/privatebin/Dockerfile
+++ b/privatebin/Dockerfile
@@ -10,13 +10,19 @@ ENV GID=991 UID=991 \
     PHP_MIN_SPARE_SERVERS=1 \
     PHP_MAX_SPARE_SERVERS=6
 
-RUN BUILD_DEPS="tar libressl ca-certificates" \
+RUN BUILD_DEPS="tar gnupg" \
  && apk -U upgrade && apk add $BUILD_DEPS \
  && mkdir privatebin && cd privatebin \
- && wget -qO- https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VER}.tar.gz | tar xz --strip 1 \
+ && export GNUPGHOME="$(mktemp -d)" \
+ && gpg2 --list-public-keys || /bin/true \
+ && wget -qO- https://privatebin.info/key/security.asc | gpg2 --import - \
+ && wget -qO /privatebin.tar.gz.asc https://github.com/PrivateBin/PrivateBin/releases/download/${PRIVATEBIN_VER}/PrivateBin-${PRIVATEBIN_VER}.tar.gz.asc \
+ && wget -qO /privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VER}.tar.gz \
+ && gpg2 --verify /privatebin.tar.gz.asc \
+ && tar -xzf /privatebin.tar.gz --strip 1 \
  && mv cfg/conf.sample.php cfg/conf.php \
  && apk del $BUILD_DEPS \
- && rm -f /var/cache/apk/*
+ && rm -rf /var/cache/apk/* /privatebin.tar.gz* "${GNUPGHOME}"
 
 COPY rootfs /