diff --git a/nextcloud/10.0/Dockerfile b/nextcloud/10.0/Dockerfile index 07e4726..351e00b 100644 --- a/nextcloud/10.0/Dockerfile +++ b/nextcloud/10.0/Dockerfile @@ -1,13 +1,14 @@ FROM alpine:3.4 MAINTAINER Wonderfall -ARG NEXTCLOUD_VERSION=10.0RC1 +ARG NEXTCLOUD_VERSION=10.0.0 +ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" ENV GID=991 UID=991 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ && echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ - && BUILD_DEPS="tar" \ + && BUILD_DEPS="gnupg tar" \ && apk -U add \ ${BUILD_DEPS} \ nginx \ @@ -45,10 +46,23 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a php7-apcu@testing \ php7-redis@testing \ && mkdir /nextcloud && cd /tmp \ - && wget -q https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2 \ - && tar xjf nextcloud-${NEXTCLOUD_VERSION}.tar.bz2 --strip 1 -C /nextcloud \ + && NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ + && wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \ + && wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha256 \ + && wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.asc \ + && wget -q https://nextcloud.com/nextcloud.asc \ + && echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \ + && CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \ + && if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \ + && gpg --import nextcloud.asc \ + && FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \ + | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ + && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ + && if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ + && echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \ + && tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \ && apk del ${BUILD_DEPS} \ - && rm -rf /var/cache/apk/* /tmp/* + && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg COPY nginx.conf /etc/nginx/nginx.conf COPY php-fpm.conf /etc/php7/php-fpm.conf @@ -65,6 +79,6 @@ VOLUME /data /config /apps2 EXPOSE 80 LABEL description="A server software for creating file hosting services" \ - nextcloud="Nextcloud 10.0 RC1" + nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" CMD ["/sbin/tini","--","run.sh"] diff --git a/nextcloud/README.md b/nextcloud/README.md index bfa5e30..000a204 100644 --- a/nextcloud/README.md +++ b/nextcloud/README.md @@ -16,9 +16,9 @@ #### Tags - **latest** : latest stable version. -- **9.0** : latest 9.0.x version. (stable) -- **10.0** : latest 10.0.x version (beta!) -- **test** : latest test version provided by Nextcloud (RC, Beta...) +- **10.0** : latest 10.0.x version (stable) +- **9.0** : latest 9.0.x version. (oldstable) +- **test** (if any) : latest test version provided by Nextcloud (RC, Beta...) - **daily** : latest code (daily build). #### Build-time variables @@ -87,8 +87,6 @@ Add the following lines to your `config.php` in order to enable apps persistence ), ``` -**Note :** The container must be restarted after any change to `/config/config.php`. - #### Update Pull a newer image, then recreate the container :