Skip to content

Commit d427a82

Browse files
committed
chore: use release-keys keyring for gpg fingerprints
1 parent 7cf6ba5 commit d427a82

3 files changed

Lines changed: 6 additions & 12 deletions

File tree

keys/node.keys

Lines changed: 0 additions & 8 deletions
This file was deleted.

update-keys.sh

Lines changed: 0 additions & 3 deletions
This file was deleted.

update.sh

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,11 @@ fi
6363
# TODO: Should be able to specify target architecture manually
6464
arch=$(get_arch)
6565

66+
# Grab and parse fingerprints for the Node.js Releasers
67+
curl -fsSLO --compressed "https://github.com/nodejs/release-keys/raw/refs/heads/main/gpg-only-active-keys/pubring.kbx"
68+
NODEJS_KEYS=$(gpg --no-default-keyring --keyring "./pubring.kbx" --keyid-format long --with-colons --fingerprint | awk -F: '/^pub:.*/ { getline; print $10}')
69+
rm ./pubring.kbx
70+
6671
function in_versions_to_update() {
6772
local version=$1
6873

@@ -136,7 +141,7 @@ function update_node_version() {
136141
while read -r line; do
137142
pattern='"\$\{'$(echo "node" | tr '[:lower:]' '[:upper:]')'_KEYS\[@\]\}"'
138143
sed -Ei -e "s/([ \\t]*)(${pattern})/\\1${line}${new_line}\\1\\2/" "${dockerfile}-tmp"
139-
done < "keys/node.keys"
144+
done <<< "$NODEJS_KEYS"
140145
sed -Ei -e "/${pattern}/d" "${dockerfile}-tmp"
141146

142147
if is_alpine "${variant}"; then

0 commit comments

Comments
 (0)