From fd645d88914a864e702b088ecb4bfecf2bb11156 Mon Sep 17 00:00:00 2001 From: Joseph Ferguson Date: Thu, 5 Sep 2024 15:28:55 -0700 Subject: [PATCH] Update openssl pgp keys and versions > The current releases are signed by the OpenSSL key with fingerprint BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF. > > https://openssl-library.org/source/ --- 3.12/alpine/Dockerfile | 7 +++---- 3.12/ubuntu/Dockerfile | 7 +++---- 3.13/alpine/Dockerfile | 7 +++---- 3.13/ubuntu/Dockerfile | 7 +++---- 4.0-rc/alpine/Dockerfile | 7 +++---- 4.0-rc/ubuntu/Dockerfile | 7 +++---- Dockerfile-alpine.template | 38 +++++--------------------------------- Dockerfile-ubuntu.template | 38 +++++--------------------------------- versions.json | 12 ++++++------ 9 files changed, 34 insertions(+), 96 deletions(-) diff --git a/3.12/alpine/Dockerfile b/3.12/alpine/Dockerfile index f5987e29..f06f47a6 100644 --- a/3.12/alpine/Dockerfile +++ b/3.12/alpine/Dockerfile @@ -26,11 +26,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.12 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.12/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.1.6 -ENV OPENSSL_SOURCE_SHA256="5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7" -# https://www.openssl.org/community/otc.html +ENV OPENSSL_VERSION 3.1.7 +ENV OPENSSL_SOURCE_SHA256="053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c" # https://www.openssl.org/source/ -ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5" +ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF" ENV OTP_VERSION 25.3.2.13 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system diff --git a/3.12/ubuntu/Dockerfile b/3.12/ubuntu/Dockerfile index 0a8f3d0c..3d8da827 100644 --- a/3.12/ubuntu/Dockerfile +++ b/3.12/ubuntu/Dockerfile @@ -29,11 +29,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.12 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.12/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.1.6 -ENV OPENSSL_SOURCE_SHA256="5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7" -# https://www.openssl.org/community/otc.html +ENV OPENSSL_VERSION 3.1.7 +ENV OPENSSL_SOURCE_SHA256="053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c" # https://www.openssl.org/source/ -ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5" +ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF" ENV OTP_VERSION 25.3.2.13 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system diff --git a/3.13/alpine/Dockerfile b/3.13/alpine/Dockerfile index 51cd8f74..7d42707c 100644 --- a/3.13/alpine/Dockerfile +++ b/3.13/alpine/Dockerfile @@ -26,11 +26,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.13 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.13/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.1.6 -ENV OPENSSL_SOURCE_SHA256="5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7" -# https://www.openssl.org/community/otc.html +ENV OPENSSL_VERSION 3.1.7 +ENV OPENSSL_SOURCE_SHA256="053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c" # https://www.openssl.org/source/ -ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5" +ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF" ENV OTP_VERSION 26.2.5.2 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system diff --git a/3.13/ubuntu/Dockerfile b/3.13/ubuntu/Dockerfile index 96ffc273..38d46323 100644 --- a/3.13/ubuntu/Dockerfile +++ b/3.13/ubuntu/Dockerfile @@ -29,11 +29,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.13 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.13/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.1.6 -ENV OPENSSL_SOURCE_SHA256="5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7" -# https://www.openssl.org/community/otc.html +ENV OPENSSL_VERSION 3.1.7 +ENV OPENSSL_SOURCE_SHA256="053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c" # https://www.openssl.org/source/ -ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5" +ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF" ENV OTP_VERSION 26.2.5.2 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system diff --git a/4.0-rc/alpine/Dockerfile b/4.0-rc/alpine/Dockerfile index 94df19db..bf030e18 100644 --- a/4.0-rc/alpine/Dockerfile +++ b/4.0-rc/alpine/Dockerfile @@ -26,11 +26,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:4.0-rc --build-arg PGP_KEYSERVER=pgpkeys.eu 4.0-rc/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.3.1 -ENV OPENSSL_SOURCE_SHA256="777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e" -# https://www.openssl.org/community/otc.html +ENV OPENSSL_VERSION 3.3.2 +ENV OPENSSL_SOURCE_SHA256="2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281" # https://www.openssl.org/source/ -ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5" +ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF" ENV OTP_VERSION 26.2.5.2 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system diff --git a/4.0-rc/ubuntu/Dockerfile b/4.0-rc/ubuntu/Dockerfile index 025aa60b..3d3fdf86 100644 --- a/4.0-rc/ubuntu/Dockerfile +++ b/4.0-rc/ubuntu/Dockerfile @@ -29,11 +29,10 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com # run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:4.0-rc --build-arg PGP_KEYSERVER=pgpkeys.eu 4.0-rc/ubuntu # For context, see https://github.com/docker-library/official-images/issues/4252 -ENV OPENSSL_VERSION 3.3.1 -ENV OPENSSL_SOURCE_SHA256="777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e" -# https://www.openssl.org/community/otc.html +ENV OPENSSL_VERSION 3.3.2 +ENV OPENSSL_SOURCE_SHA256="2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281" # https://www.openssl.org/source/ -ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0xB7C1C14360F353A36862E4D5231C84CDDCC69C45 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x95A9908DDFA16830BE9FB9003D30A3A9FF1360DC 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xA21FAB74B0088AA361152586B8EF1A6BA9DA2D5C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D 0xEFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5" +ENV OPENSSL_PGP_KEY_IDS="0xBA5473A2B0587B07FB27CF2D216094DFD0CB81EF" ENV OTP_VERSION 26.2.5.2 # TODO add PGP checking when the feature will be added to Erlang/OTP's build system diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 435ea08f..cb0b8c49 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -22,42 +22,14 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com ENV OPENSSL_VERSION {{ .openssl.version }} ENV OPENSSL_SOURCE_SHA256="{{ .openssl.sha256 }}" -# https://www.openssl.org/community/otc.html # https://www.openssl.org/source/ ENV OPENSSL_PGP_KEY_IDS="{{ [ - # Dmitry Belyavsky - - # Matt Caswell - "8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491", - - # Paul Dale - "B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45", - - # Tim Hudson - "C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD", - - # Hugo Landau - "95A9 908D DFA1 6830 BE9F B900 3D30 A3A9 FF13 60DC", - - # Richard Levitte - "7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C", - - # Shane Lontis - - # Tomas Mraz - "A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C", - - # Kurt Roeckx - "E5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D", - - # Matthias St. Pierre - - # Nicola Tuveri - - # OpenSSL OMC key - # https://github.com/openssl/web/pull/415 - "EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5", + # "OpenSSL " + # https://openssl-library.org/source/index.html + # "The current releases are signed by the OpenSSL key with fingerprint:" + # https://keys.openpgp.org/search?q=openssl%40openssl.org + "BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF", # hack for trailing comma above empty diff --git a/Dockerfile-ubuntu.template b/Dockerfile-ubuntu.template index 96b18b64..9f9b0747 100644 --- a/Dockerfile-ubuntu.template +++ b/Dockerfile-ubuntu.template @@ -25,42 +25,14 @@ ARG PGP_KEYSERVER=keyserver.ubuntu.com ENV OPENSSL_VERSION {{ .openssl.version }} ENV OPENSSL_SOURCE_SHA256="{{ .openssl.sha256 }}" -# https://www.openssl.org/community/otc.html # https://www.openssl.org/source/ ENV OPENSSL_PGP_KEY_IDS="{{ [ - # Dmitry Belyavsky - - # Matt Caswell - "8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491", - - # Paul Dale - "B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45", - - # Tim Hudson - "C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD", - - # Hugo Landau - "95A9 908D DFA1 6830 BE9F B900 3D30 A3A9 FF13 60DC", - - # Richard Levitte - "7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C", - - # Shane Lontis - - # Tomas Mraz - "A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C", - - # Kurt Roeckx - "E5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D", - - # Matthias St. Pierre - - # Nicola Tuveri - - # OpenSSL OMC key - # https://github.com/openssl/web/pull/415 - "EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5", + # "OpenSSL " + # https://openssl-library.org/source/index.html + # "The current releases are signed by the OpenSSL key with fingerprint:" + # https://keys.openpgp.org/search?q=openssl%40openssl.org + "BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF", # hack for trailing comma above empty diff --git a/versions.json b/versions.json index 1a18cf70..d264d17f 100644 --- a/versions.json +++ b/versions.json @@ -4,8 +4,8 @@ "version": "3.20" }, "openssl": { - "sha256": "5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7", - "version": "3.1.6" + "sha256": "053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c", + "version": "3.1.7" }, "otp": { "sha256": "00c2619648e05a25b39035ea51b65fc79c998e55f178cccc6c1b920f3f10dfba", @@ -22,8 +22,8 @@ "version": "3.20" }, "openssl": { - "sha256": "5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7", - "version": "3.1.6" + "sha256": "053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c", + "version": "3.1.7" }, "otp": { "sha256": "e49708cf1f602863e394869af48df4abcb39e3633b96cb4babde3ee7aa724872", @@ -40,8 +40,8 @@ "version": "3.20" }, "openssl": { - "sha256": "777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e", - "version": "3.3.1" + "sha256": "2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281", + "version": "3.3.2" }, "otp": { "sha256": "e49708cf1f602863e394869af48df4abcb39e3633b96cb4babde3ee7aa724872",