From 13ebc68636f922e799d71792748934b8883d2f1f Mon Sep 17 00:00:00 2001
From: zimbatm <zimbatm@zimbatm.com>
Date: Fri, 27 Dec 2013 15:18:40 +0000
Subject: [PATCH 1/2] Makes sure the GPG key fingerprint is inlined in the doc
 everywhere.

Instead of `curl $url | apt-get add -` use the ubuntu keyserver and a full
fingerprint to retreive the key. This makes the distribution of the GPG key
more secure an less likely to change even if 3rd party gains access to the
packages repository.

Docker-DCO-1.0-Signed-off-by: Jonas Pfenniger <zimbatm@zimbatm.com> (github: zimbatm)
---
 Vagrantfile                                 |  2 +-
 docs/sources/installation/ubuntulinux.rst   | 12 ++++--------
 docs/sources/installation/upgrading.rst     |  2 +-
 hack/infrastructure/docker-ci/deployment.py |  2 +-
 hack/install.sh                             |  2 +-
 hack/release.sh                             |  2 +-
 6 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index def85e5d7240e..c130587829c27 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -24,7 +24,7 @@ if [ -z "$user" ]; then
 fi
 
 # Adding an apt gpg key is idempotent.
-wget -q -O - https://get.docker.io/gpg | apt-key add -
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 
 # Creating the docker.list file is idempotent, but it may overwrite desired
 # settings if it already exists.  This could be solved with md5sum but it
diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst
index e4432c6710ef4..84809790997c7 100644
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -68,13 +68,11 @@ easy. **See the :ref:`installmirrors` section below if you are not in
 the United States.** Other sources of the Debian packages may be
 faster for you to install.
 
-First add the Docker repository key to your local keychain. You can use the
-``apt-key`` command to check the fingerprint matches: ``36A1 D786 9245 C895 0F96
-6E92 D857 6A8B A88D 21E9``
+First add the Docker repository key to your local keychain.
 
 .. code-block:: bash
 
-   sudo sh -c "wget -qO- https://get.docker.io/gpg | apt-key add -"
+   sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 
 Add the Docker repository to your apt sources list, update and install the
 ``lxc-docker`` package.
@@ -142,13 +140,11 @@ Docker is available as a Debian package, which makes installation easy.
     Please note that these instructions have changed for 0.6. If you are upgrading from an earlier version, you will need
     to follow them again.
 
-First add the Docker repository key to your local keychain. You can use the
-``apt-key`` command to check the fingerprint matches: ``36A1 D786 9245 C895 0F96
-6E92 D857 6A8B A88D 21E9``
+First add the Docker repository key to your local keychain.
 
 .. code-block:: bash
 
-   sudo sh -c "wget -qO- https://get.docker.io/gpg | apt-key add -"
+   sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 
 Add the Docker repository to your apt sources list, update and install the
 ``lxc-docker`` package.
diff --git a/docs/sources/installation/upgrading.rst b/docs/sources/installation/upgrading.rst
index ac4170dfbaef3..c76011554511d 100644
--- a/docs/sources/installation/upgrading.rst
+++ b/docs/sources/installation/upgrading.rst
@@ -26,7 +26,7 @@ use ``apt-get`` to upgrade.
 .. code-block:: bash
 
    # Add the Docker repository key to your local keychain
-   sudo sh -c "curl https://get.docker.io/gpg | apt-key add -"
+   sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 
    # Add the Docker repository to your apt sources list.
    sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
diff --git a/hack/infrastructure/docker-ci/deployment.py b/hack/infrastructure/docker-ci/deployment.py
index 8fb0766bfea86..fd0fdb0fe8308 100755
--- a/hack/infrastructure/docker-ci/deployment.py
+++ b/hack/infrastructure/docker-ci/deployment.py
@@ -127,7 +127,7 @@ def json_fmt(data):
 
 # Install Docker and Buildbot dependencies
 sudo('mkdir /mnt/docker; ln -s /mnt/docker /var/lib/docker')
-sudo('wget -q -O - https://get.docker.io/gpg | apt-key add -')
+sudo('apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9')
 sudo('echo deb https://get.docker.io/ubuntu docker main >'
     ' /etc/apt/sources.list.d/docker.list')
 sudo('echo -e "deb http://archive.ubuntu.com/ubuntu raring main universe\n'
diff --git a/hack/install.sh b/hack/install.sh
index a22bb5c48e1bf..0c92af3cd5387 100755
--- a/hack/install.sh
+++ b/hack/install.sh
@@ -108,7 +108,7 @@ case "$lsb_dist" in
 		fi
 		(
 			set -x
-			$sh_c "$curl ${url}gpg | apt-key add -"
+			$sh_c "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9"
 			$sh_c "echo deb ${url}ubuntu docker main > /etc/apt/sources.list.d/docker.list"
 			$sh_c 'sleep 3; apt-get update; apt-get install -y -q lxc-docker'
 		)
diff --git a/hack/release.sh b/hack/release.sh
index d1278a4c36088..8256faa2dcfe1 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -245,7 +245,7 @@ EOF
 # Add the repository to your APT sources
 echo deb $(s3_url)/ubuntu docker main > /etc/apt/sources.list.d/docker.list
 # Then import the repository key
-curl $(s3_url)/gpg | apt-key add -
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 # Install docker
 apt-get update ; apt-get install -y lxc-docker
 

From 94c803e9f0e725e6a52f71ffaa88d05137b62771 Mon Sep 17 00:00:00 2001
From: zimbatm <zimbatm@zimbatm.com>
Date: Sun, 5 Jan 2014 14:50:57 +0000
Subject: [PATCH 2/2] Fixes key installation for other target urls in
 hack/install.sh

Docker-DCO-1.0-Signed-off-by: Jonas Pfenniger <zimbatm@zimbatm.com> (github: zimbatm)
---
 hack/install.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hack/install.sh b/hack/install.sh
index 0c92af3cd5387..1f37018a7b2ad 100755
--- a/hack/install.sh
+++ b/hack/install.sh
@@ -108,7 +108,11 @@ case "$lsb_dist" in
 		fi
 		(
 			set -x
-			$sh_c "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9"
+			if [ "https://get.docker.io/" = "$url" ]; then
+				$sh_c "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9"
+			else
+				$sh_c "$curl ${url}gpg | apt-key add -"
+			fi
 			$sh_c "echo deb ${url}ubuntu docker main > /etc/apt/sources.list.d/docker.list"
 			$sh_c 'sleep 3; apt-get update; apt-get install -y -q lxc-docker'
 		)