Dockerfile: fix GPG keys permission issues during container setup

Currently the container initial setup using setup.sh fails: rm: cannot remove '/builder/keys/88CA59E8.asc': Permission denied rm: cannot remove '/builder/keys/CD54E82DADB3684D.asc': Permission denied rm: cannot remove '/builder/keys/2074BE7A.asc': Permission denied rm: cannot remove '/builder/keys/0x1D53D1877742E911.asc': Permission denied rm: cannot remove '/builder/keys/626471F1.asc': Permission denied That is happening due to PEBKAC, where I didn't realized, that there is such additional setup.sh happening. So lets fix it by adding the keys with correct owner. Link: https://github.com/openwrt/docker/pull/165 References: https://github.com/openwrt/packages/actions/runs/14242829383/job/39916509620?pr=26225 Fixes: #164 Fixes: 79999f3c7e ("Dockerfile: fix rootfs container generation") Signed-off-by: Petr Štetiar <ynezz@true.cz>
2025-04-03 15:54:04 +00:00 · 2025-04-03 15:54:04 +00:00 · 648a9bd5ba
parent cda8065dc5
commit 648a9bd5ba
3 changed files with 3 additions and 3 deletions
--- a/2
+++ b/2
@ -18,7 +18,7 @@ ENV VERSION_PATH=$VERSION_PATH
 USER $USER
 WORKDIR $WORKDIR
-ADD keys/*.asc /builder/keys/
+ADD --chown=buildbot:buildbot keys/*.asc /builder/keys/
 COPY --chmod=0755 setup.sh /builder/setup.sh
 ARG RUN_SETUP=0
--- a/Dockerfile.rootfs
+++ b/Dockerfile.rootfs
@ -13,7 +13,7 @@ ENV VERSION_PATH=$VERSION_PATH
 USER root
 WORKDIR /builder/rootfs
-ADD keys/*.asc /builder/keys/
+ADD --chown=buildbot:buildbot keys/*.asc /builder/keys/
 COPY --chmod=0755 setup.sh /builder/setup.sh
 RUN /builder/setup.sh
--- a/setup.sh
+++ b/setup.sh
@ -10,7 +10,7 @@ DOWNLOAD_PATH="$VERSION_PATH/targets/$TARGET"
 wget "$UPSTREAM_URL/$DOWNLOAD_PATH/sha256sums" -O sha256sums
 wget "$UPSTREAM_URL/$DOWNLOAD_PATH/sha256sums.asc" -O sha256sums.asc
-cat /builder/keys/*.asc | gpg --import && rm -rf /builder/keys/
+gpg --import /builder/keys/*.asc && rm -rf /builder/keys/
 gpg --with-fingerprint --verify sha256sums.asc sha256sums
 # determine archive name