diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile index b6655ec2ae..c2899a48c0 100644 --- a/dogfood/Dockerfile +++ b/dogfood/Dockerfile @@ -96,22 +96,34 @@ COPY files / ARG DEBIAN_FRONTEND="noninteractive" RUN apt-get update --quiet && apt-get install --yes \ + ansible \ apt-transport-https \ apt-utils \ + asciinema \ bash \ bash-completion \ bats \ bind9-dnsutils \ build-essential \ ca-certificates \ + cargo \ cmake \ + containerd.io \ crypto-policies \ curl \ + docker-ce \ + docker-ce-cli \ + docker-compose-plugin \ fd-find \ file \ + fish \ + gettext-base \ git \ gnupg \ + google-cloud-sdk \ + google-cloud-sdk-datastore-emulator \ graphviz \ + helix \ htop \ httpie \ inetutils-tools \ @@ -119,50 +131,39 @@ RUN apt-get update --quiet && apt-get install --yes \ iputils-ping \ iputils-tracepath \ jq \ + kubectl \ language-pack-en \ less \ + libssl-dev \ lsb-release \ man \ meld \ + ncdu \ + neovim \ net-tools \ openjdk-11-jdk-headless \ openssh-server \ openssl \ - libssl-dev \ + packer \ pkg-config \ + postgresql-13 \ python3 \ python3-pip \ rsync \ + screen \ shellcheck \ strace \ sudo \ tcptraceroute \ termshark \ traceroute \ + unzip \ vim \ wget \ xauth \ zip \ - ncdu \ - cargo \ - asciinema \ zsh \ - ansible \ - neovim \ - google-cloud-sdk \ - google-cloud-sdk-datastore-emulator \ - kubectl \ - postgresql-13 \ - containerd.io \ - docker-ce \ - docker-ce-cli \ - docker-compose-plugin \ - packer \ - fish \ - unzip \ - zstd \ - screen \ - gettext-base && \ + zstd && \ # Delete package cache to avoid consuming space in layer apt-get clean && \ # Configure FIPS-compliant policies diff --git a/dogfood/files/etc/apt/preferences.d/ppa b/dogfood/files/etc/apt/preferences.d/ppa index ca3732cd83..9e8e85724f 100644 --- a/dogfood/files/etc/apt/preferences.d/ppa +++ b/dogfood/files/etc/apt/preferences.d/ppa @@ -8,6 +8,21 @@ Package: ansible-base Pin: origin ppa.launchpad.net Pin-Priority: 500 +# Fish +Package: fish +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + +# Git +Package: git +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + +# Helix +Package: helix +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + # Neovim Package: neovim Pin: origin ppa.launchpad.net @@ -17,8 +32,3 @@ Pin-Priority: 500 Package: neovim-runtime Pin: origin ppa.launchpad.net Pin-Priority: 500 - -# Git -Package: git -Pin: origin ppa.launchpad.net -Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/sources.list.d/ppa.list b/dogfood/files/etc/apt/sources.list.d/ppa.list index fcb27d2bd7..a0d67bd178 100644 --- a/dogfood/files/etc/apt/sources.list.d/ppa.list +++ b/dogfood/files/etc/apt/sources.list.d/ppa.list @@ -1,3 +1,9 @@ deb [signed-by=/usr/share/keyrings/ansible.gpg] https://ppa.launchpadcontent.net/ansible/ansible/ubuntu jammy main -deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu jammy main + +deb [signed-by=/usr/share/keyrings/fish-shell.gpg] https://ppa.launchpadcontent.net/fish-shell/release-3/ubuntu/ jammy main + deb [signed-by=/usr/share/keyrings/git-core.gpg] https://ppa.launchpadcontent.net/git-core/ppa/ubuntu jammy main + +deb [signed-by=/usr/share/keyrings/helix.gpg] https://ppa.launchpadcontent.net/maveonair/helix-editor/ubuntu/ jammy main + +deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu jammy main diff --git a/dogfood/files/usr/share/keyrings/fish-shell.gpg b/dogfood/files/usr/share/keyrings/fish-shell.gpg new file mode 100644 index 0000000000..58ed31417d Binary files /dev/null and b/dogfood/files/usr/share/keyrings/fish-shell.gpg differ diff --git a/dogfood/files/usr/share/keyrings/helix.gpg b/dogfood/files/usr/share/keyrings/helix.gpg new file mode 100644 index 0000000000..c4dd02d157 Binary files /dev/null and b/dogfood/files/usr/share/keyrings/helix.gpg differ diff --git a/dogfood/update-keys.sh b/dogfood/update-keys.sh index c2dac58e4b..32ce65e5ca 100755 --- a/dogfood/update-keys.sh +++ b/dogfood/update-keys.sh @@ -16,51 +16,61 @@ gpg_flags=( ) pushd "$PROJECT_ROOT/dogfood/files/usr/share/keyrings" -# Upstream Docker signing key -curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" | - gpg "${gpg_flags[@]}" --output="docker.gpg" - -# Google Cloud signing key -curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | - gpg "${gpg_flags[@]}" --output="google-cloud.gpg" - -# Google Linux Software repository signing key (Chrome) -curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" | - gpg "${gpg_flags[@]}" --output="google-chrome.gpg" - -# Microsoft repository signing key (Edge) -curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" | - gpg "${gpg_flags[@]}" --output="microsoft.gpg" - -# Upstream PostgreSQL signing key -curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" | - gpg "${gpg_flags[@]}" --output="postgresql.gpg" - -# NodeSource signing key -curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" | - gpg "${gpg_flags[@]}" --output="nodesource.gpg" - -# Yarnpkg signing key -curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" | - gpg "${gpg_flags[@]}" --output="yarnpkg.gpg" # Ansible PPA signing key curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6125e2a8c77f2818fb7bd15b93c4a3fd7bb9c367" | gpg "${gpg_flags[@]}" --output="ansible.gpg" -# Neovim signing key -curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" | - gpg "${gpg_flags[@]}" --output="neovim.gpg" +# Upstream Docker signing key +curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" | + gpg "${gpg_flags[@]}" --output="docker.gpg" -# Hashicorp signing key -curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" | - gpg "${gpg_flags[@]}" --output="hashicorp.gpg" +# Fish signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x59fda1ce1b84b3fad89366c027557f056dc33ca5" | + gpg "${gpg_flags[@]}" --output="fish-shell.gpg" + +# Git-Core signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xE1DD270288B4E6030699E45FA1715D88E1DF1F24" | + gpg "${gpg_flags[@]}" --output="git-core.gpg" # GitHub CLI signing key curl "${curl_flags[@]}" "https://cli.github.com/packages/githubcli-archive-keyring.gpg" | gpg "${gpg_flags[@]}" --output="github-cli.gpg" -# Git-Core signing key -curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xE1DD270288B4E6030699E45FA1715D88E1DF1F24" | - gpg "${gpg_flags[@]}" --output="git-core.gpg" +# Google Linux Software repository signing key (Chrome) +curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" | + gpg "${gpg_flags[@]}" --output="google-chrome.gpg" + +# Google Cloud signing key +curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | + gpg "${gpg_flags[@]}" --output="google-cloud.gpg" + +# Hashicorp signing key +curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" | + gpg "${gpg_flags[@]}" --output="hashicorp.gpg" + +# Helix signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x27642b9fd7f1a161fc2524e3355a4fa515d7c855" | + gpg "${gpg_flags[@]}" --output="helix.gpg" + +# Microsoft repository signing key (Edge) +curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" | + gpg "${gpg_flags[@]}" --output="microsoft.gpg" + +# Neovim signing key +curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" | + gpg "${gpg_flags[@]}" --output="neovim.gpg" + +# NodeSource signing key +curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" | + gpg "${gpg_flags[@]}" --output="nodesource.gpg" + +# Upstream PostgreSQL signing key +curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" | + gpg "${gpg_flags[@]}" --output="postgresql.gpg" + +# Yarnpkg signing key +curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" | + gpg "${gpg_flags[@]}" --output="yarnpkg.gpg" + popd