feat(Dockerfile): verify nginx pgp key (#219)

Author: Joshua-Anderson

rootfs/Dockerfile

@@ -17,12 +17,12 @@ RUN apt-get update \
 		libssl-dev \
 		libpcre3-dev \
 		make \
-	&& export NGINX_VERSION=1.10.1 VTS_VERSION=0.1.8 BUILD_PATH=/tmp/build PREFIX=/opt/router \
+	&& export NGINX_VERSION=1.10.1 SIGNING_KEY=A1C052F8 VTS_VERSION=0.1.8 BUILD_PATH=/tmp/build PREFIX=/opt/router \
 	&& rm -rf "$PREFIX" \
 	&& mkdir "$PREFIX" \
 	&& mkdir "$BUILD_PATH" \
 	&& cd "$BUILD_PATH" \
-	&& get_src 1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801 \
+	&& get_src_gpg $SIGNING_KEY \
 		"http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" \
 	&& get_src 6bb9a36d8d70302d691c49557313fb7262cafd942a961d11a2730d9a5d9f70e0 \
 		"https://github.com/vozlt/nginx-module-vts/archive/v$VTS_VERSION.tar.gz" \

rootfs/bin/get_src_gpg

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+key="$1"
+url="$2"
+f=$(basename "$url")
+
+gpg  --recv-keys --keyserver keyserver.ubuntu.com "$key"
+# Trust public key without a interactive prompt
+gpg --list-keys --fingerprint --with-colons |
+  sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |
+  gpg --import-ownertrust
+curl -sSL "$url" -o "$f"
+curl -sSL "$url.asc" -o "$f.asc"
+gpg --verify $f.asc
+tar xzf "$f"
+rm "$f"