Merge pull request kitten#9 from sdaros/master

Verify GPG fingerprint of downloaded archive

Author: kitten

Dockerfile

@@ -9,10 +9,16 @@ RUN apt-get update && apt-get install -y \
   module-init-tools
 
 ENV STRONGSWAN_VERSION 5.5.0
+ENV GPG_KEY 948F158A4E76A27BF3D07532DF42C170B34DBA77
 
 RUN mkdir -p /usr/src/strongswan \
-	&& curl -SL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz" \
-	| tar -zxC /usr/src/strongswan --strip-components 1 \
+	&& cd /usr/src \
+	&& curl -SOL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz.sig" \
+	&& curl -SOL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz" \
+	&& export GNUPGHOME="$(mktemp -d)" \
+	&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
+	&& gpg --batch --verify strongswan-$STRONGSWAN_VERSION.tar.gz.sig strongswan-$STRONGSWAN_VERSION.tar.gz \
+	&& tar -zxf strongswan-$STRONGSWAN_VERSION.tar.gz -C /usr/src/strongswan --strip-components 1 \
 	&& cd /usr/src/strongswan \
 	&& ./configure --prefix=/usr --sysconfdir=/etc \
 		--enable-eap-radius \
@@ -29,7 +35,7 @@ RUN mkdir -p /usr/src/strongswan \
 		--enable-openssl \
 	&& make -j \
 	&& make install \
-	&& rm -rf /usr/src/strongswan
+	&& rm -rf "/usr/src/strongswan*"
 
 # Strongswan Configuration
 ADD ipsec.conf /etc/ipsec.conf