From ccf273b6506dfb945fc8aeaefac79b2e667b93bf Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sat, 3 Oct 2020 16:49:06 +0200
Subject: [PATCH] Move build to script, configure gpg keyserver

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 Dockerfile | 18 ++----------------
 build.sh   | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 16 deletions(-)
 create mode 100644 build.sh

diff --git a/Dockerfile b/Dockerfile
index 2e66071..b279369 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,7 @@
 FROM luzifer/archlinux:latest
 
-RUN set -ex \
- && pacman -Sy \
- && pacman -S --noconfirm --needed \
-      base-devel \
-      curl \
-      git \
- && useradd -m -u 1000 builder \
- && echo "builder ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/builder \
- && pacman-key --init \
- && pacman-key --keyserver hkp://keyserver.ubuntu.com -r 6F73A4F39CDF652E3F944142085AA223D0391BF9 \
- && pacman-key --lsign-key 6F73A4F39CDF652E3F944142085AA223D0391BF9 \
- && curl -sSfLo /usr/local/bin/dumb-init  "https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64" \
- && curl -sSfLo /usr/local/bin/gosu       "https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64" \
- && chmod 0755 \
-      /usr/local/bin/dumb-init \
-      /usr/local/bin/gosu
+COPY build.sh /usr/local/bin/
+RUN bash /usr/local/bin/build.sh
 
 VOLUME ["/src", "/repo", "/config"]
 WORKDIR /src
diff --git a/build.sh b/build.sh
new file mode 100644
index 0000000..84c558d
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+set -euxo pipefail
+
+required_packages=(
+	base-devel
+	curl
+	git
+)
+
+luzifer_pkg_key="6F73A4F39CDF652E3F944142085AA223D0391BF9"
+keyserver="hkp://keyserver.ubuntu.com"
+
+# Update system to latest state and install required packages
+pacman -Sy
+pacman -S --noconfirm --needed "${required_packages[@]}"
+
+# Add new build user and allow it to `sudo`
+useradd -m -u 1000 builder
+echo "builder ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/builder
+
+# Configure keyserver for builder user
+mkdir ~builder/.gnupg
+echo "keyserver ${keyserver}" >~builder/.gnupg/gpg.conf
+chown -R builder ~builder/.gnupg
+
+# Install
+pacman-key --init
+pacman-key --keyserver "${keyserver}" -r "${luzifer_pkg_key}"
+pacman-key --lsign-key "${luzifer_pkg_key}"
+
+# Install dumb-init and gosu
+curl -sSfLo /usr/local/bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64"
+curl -sSfLo /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64"
+chmod 0755 \
+	/usr/local/bin/dumb-init \
+	/usr/local/bin/gosu