From bcdceb7d9d7e26a386fd03a34e94820a61a70726 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A1lint=20Bokros?= Date: Fri, 12 Jan 2018 13:42:04 +0100 Subject: [PATCH] Make pyenv install MitM-resilient --- Dockerfile | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index d70b4f1..10b595c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,11 +27,18 @@ RUN apt-get update && \ USER ${AVATAO_USER} -COPY .pyenvrc /home/${AVATAO_USER}/.pyenvrc +WORKDIR /home/${AVATAO_USER} +COPY .pyenvrc . ENV PYTHON_VERSION="3.6.4" -RUN curl -L https://raw.githubusercontent.com/pyenv/pyenv-installer/master/bin/pyenv-installer | bash && \ - echo "source $HOME/.pyenvrc" >> "$HOME/.bashrc" && \ - . "$HOME/.pyenvrc" && \ +# no GitHub releases are available, so current tip of head is hardcoded to avoid surprises +ENV PYENV_INSTALLER_URL="https://raw.githubusercontent.com/pyenv/pyenv-installer/78cfd4d/bin/pyenv-installer" +ENV PYENV_INSTALLER_HASH=9509348b828f0564358fff456f7f693dd9ace351dc3f240854d7685ad8a8e1dd +RUN curl -fSL -o pyenv-installer ${PYENV_INSTALLER_URL} && \ + echo "${PYENV_INSTALLER_HASH} *pyenv-installer" | sha256sum -c - && \ + bash pyenv-installer && \ + rm pyenv-installer && \ + echo "source $HOME/.pyenvrc" >> .bashrc && \ + . $HOME/.pyenvrc && \ pyenv install ${PYTHON_VERSION} && \ pyenv global ${PYTHON_VERSION} && \ pip install tornado pyzmq transitions