From e74ff3a8c5fa03edc3d4c62b88cda5a409824b07 Mon Sep 17 00:00:00 2001
From: Vincent Brillault <vincent.brillault@cern.ch>
Date: Thu, 17 Dec 2020 09:47:09 +0100
Subject: [PATCH] Install CERN repo and CERN-CA-certs

---
 Dockerfile                       | 14 +++++++++-----
 etc/pki/rpm-gpg/RPM-GPG-KEY-cern | 28 ++++++++++++++++++++++++++++
 etc/yum.repos.d/cern.repo        |  9 +++++++++
 3 files changed, 46 insertions(+), 5 deletions(-)
 create mode 100644 etc/pki/rpm-gpg/RPM-GPG-KEY-cern
 create mode 100644 etc/yum.repos.d/cern.repo

diff --git a/Dockerfile b/Dockerfile
index ba087c8..f7027ca 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,17 +4,21 @@ FROM centos/php-73-centos7
 # Temporarily switch to root user to install packages
 USER root
 
-# We need the z-push repo for php-awl
-ADD etc/yum.repos.d/z-push.repo /etc/yum.repos.d/z-push.repo
+# We need the z-push repo for php-awl and the cern repo for CERN-CA-certs
+ADD etc/yum.repos.d/*.repo /etc/yum.repos.d/
+ADD etc/pki/rpm-gpg/RPM-GPG-KEY-cern /etc/pki/rpm-gpg/
 
-# Install PHP dependencies
+# Install and CERN-CA-certs epel for PHP deps
 RUN yum install -y \
-  epel-release
+  epel-release CERN-CA-certs && \
+  yum clean all
 
+# Install PHP dependencies
 RUN yum install -y \
   rh-php73-php-imap \
   rh-php73-php-xsl \
-  php-awl
+  php-awl && \
+  yum clean all
 
 # Fixes for Apache
 RUN yum remove -y \
diff --git a/etc/pki/rpm-gpg/RPM-GPG-KEY-cern b/etc/pki/rpm-gpg/RPM-GPG-KEY-cern
new file mode 100644
index 0000000..fdedfa1
--- /dev/null
+++ b/etc/pki/rpm-gpg/RPM-GPG-KEY-cern
@@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.2.6 (GNU/Linux)
+
+mQGiBEK/0MURBACv5Rm/jRnrbyocW5t43hrjFxlw/DPLTWiA16apk3P2HQQ8F6cs
+EY/gmNmUf4U8KB6ncxdye/ostSBFJmVYh0YEYUxBSYM6ZFui3teVRxxXqN921jU2
+GbbWGqqlxbDqvBxDEG95pA9oSiFYalVfjxVv0hrcrAHQDW5DL2b8l48kGwCgnxs1
+iO7Z/5KRalKSJqKx70TVIUkD/2YkkHjcwp4Nt1pPlKxLaFp41cnCEGMEZVsNIQuJ
+1SgHyMHKBzMWkD7QHqAeW3Sa9CDAJKoVPHZK99puF8etyUpC/HfmOIF6jwGpfG5A
+S7YbqHX6vitRlQt1b1aq5K83J8Y0+8WmjZmCQY6+y2KHOPP+zHWKe5TJDeqDnN0j
+sZsKA/441IF4JJTPEhvRFsPJO5WKg1zGFbxRPKvgi7+YY6pJ0VFbOMcJVMkvSZ2w
+4QRD+2ets/pRxNhITHfPToMV3lhC8m1Je5fzoSvSixgH/5o9mekWWSW7Uq7U0IWA
+7OD7RraJRrGxy0Tz3G+exA7svv/zn9TW/BaHFlMHoyyDHOYZmIhhBB8RAgAhBQJC
+v+/uFwyAEeb+6rc8Txi4s8pfgZAf4xOTel99AgcAAAoJEF4D/eUdHgNLGCgAmwdu
+KegSOBXpDe061zF8NoN6+OFiAJ9nKo+uC6xBZ9Ey550SmhFCPPA2/rRTQ0VSTiBM
+aW51eCBTdXBwb3J0IChSUE0gc2lnbmluZyBrZXkgZm9yIENFUk4gTGludXggU3Vw
+cG9ydCkgPGxpbnV4LnN1cHBvcnRAY2Vybi5jaD6IWgQTEQIAGgUCQr/QxQULBwMC
+AQMVAgMDFgIBAh4BAheAAAoJEF4D/eUdHgNL/HsAn1ntKwRoSA9L0r8UyF7Zqn3U
+79m1AJ9Y4NsSE/dlFYLfmf0+baoq7b5asIicBBMBAgAGBQJCv9DjAAoJEPy9YCiW
+u335GTwEALjUQ7+cHxi0sifstCLoyRYQSu7Eas0M1UD2ZxSQNBnYsx4rDZJk9TmK
+7QCzR1yRw9aixzZsRlNbed5VPxSzn89PE5m7Sx1bpl89sPgZ4BY95AL2wExyDWRp
+1ON2+ztYeYtT7ZCkmeM+PBzt6RHR/jo3361faBS+qOkmpiiRWf3XiEYEExECAAYF
+AkK/0WAACgkQkB/jE5N6X33DFQCgkvy1ruogu5Ibs5CzGY/ALiSJhyAAn3ygn3p/
+xrNQ8Dy5j4KfgJINoxT4iEYEEBECAAYFAkK/9CcACgkQDIloXtlLxZSiRACdG0kT
+KlB4X4VBocUyxMReO9e5MvsAoIKWgcJYE8AGmRXjfIisCAzPtVX+iEYEExECAAYF
+AkK/8oUACgkQtQgG0wyY/52z1ACgkkxNdhHKbEol3Kwka1tICWHMIwIAn3PWJQR0
+C1MV1+CnT8UupHzxy6J7
+=IUD3
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/etc/yum.repos.d/cern.repo b/etc/yum.repos.d/cern.repo
new file mode 100644
index 0000000..e7c3c24
--- /dev/null
+++ b/etc/yum.repos.d/cern.repo
@@ -0,0 +1,9 @@
+[cern]
+name=CentOS-7 - CERN [HEAD]
+baseurl=http://linuxsoft.cern.ch//cern/centos/7/cern/x86_64
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cern
+exclude=puppet,puppet-server,facter,mcollective*,hiera,puppet-agent
+includepkgs=CERN-CA-certs
+priority=10
-- 
GitLab