Use official Gentoo keyservers (keys.gentoo.org) by @mgorny

See https://github.com/gentoo/gentoo-docker-images/pull/64

Signed-off-by: Alexys Jacob <ultrabug@gentoo.org>

1 files changed, 5 insertions, 8 deletions

diff --git a/portage.Dockerfile b/portage.Dockerfile
index 5da2631..5fda6fd 100644
--- a/portage.Dockerfile
+++ b/portage.Dockerfile
@@ -1,11 +1,8 @@
-# This Dockerfile creates a portage snapshot that can be mounted as a 
-# container volume. It utilizes a multi-stage build and requires 
-# docker-17.05.0 or later. It fetches a daily snapshot from the official 
+# This Dockerfile creates a portage snapshot that can be mounted as a
+# container volume. It utilizes a multi-stage build and requires
+# docker-17.05.0 or later. It fetches a daily snapshot from the official
 # sources and verifies its checksum as well as its gpg signature.
 
-# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools
-# to fetch the signing key.
-
 FROM alpine:3.7 as builder
 
 WORKDIR /portage
@@ -14,13 +11,13 @@ ARG SNAPSHOT="portage-latest.tar.xz"
 ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/snapshots"
 ARG SIGNING_KEY="0xEC590EEAC9189250"
 
-RUN apk add --no-cache gnupg tar wget xz \
+RUN apk add --no-cache ca-certificates gnupg tar wget xz \
  && wget -q "${DIST}/${SNAPSHOT}" "${DIST}/${SNAPSHOT}.gpgsig" "${DIST}/${SNAPSHOT}.md5sum" \
  && gpg --list-keys \
  && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \
  && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
  && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
- && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys ${SIGNING_KEY} \
+ && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} \
  && gpg --verify "${SNAPSHOT}.gpgsig" "${SNAPSHOT}" \
  && md5sum -c ${SNAPSHOT}.md5sum \
  && mkdir -p var/db/repos var/cache/binpkgs var/cache/distfiles \