From 43a8f12a4acdb4f6c538dde0d9b6ade1d0ef777e Mon Sep 17 00:00:00 2001
From: Joshua Blum <jblum18@gmail.com>
Date: Tue, 9 Jan 2024 13:21:33 -0500
Subject: [PATCH] Upgrade Dockerfile to bookworm/node20 (#26145)

* Upgrade Dockerfile to bookworm/node20

* x

* fix
---
 packaging/linux/Dockerfile      | 32 +++++++++-----------------------
 packaging/linux/docker_build.sh |  2 +-
 2 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/packaging/linux/Dockerfile b/packaging/linux/Dockerfile
index 113e663bc4aa..20773e571461 100644
--- a/packaging/linux/Dockerfile
+++ b/packaging/linux/Dockerfile
@@ -1,4 +1,5 @@
-FROM debian:buster
+# When updating the version, remember to bump keybase_packaging_v# in docker_build.sh.
+FROM golang:1.21.5-bookworm
 LABEL maintainer="Keybase <admin@keybase.io>"
 
 # Install dependencies from the standard repos.
@@ -8,33 +9,18 @@ LABEL maintainer="Keybase <admin@keybase.io>"
 #   - The deploy scripts use 'git' to commit and push.
 #   - 'curl' and 'wget' are for downloading Go and Node
 #   - 'build-essential' pulls in gcc etc., which Go requires.
-#   - python and pip for recent versions of s3cmd
 #   - gnupg1 to avoid a password issue in key import
 #   - unzip because electron6 packager requires it
 RUN apt-get update
-RUN apt-get install -y fakeroot reprepro rpm createrepo git wget \
-  build-essential curl python python-pip gnupg2 unzip rsync
-
-# Install s3cmd. See this issue for why we need a version newer than what's in
-# the Debian repos: https://github.com/s3tools/s3cmd/issues/437
-RUN pip install s3cmd
+RUN apt-get install -y fakeroot reprepro rpm createrepo-c git wget \
+  build-essential curl s3cmd gnupg2 unzip rsync
 
 # Install nodejs and yarn. (Note that this depends on curl above.)
-RUN curl -sL https://deb.nodesource.com/setup_16.x | bash -
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
+RUN mkdir -p /etc/apt/keyrings
+RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+ENV NODE_MAJOR=20
+RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
 RUN echo "deb http://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list
 RUN apt-get update
 RUN apt-get install -y nodejs yarn
-
-# Install Go directly from Google, because the Debian repos tend to be behind.
-# When updating the version, remember to bump keybase_packaging_v# in docker_build.sh.
-# Copy over the new hash when upgrading version. But if not upgrading version,
-# the check should not ever fail.
-ENV GOLANG_VERSION 1.21.5
-ENV GOLANG_DOWNLOAD_URL https://dl.google.com/go/go$GOLANG_VERSION.linux-amd64.tar.gz
-ENV GOLANG_DOWNLOAD_SHA256 e2bc0b3e4b64111ec117295c088bde5f00eeed1567999ff77bc859d7df70078e
-RUN wget "$GOLANG_DOWNLOAD_URL" -O /root/go.tar.gz
-RUN echo "$GOLANG_DOWNLOAD_SHA256 /root/go.tar.gz" | sha256sum --check --status --strict -
-RUN tar -C /usr/local -xzf /root/go.tar.gz
-RUN rm /root/go.tar.gz
-ENV PATH "$PATH:/usr/local/go/bin"
diff --git a/packaging/linux/docker_build.sh b/packaging/linux/docker_build.sh
index 846160d2790a..a5aaff3d22b4 100755
--- a/packaging/linux/docker_build.sh
+++ b/packaging/linux/docker_build.sh
@@ -58,7 +58,7 @@ gpg_tempfile="$gpg_tempdir/code_signing_key"
 gpg --export-secret-key --armor "$code_signing_fingerprint" > "$gpg_tempfile"
 
 # Make sure the Docker image is built.
-image=keybase_packaging_v49
+image=keybase_packaging_v50
 if [ -z "$(sudo docker images -q "$image")" ] ; then
   echo "Docker image '$image' not yet built. Building..."
   sudo docker build -t "$image" "$clientdir/packaging/linux"