stage3.Dockerfile: use HEREDOC syntax for RUN command

HEREDOC syntax is supported in docker
https://docs.docker.com/reference/dockerfile/#here-documents

Why:
1) better readability
2) ability to add comments
3) can use HEREDOC in RUN command itself (i.e. configuring
~/.gnupg/dirmngr.conf)
4) by using modern syntax, we can't be labelled as "conservative"[1]

[1] https://github.com/systemd/systemd/pull/31424#issuecomment-1956318843
Signed-off-by: Rahil Bhimjiani <me@rahil.rocks>
Signed-off-by: John Helmert III <ajak@gentoo.org>

1 files changed, 39 insertions, 18 deletions

diff --git a/stage3.Dockerfile b/stage3.Dockerfile
index 2aeb250..21235de 100644
--- a/stage3.Dockerfile
+++ b/stage3.Dockerfile
@@ -1,3 +1,7 @@
+# syntax=docker/dockerfile:1
+
+# FIRST LINE IS VERY IMPORTANT. DO NOT MODIFY
+
 # This Dockerfile creates a gentoo stage3 container image. By default it
 # creates a stage3-amd64 image. It utilizes a multi-stage build and requires
 # docker-17.05.0 or later. It fetches a daily snapshot from the official
@@ -14,24 +18,41 @@ ARG SUFFIX
 ARG DIST="https://ftp-osl.osuosl.org/pub/gentoo/releases/${ARCH}/autobuilds"
 ARG SIGNING_KEY="0xBB572E0E2D182910"
 
-RUN echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \
- && apk --no-cache add ca-certificates gnupg tar wget xz \
- && gpg --list-keys \
- && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
- && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
- && gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} || \
-	gpg --auto-key-locate=clear,nodefault,wkd --locate-key releng@gentoo.org \
- && wget -q "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt" \
- && gpg --verify "latest-stage3-${MICROARCH}${SUFFIX}.txt" \
- && STAGE3PATH="$(sed -n '6p' "latest-stage3-${MICROARCH}${SUFFIX}.txt" | cut -f 1 -d ' ')" \
- && echo "STAGE3PATH:" ${STAGE3PATH} \
- && STAGE3="$(basename ${STAGE3PATH})" \
- && wget -q "${DIST}/${STAGE3PATH}" "${DIST}/${STAGE3PATH}.CONTENTS.gz" "${DIST}/${STAGE3PATH}.asc" \
- && gpg --verify "${STAGE3}.asc" \
- && tar xpf "${STAGE3}" --xattrs-include='*.*' --numeric-owner \
- && ( sed -i -e 's/#rc_sys=""/rc_sys="docker"/g' etc/rc.conf 2>/dev/null || true ) \
- && echo 'UTC' > etc/timezone \
- && rm ${STAGE3}.asc ${STAGE3}.CONTENTS.gz ${STAGE3}
+RUN <<-EOF
+    set -e
+
+    echo "Building Gentoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}"
+
+    apk --no-cache add ca-certificates gnupg tar wget xz
+
+    # setup GPG
+    gpg --list-keys
+    # make sure to have <tab> in following heredoc
+    # https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_07_04
+     cat <<-GPG >> ~/.gnupg/dirmngr.conf
+	honor-http-proxy
+	disable-ipv6
+	GPG
+    gpg --keyserver hkps://keys.gentoo.org --recv-keys ${SIGNING_KEY} || \
+    	gpg --auto-key-locate=clear,nodefault,wkd --locate-key releng@gentoo.org
+
+    # obtain and extract stage3
+    wget -q "${DIST}/latest-stage3-${MICROARCH}${SUFFIX}.txt"
+    gpg --verify "latest-stage3-${MICROARCH}${SUFFIX}.txt"
+    STAGE3PATH="$(sed -n '6p' "latest-stage3-${MICROARCH}${SUFFIX}.txt" | cut -f 1 -d ' ')"
+    echo "STAGE3PATH:" ${STAGE3PATH}
+    STAGE3="$(basename ${STAGE3PATH})"
+    wget -q "${DIST}/${STAGE3PATH}" "${DIST}/${STAGE3PATH}.CONTENTS.gz" "${DIST}/${STAGE3PATH}.asc"
+    gpg --verify "${STAGE3}.asc"
+    tar xpf "${STAGE3}" --xattrs-include='*.*' --numeric-owner
+
+    # modify stage3
+    ( sed -i -e 's/#rc_sys=""/rc_sys="docker"/g' etc/rc.conf 2>/dev/null || true )
+    echo 'UTC' > etc/timezone
+
+    # cleanup
+    rm ${STAGE3}.asc ${STAGE3}.CONTENTS.gz ${STAGE3}
+EOF
 
 FROM scratch