From 5a5c547c7f1a5acf600653d09069c9566f1757c8 Mon Sep 17 00:00:00 2001
From: Jesper Noordsij <jesper@sslleiden.nl>
Date: Wed, 10 May 2023 11:59:37 +0200
Subject: [PATCH 1/2] Add Alpine 3.18 variant

Also remove Alpine 3.16
---
 16/{alpine3.16 => alpine3.18}/Dockerfile      |  2 +-
 .../docker-entrypoint.sh                      |  0
 18/{alpine3.16 => alpine3.18}/Dockerfile      |  2 +-
 .../docker-entrypoint.sh                      |  0
 19/{alpine3.16 => alpine3.18}/Dockerfile      |  2 +-
 .../docker-entrypoint.sh                      |  0
 20/{alpine3.16 => alpine3.18}/Dockerfile      |  2 +-
 .../docker-entrypoint.sh                      |  0
 architectures                                 | 14 +++++------
 config                                        |  2 +-
 versions.json                                 | 24 +++++++++----------
 11 files changed, 24 insertions(+), 24 deletions(-)
 rename 16/{alpine3.16 => alpine3.18}/Dockerfile (99%)
 rename 16/{alpine3.16 => alpine3.18}/docker-entrypoint.sh (100%)
 rename 18/{alpine3.16 => alpine3.18}/Dockerfile (99%)
 rename 18/{alpine3.16 => alpine3.18}/docker-entrypoint.sh (100%)
 rename 19/{alpine3.16 => alpine3.18}/Dockerfile (99%)
 rename 19/{alpine3.16 => alpine3.18}/docker-entrypoint.sh (100%)
 rename 20/{alpine3.16 => alpine3.18}/Dockerfile (99%)
 rename 20/{alpine3.16 => alpine3.18}/docker-entrypoint.sh (100%)

diff --git a/16/alpine3.16/Dockerfile b/16/alpine3.18/Dockerfile
similarity index 99%
rename from 16/alpine3.16/Dockerfile
rename to 16/alpine3.18/Dockerfile
index 020a4729c8..a6d1d87162 100644
--- a/16/alpine3.16/Dockerfile
+++ b/16/alpine3.18/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.18
 
 ENV NODE_VERSION 16.20.0
 
diff --git a/16/alpine3.16/docker-entrypoint.sh b/16/alpine3.18/docker-entrypoint.sh
similarity index 100%
rename from 16/alpine3.16/docker-entrypoint.sh
rename to 16/alpine3.18/docker-entrypoint.sh
diff --git a/18/alpine3.16/Dockerfile b/18/alpine3.18/Dockerfile
similarity index 99%
rename from 18/alpine3.16/Dockerfile
rename to 18/alpine3.18/Dockerfile
index 6faa357cb6..4a79346c3c 100644
--- a/18/alpine3.16/Dockerfile
+++ b/18/alpine3.18/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.18
 
 ENV NODE_VERSION 18.16.0
 
diff --git a/18/alpine3.16/docker-entrypoint.sh b/18/alpine3.18/docker-entrypoint.sh
similarity index 100%
rename from 18/alpine3.16/docker-entrypoint.sh
rename to 18/alpine3.18/docker-entrypoint.sh
diff --git a/19/alpine3.16/Dockerfile b/19/alpine3.18/Dockerfile
similarity index 99%
rename from 19/alpine3.16/Dockerfile
rename to 19/alpine3.18/Dockerfile
index c1bf444b88..784d3a3728 100644
--- a/19/alpine3.16/Dockerfile
+++ b/19/alpine3.18/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.18
 
 ENV NODE_VERSION 19.9.0
 
diff --git a/19/alpine3.16/docker-entrypoint.sh b/19/alpine3.18/docker-entrypoint.sh
similarity index 100%
rename from 19/alpine3.16/docker-entrypoint.sh
rename to 19/alpine3.18/docker-entrypoint.sh
diff --git a/20/alpine3.16/Dockerfile b/20/alpine3.18/Dockerfile
similarity index 99%
rename from 20/alpine3.16/Dockerfile
rename to 20/alpine3.18/Dockerfile
index f4c95a2b58..ba3e82432d 100644
--- a/20/alpine3.16/Dockerfile
+++ b/20/alpine3.18/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.18
 
 ENV NODE_VERSION 20.2.0
 
diff --git a/20/alpine3.16/docker-entrypoint.sh b/20/alpine3.18/docker-entrypoint.sh
similarity index 100%
rename from 20/alpine3.16/docker-entrypoint.sh
rename to 20/alpine3.18/docker-entrypoint.sh
diff --git a/architectures b/architectures
index 094b44113f..35472178f8 100644
--- a/architectures
+++ b/architectures
@@ -1,8 +1,8 @@
 bashbrew-arch  variants
-amd64          alpine3.16,alpine3.17,bullseye,bullseye-slim,buster,buster-slim
-arm32v6        alpine3.16,alpine3.17
-arm32v7        alpine3.16,alpine3.17,bullseye,bullseye-slim,buster,buster-slim
-arm64v8        alpine3.16,alpine3.17,bullseye,bullseye-slim,buster,buster-slim
-i386           alpine3.16,alpine3.17
-ppc64le        alpine3.16,alpine3.17,bullseye,bullseye-slim,buster,buster-slim
-s390x          alpine3.16,alpine3.17,bullseye,bullseye-slim,buster,buster-slim
+amd64          alpine3.17,alpine3.18,bullseye,bullseye-slim,buster,buster-slim
+arm32v6        alpine3.17,alpine3.18
+arm32v7        alpine3.17,alpine3.18,bullseye,bullseye-slim,buster,buster-slim
+arm64v8        alpine3.17,alpine3.18,bullseye,bullseye-slim,buster,buster-slim
+i386           alpine3.17,alpine3.18
+ppc64le        alpine3.17,alpine3.18,bullseye,bullseye-slim,buster,buster-slim
+s390x          alpine3.17,alpine3.18,bullseye,bullseye-slim,buster,buster-slim
diff --git a/config b/config
index c5f634c115..5bcef7797e 100644
--- a/config
+++ b/config
@@ -1,4 +1,4 @@
 baseuri     https://nodejs.org/dist
 default_variant bullseye
-alpine_version  3.17
+alpine_version  3.18
 debian_versions stretch bullseye buster
diff --git a/versions.json b/versions.json
index f8d6a047a3..3c97ae1ee7 100644
--- a/versions.json
+++ b/versions.json
@@ -5,10 +5,10 @@
     "maintenance": "2024-10-22",
     "end": "2026-04-30",
     "codename": "",
-    "alpine-default": "alpine3.17",
+    "alpine-default": "alpine3.18",
     "debian-default": "bullseye",
     "variants": {
-      "alpine3.16": [
+      "alpine3.17": [
         "amd64",
         "arm32v6",
         "arm32v7",
@@ -16,7 +16,7 @@
         "ppc64le",
         "s390x"
       ],
-      "alpine3.17": [
+      "alpine3.18": [
         "amd64",
         "arm32v6",
         "arm32v7",
@@ -56,10 +56,10 @@
     "maintenance": "2023-04-01",
     "end": "2023-06-01",
     "codename": "",
-    "alpine-default": "alpine3.17",
+    "alpine-default": "alpine3.18",
     "debian-default": "bullseye",
     "variants": {
-      "alpine3.16": [
+      "alpine3.17": [
         "amd64",
         "arm32v6",
         "arm32v7",
@@ -67,7 +67,7 @@
         "ppc64le",
         "s390x"
       ],
-      "alpine3.17": [
+      "alpine3.18": [
         "amd64",
         "arm32v6",
         "arm32v7",
@@ -107,10 +107,10 @@
     "maintenance": "2023-10-18",
     "end": "2025-04-30",
     "codename": "hydrogen",
-    "alpine-default": "alpine3.17",
+    "alpine-default": "alpine3.18",
     "debian-default": "bullseye",
     "variants": {
-      "alpine3.16": [
+      "alpine3.17": [
         "amd64",
         "arm32v6",
         "arm32v7",
@@ -118,7 +118,7 @@
         "ppc64le",
         "s390x"
       ],
-      "alpine3.17": [
+      "alpine3.18": [
         "amd64",
         "arm32v6",
         "arm32v7",
@@ -158,10 +158,10 @@
     "maintenance": "2022-10-18",
     "end": "2024-04-30",
     "codename": "gallium",
-    "alpine-default": "alpine3.17",
+    "alpine-default": "alpine3.18",
     "debian-default": "buster",
     "variants": {
-      "alpine3.16": [
+      "alpine3.17": [
         "amd64",
         "arm32v6",
         "arm32v7",
@@ -169,7 +169,7 @@
         "ppc64le",
         "s390x"
       ],
-      "alpine3.17": [
+      "alpine3.18": [
         "amd64",
         "arm32v6",
         "arm32v7",

From d951a7ff95eac09985446409589d6ea75ac42f96 Mon Sep 17 00:00:00 2001
From: Jesper Noordsij <jesper@sslleiden.nl>
Date: Wed, 10 May 2023 18:51:57 +0200
Subject: [PATCH 2/2] Use temporary gpg directory to disable automatic use of
 keybox daemon

---
 16/alpine3.17/Dockerfile   | 8 ++++++++
 16/alpine3.18/Dockerfile   | 8 ++++++++
 18/alpine3.17/Dockerfile   | 8 ++++++++
 18/alpine3.18/Dockerfile   | 8 ++++++++
 19/alpine3.17/Dockerfile   | 8 ++++++++
 19/alpine3.18/Dockerfile   | 8 ++++++++
 20/alpine3.17/Dockerfile   | 8 ++++++++
 20/alpine3.18/Dockerfile   | 8 ++++++++
 Dockerfile-alpine.template | 8 ++++++++
 9 files changed, 72 insertions(+)

diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile
index d45280c9a8..4b5e6bdbec 100644
--- a/16/alpine3.17/Dockerfile
+++ b/16/alpine3.17/Dockerfile
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
@@ -53,6 +55,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -73,6 +77,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 1.22.19
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -82,6 +88,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile
index a6d1d87162..a5f6838ee4 100644
--- a/16/alpine3.18/Dockerfile
+++ b/16/alpine3.18/Dockerfile
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
@@ -53,6 +55,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -73,6 +77,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 1.22.19
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -82,6 +88,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
diff --git a/18/alpine3.17/Dockerfile b/18/alpine3.17/Dockerfile
index 552a1495d5..5c95e2e6ab 100644
--- a/18/alpine3.17/Dockerfile
+++ b/18/alpine3.17/Dockerfile
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
@@ -53,6 +55,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -73,6 +77,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 1.22.19
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -82,6 +88,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
diff --git a/18/alpine3.18/Dockerfile b/18/alpine3.18/Dockerfile
index 4a79346c3c..c0870b3110 100644
--- a/18/alpine3.18/Dockerfile
+++ b/18/alpine3.18/Dockerfile
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
@@ -53,6 +55,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -73,6 +77,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 1.22.19
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -82,6 +88,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
diff --git a/19/alpine3.17/Dockerfile b/19/alpine3.17/Dockerfile
index e90dc92796..85f68f6375 100644
--- a/19/alpine3.17/Dockerfile
+++ b/19/alpine3.17/Dockerfile
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
@@ -53,6 +55,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -73,6 +77,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 1.22.19
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -82,6 +88,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
diff --git a/19/alpine3.18/Dockerfile b/19/alpine3.18/Dockerfile
index 784d3a3728..a4356915d7 100644
--- a/19/alpine3.18/Dockerfile
+++ b/19/alpine3.18/Dockerfile
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
@@ -53,6 +55,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -73,6 +77,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 1.22.19
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -82,6 +88,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
diff --git a/20/alpine3.17/Dockerfile b/20/alpine3.17/Dockerfile
index 31d6323fdd..8293b75dc1 100644
--- a/20/alpine3.17/Dockerfile
+++ b/20/alpine3.17/Dockerfile
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
@@ -53,6 +55,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -73,6 +77,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 1.22.19
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -82,6 +88,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
diff --git a/20/alpine3.18/Dockerfile b/20/alpine3.18/Dockerfile
index ba3e82432d..1ee8625e95 100644
--- a/20/alpine3.18/Dockerfile
+++ b/20/alpine3.18/Dockerfile
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
@@ -53,6 +55,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -73,6 +77,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 1.22.19
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     6A010C5166006599AA17F08146C2130DFD2497F5 \
   ; do \
@@ -82,6 +88,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index c2e2c5a5a9..553da29bf6 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -34,6 +34,8 @@ RUN addgroup -g 1000 node \
         linux-headers \
         make \
         python3 \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
     # gpg keys listed at https://github.com/nodejs/node#release-keys
     && for key in \
       "${NODE_KEYS[@]}"
@@ -44,6 +46,8 @@ RUN addgroup -g 1000 node \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
     && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
     && tar -xf "node-v$NODE_VERSION.tar.xz" \
     && cd "node-v$NODE_VERSION" \
@@ -64,6 +68,8 @@ RUN addgroup -g 1000 node \
 ENV YARN_VERSION 0.0.0
 
 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
+  # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+  && export GNUPGHOME="$(mktemp -d)" \
   && for key in \
     "${YARN_KEYS[@]}"
   ; do \
@@ -73,6 +79,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
+  && gpgconf --kill all \
+  && rm -rf "$GNUPGHOME" \
   && mkdir -p /opt \
   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \