gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \
TODO find a good link for users to verify this key is right (https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html is one of the only mentions of it I can find); perhaps a note added to https://adoptopenjdk.net/upstream.html would make sense?
no-self-sigs-only: https://salsa.debian.org/debian/gnupg2/commit/c93ca04a53569916308b369c8b218dad5ae8fe07
gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \
gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \
| tee /dev/stderr \
| grep ‘0xA5CD6035332FA671’ \
| grep ‘Andrew Haley’; \
gpg --batch --verify openjdk.tgz.asc openjdk.tgz; \
rm -rf “$GNUPGHOME”; \
\
mkdir -p “$JAVA_HOME”; \
tar --extract \
–file openjdk.tgz \
–directory “$JAVA_HOME” \
–strip-components 1 \
–no-same-owner \
; \
rm openjdk.tgz*; \
\
rm -rf “$JAVA_HOME/jre/lib/security/cacerts”; \