Purpose of `tee >/dev/null` in Dockerfile?

Question

What is the purpose of tee in Dockerfile lines such as:

RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /etc/apt/keyrings/yarn.gpg >/dev/null

I am familiar with constructs of the form ... | sudo tee file >/dev/null, but since the whole thing runs as root, there's no need for sudo here, and indeed there is no sudo before the tee. It's also not duplicating the output to stdout, since stdout is dumped to /dev/null.

So why not just do this:

RUN curl ... | gpg --dearmor > /etc/apt/keyrings/yarn.gpg

NOTE: I've noticed that in that particular Dockerfile, tee is only ever used after piping from gpg --dearmor. Other files are written directly as ... > file. Could gpg --dearmor have something to do with why tee is needed?

Answer 1

If I understand correctly, https://dl.yarnpkg.com/debian/pubkey.gpg is dearmored and saved to /etc/apt/keyrings/yarn.gpg ?

As you say .... | gpg --dearmor > /etc/apt/keyrings/yarn.gpg should also work. It's is likely someone copied the ... | sudo tee file >/dev/null form you know of and removed the sudo since they saw it unnecessary but didn't give it more thought and didn't realize the tee was also unnecessary.

Something like:

Okay, I need this

*Copy&paste*

But without the sudo, this already runs as root

*deletes sudo*

I don't think you need to overthink it.

Answer 2

It's also of note that even if you need sudo, it's likely unnecessary to use tee, because gpg has an --output file / -o file option.

curl "$url" | gpg --dearmor | sudo tee "$file" >/dev/null

and

curl "$url" | sudo gpg -o "$file" --dearmor >/dev/null

Would produce the same file.