Conversation
|
The Travis tests are failing. Has nothing to do with the README, but I'll try to fix it. |
|
Still failing. @zakame can you take a look at it? Addition: This seems to be a common problem when calling key servers from Docker files. Take a look at the following solution: jacobalberty/unifi-docker@599dff1 |
Dockerfile
Outdated
| && gpg --keyserver $keyserver --recv-keys $keyfp \ | ||
| && gpg --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \ | ||
| && gpg --no-tty --keyserver $keyserver --recv-keys $keyfp \ | ||
| && gpg --no-tty --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \ |
There was a problem hiding this comment.
This should be just --batch on both lines (no need for --no-tty with --batch).
See https://bugs.debian.org/913614 and all the linked things on docker-library/busybox#55 for more information.
There was a problem hiding this comment.
@tianon could we also just inline the GPG pubkey here (and avoid using keyserver for this altogether?)
There was a problem hiding this comment.
Changed, and we still have the error.
|
Regarding GPG keyserver flakiness, see docker-library/official-images#4252 (especially docker-library/php#666 / https://github.com/tianon/pgp-happy-eyeballs). |
Dockerfile
Outdated
| && gpg --keyserver $keyserver --recv-keys $keyfp \ | ||
| && gpg --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \ | ||
| && gpg --no-tty --keyserver $keyserver --recv-keys $keyfp \ | ||
| && gpg --no-tty --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \ |
There was a problem hiding this comment.
@tianon could we also just inline the GPG pubkey here (and avoid using keyserver for this altogether?)
You could, but it's kind of heinous for review on our end (and more annoying for users to verify/validate). See https://gist.github.com/anonymous/362532182df471f1cf72c106cd4427fb / https://gist.github.com/anonymous/306f789c50e2e855e881123b6d83c6d4 for an example of how that ends up looking (which is really, really annoying for users to search to verify that the key being used is the same key published by the project short of downloading and comparing the two files or importing the keys and comparing afterwards). If you implement just the "happy eyeballs" bit of https://github.com/docker-library/php/pull/666/files#diff-354f30a63fb0907d4ad57269548329e3, this problem should go away for your Travis builds (and they'll then be building in an environment that mimics our official build environment more closely, where we apply very similar DNS hijacking for common PGP keyservers): - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash |
|
"happy eyeballs" added, and I see green lights. 🍀 @tianon thanks for guiding us to the runway! |
tianon
left a comment
tianon
left a comment
There was a problem hiding this comment.
Anything in particular holding this up? Anything I (or we, as the official images maintainers) can help out with?
3 participants
Changes mentioned in #20.