-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve examples in README #21
Conversation
The Travis tests are failing. Has nothing to do with the README, but I'll try to fix it. |
Still failing. @zakame can you take a look at it? Addition: This seems to be a common problem when calling key servers from Docker files. Take a look at the following solution: jacobalberty/unifi-docker@599dff1 |
Dockerfile
Outdated
&& gpg --keyserver $keyserver --recv-keys $keyfp \ | ||
&& gpg --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \ | ||
&& gpg --no-tty --keyserver $keyserver --recv-keys $keyfp \ | ||
&& gpg --no-tty --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be just --batch
on both lines (no need for --no-tty
with --batch
).
See https://bugs.debian.org/913614 and all the linked things on docker-library/busybox#55 for more information.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tianon could we also just inline the GPG pubkey here (and avoid using keyserver for this altogether?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed, and we still have the error.
Regarding GPG keyserver flakiness, see docker-library/official-images#4252 (especially docker-library/php#666 / https://github.com/tianon/pgp-happy-eyeballs). |
Dockerfile
Outdated
&& gpg --keyserver $keyserver --recv-keys $keyfp \ | ||
&& gpg --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \ | ||
&& gpg --no-tty --keyserver $keyserver --recv-keys $keyfp \ | ||
&& gpg --no-tty --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tianon could we also just inline the GPG pubkey here (and avoid using keyserver for this altogether?)
You could, but it's kind of heinous for review on our end (and more annoying for users to verify/validate). See https://gist.github.com/anonymous/362532182df471f1cf72c106cd4427fb / https://gist.github.com/anonymous/306f789c50e2e855e881123b6d83c6d4 for an example of how that ends up looking (which is really, really annoying for users to search to verify that the key being used is the same key published by the project short of downloading and comparing the two files or importing the keys and comparing afterwards). If you implement just the "happy eyeballs" bit of https://github.com/docker-library/php/pull/666/files#diff-354f30a63fb0907d4ad57269548329e3, this problem should go away for your Travis builds (and they'll then be building in an environment that mimics our official build environment more closely, where we apply very similar DNS hijacking for common PGP keyservers): - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash |
"happy eyeballs" added, and I see green lights. 🍀 @tianon thanks for guiding us to the runway! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Anything in particular holding this up? Anything I (or we, as the official images maintainers) can help out with?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes mentioned in #20.