search

Azure-Samples / azure-sql-library-app-blazor

Library app built with SQL Server and Data API builder as backend, and Blazor as frontend.
MIT License
5 stars 3 forks source link

Pull latest dotnet 6.0-focal image and add Microsoft Signing Keys to avoid expired signature causing deployment failure #8

Open seantleonard opened 5 months ago

seantleonard commented 5 months ago

Purpose

Closes #7

Per #7, I get a deployment error when trying to use the sample because the sample's dockerfile refers to an old image from October 3, 2023:

tag type digest date
0-6.0-focal OCI Image Index sha256:ec557bf5cb00970cd09488f38b15a9bf488cfb8ab15269174b5882f6b3255e82 10/03/2023
And should be pulling latest: tag type digest date
6.0-focal OCI Image Index sha256:d45a9a129eceb58ce018eced364d29959514ebfb096fcc71a375b719693bf7cb 05/30/2024

Also imports Microsoft signing keys to fix gpg error

# Import Microsoft Signing Keys
# https://learn.microsoft.com/dotnet/core/install/linux-ubuntu#unable-to-locate--some-packages-could-not-be-installed
RUN sudo apt-get install -y gpg wget \
    && wget https://packages.microsoft.com/keys/microsoft.asc \
    && cat microsoft.asc | gpg --dearmor -o microsoft.asc.gpg \
    && sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/ \
    && sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg

Background on failure

The deployment errors out seemingly due to docker-outside-of-docker. Not sure if this is the cause or just a symptom of the failure.

5.546 W: GPG error: https://packages.microsoft.com/ubuntu/20.04/prod focal InRel ease: The following signatures couldn't be verified because the public key is no t available: NO_PUBKEY EB3E94ADBE1229CF 5.546 E: The repository 'https://packages.microsoft.com/ubuntu/20.04/prod focal InRelease' is not signed. 5.547 ERROR: Feature "Docker (docker-outside-of-docker)" (ghcr.io/devcontainers/ features/docker-outside-of-docker) failed to install! Look at the documentation at https://github.com/devcontainers/features/tree/main/src/docker-outside-of-doc ker for help troubleshooting this error.

It looks like the docker outside of docker feature install.sh only imports the Microsoft signing keys if Moby is used: https://github.com/devcontainers/features/blob/414d3450434b9072f01afe80cab226c60088224a/src/docker-outside-of-docker/install.sh#L215-L229

I do notice the Sample project I'm using doesn't provide a Moby property, which per docker outside of docker docs, moby should be true by default. Not sure why the key setup isn't working. https://github.com/Azure-Samples/azure-sql-library-app-blazor/blob/0a1ba8c97744d887f209d95c7f932ddf0eb8b04c/.devcontainer/devcontainer.json#L59-L61

        "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
            "version": "latest"
        }

Does this introduce a breaking change?

By staying at .net 6 and Ubuntu 20.04 (focal), this is a non-breaking change.

[ ] Yes
[X] No

Pull Request Type

What kind of change does this Pull Request introduce?

[X] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

  1. Pull latest code from this commit
  2. "Open Folder in Container"
  3. Operation should now succeed without signature failure because latest dotnet image is used.
seantleonard commented 5 months ago

Merge #9 in first to see if fixing the pre-req scripts (which also include importing microsoft signing keys) fixes the root of the issue