search

MariaDB / mariadb-docker

Docker Official Image packaging for MariaDB
https://mariadb.org
GNU General Public License v2.0
755 stars 436 forks source link

Cant build docker images - gpg keyserver receive failed: Server indicated a failure #507

Closed cyrax13 closed 1 year ago

cyrax13 commented 1 year ago

Hello there :)

I'm trying to build the latest mariadbs release using dockerfiles from here https://hub.docker.com/_/mariadb/ for the next versions:

10.6.13 - https://github.com/MariaDB/mariadb-docker/blob/b1f92f6f41036992f932f339ba6074ab43809368/10.6/Dockerfile 10.8.8 - https://github.com/MariaDB/mariadb-docker/blob/b1f92f6f41036992f932f339ba6074ab43809368/10.8/Dockerfile 10.9.6 - https://github.com/MariaDB/mariadb-docker/blob/b1f92f6f41036992f932f339ba6074ab43809368/10.9/Dockerfile 10.10.4 - https://github.com/MariaDB/mariadb-docker/blob/b1f92f6f41036992f932f339ba6074ab43809368/10.10/Dockerfile 10.11.3 - https://github.com/MariaDB/mariadb-docker/blob/b1f92f6f41036992f932f339ba6074ab43809368/10.11/Dockerfile

Build crashes on command gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4

After doing a number of tests - the keys.openpgp.org host does not resolve or be determined from any service on the network.

Previous build log from 3+ months ago shows host was alive:

......
#7 53.07 + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
#7 53.08 gpg: keybox '/tmp/tmp.JBK6GMLeg2/pubring.kbx' created
#7 89.37 gpg: /tmp/tmp.JBK6GMLeg2/trustdb.gpg: trustdb created
#7 89.37 gpg: key 036A9C25BF357DD4: public key "Tianon Gravi <tianon@tianon.xyz>" imported
#7 89.39 gpg: Total number processed: 1
#7 89.39 gpg:               imported: 1
#7 89.39 + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 177F4010FE56CA3336300305F1656F24C74CD1D8
#7 89.61 gpg: key F1656F24C74CD1D8: public key "MariaDB Signing Key <signing-key@mariadb.org>" imported
#7 89.61 gpg: Total number processed: 1
#7 89.61 gpg:               imported: 1
#7 89.62 + gpg --batch --export 177F4010FE56CA3336300305F1656F24C74CD1D8
#7 89.63 + command -v gpgconf
#7 89.63 + gpgconf --kill all
......

Current build log failed:

......
#6 43.89 + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
#6 43.90 gpg: keybox '/tmp/tmp.Bi9Zc03QCH/pubring.kbx' created
#6 53.51 gpg: keyserver receive failed: Server indicated a failure
......

Changing the keyserver url from keys.openpgp.org to keyserver.ubuntu.com solves the problem:

#  gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
gpg: key 036A9C25BF357DD4: 11 duplicate signatures removed
gpg: key 036A9C25BF357DD4: public key "Tianon Gravi <tianon@tianon.xyz>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Can you fix this issue (as I understand it in all mariadbs dockerfiles)? Thanks)

grooverdan commented 1 year ago

I was still following https://github.com/docker-library/faq#openpgp--gnupg-keys-and-verification.

I'm not seeing regular problems - https://buildbot.mariadb.org/#/builders/311.

cyrax13 commented 1 year ago

I dont know what happened, but site openpgp.org and service keys.openpgp.org are back online and running, and the command is running successfully:

#  gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
gpg: key 036A9C25BF357DD4: "Tianon Gravi <tianon@tianon.xyz>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

I'm not seeing regular problems - https://buildbot.mariadb.org/#/builders/311.

Looking at the logs, buildbot does not execute any gpg commands, so it will not see this problem) But if you use a dockerfile...

Ok, im closing this issue.

grooverdan commented 1 year ago

Good to be aware of their intermittent failures. Thanks for rechecking.