Tekki
commented
5 years ago The Travis tests are failing. Has nothing to do with the README, but I'll try to fix it.
Closed Tekki closed 5 years ago
Tekki
commented
5 years ago The Travis tests are failing. Has nothing to do with the README, but I'll try to fix it.
Tekki
commented
5 years ago Still failing. @zakame can you take a look at it?
Addition: This seems to be a common problem when calling key servers from Docker files. Take a look at the following solution: https://github.com/jacobalberty/unifi-docker/commit/599dff10e60ab13796e97fba21a3ac0b45ddaacd
tianon
commented
5 years ago Regarding GPG keyserver flakiness, see https://github.com/docker-library/official-images/issues/4252 (especially https://github.com/docker-library/php/pull/666 / https://github.com/tianon/pgp-happy-eyeballs).
tianon
commented
5 years ago could we also just inline the GPG pubkey here (and avoid using keyserver for this altogether?)
You could, but it's kind of heinous for review on our end (and more annoying for users to verify/validate). See https://gist.github.com/anonymous/362532182df471f1cf72c106cd4427fb / https://gist.github.com/anonymous/306f789c50e2e855e881123b6d83c6d4 for an example of how that ends up looking (which is really, really annoying for users to search to verify that the key being used is the same key published by the project short of downloading and comparing the two files or importing the keys and comparing afterwards).
If you implement just the "happy eyeballs" bit of https://github.com/docker-library/php/pull/666/files#diff-354f30a63fb0907d4ad57269548329e3, this problem should go away for your Travis builds (and they'll then be building in an environment that mimics our official build environment more closely, where we apply very similar DNS hijacking for common PGP keyservers):
- wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash"happy eyeballs" added, and I see green lights. :four_leaf_clover: @tianon thanks for guiding us to the runway!
Changes mentioned in #20.