search

blacktop / docker-kibana-alpine

Alpine Linux based Kibana Docker Image
MIT License
73 stars 32 forks source link

All gpg keyservers in dockerfile are failing now #14

Open forney-tehama opened 3 years ago

forney-tehama commented 3 years ago

This snippet seems to be rendered useless now for the gpg verification step as none of the 3 keyservers are giving good responses anymore. It's not ideal, but to workaround it you can comment out this whole section:

if [ "$TARBALL_ASC" ]; then \
  wget --progress=bar:force -O kibana.tar.gz.asc "$TARBALL_ASC"; \
  export GNUPGHOME="$(mktemp -d)"; \
  ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
  || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \
  || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \
  gpg --batch --verify kibana.tar.gz.asc kibana.tar.gz; \
  rm -rf "$GNUPGHOME" kibana.tar.gz.asc || true; \
  fi; \

Errors I'm seeing:

$ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "46095ACC8548582C1A2699A9D27D666CD88E42B4"
gpg: keyserver receive failed: No name

$ gpg --keyserver pgp.mit.edu --recv-keys "46095ACC8548582C1A2699A9D27D666CD88E42B4"
gpg: keyserver receive failed: No keyserver available

$ gpg --keyserver keyserver.pgp.com --recv-keys "46095ACC8548582C1A2699A9D27D666CD88E42B4"
gpg: keyserver receive failed: Connection timed out

It does look like the following is operational, however, if you want to switch to that:

forney-tehama commented 2 years ago

Following up - checked again today and those gpg servers are still behaving the same; so this issue still remains and is current.

blacktop commented 2 years ago

https://github.com/blacktop/docker-kibana-alpine/runs/4890954240?check_suite_focus=true

haven't dug into it yet, but it looks like that also fails?

forney-tehama commented 2 years ago

Seeing it now too.

What about something like: curl https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --import

Basically a similar step as provided here for importing the gpg key: https://www.elastic.co/guide/en/kibana/current/rpm.html

This method does give a warning though (fingerprint matches though). Maybe there's a better approach?

Example:

gpg: Signature made Thu 28 May 2020 12:44:36 PM EDT
gpg:                using RSA key D27D666CD88E42B4
gpg: Good signature from "Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4609 5ACC 8548 582C 1A26  99A9 D27D 666C D88E 42B4