Open CaffeineDaemon opened 1 month ago
@prathameshzarkar9 / @gauravsaini04 Can either of you help debug this? thanks!
@CaffeineDaemon Can you provide us with a sample repro? also, can you try with an image other than reg.goibykus.de/microsoft-mcr/devcontainers/typescript-node:20-bookworm
? (maybe [mcr.microsoft.com/devcontainers/typescript-node:22](https://github.com/devcontainers/images/tree/main/src/typescript-node)
Decoding the error message you got:
@samruddhikhandale Sorry for the late reply, i was busy and forgot to reply to you. Here is a minimal reproduction of the issue withe the image suggested by you:
{
"name": "test",
"image": "mcr.microsoft.com/devcontainers/typescript-node:22",
"features": {
"ghcr.io/devcontainers/features/git-lfs:1.2.2": {}
}
}
It yields the same error.
But it seems @gauravsaini04 is right, i cannot reach the keyservers from the pipeline runner at all when using the standard port (11371). It seems it is blocked for outgoing connections in our network.
I will try to convince our network guys to open it, but they can be a bit stubborn on this topic.
https://datatracker.ietf.org/doc/html/draft-shaw-openpgp-hkp-00 Section 2 suggests using port 80 instead:
It has been suggested by some that for reasons of maximum compatibility with firewalls and filtering HTTP proxies, it is better to use the standard HTTP port (TCP port 80)
@gauravsaini04 what do you think about adding a fallback to port 80 when the keyservers cannot be reached? This could save me and other users of the feature some trouble.
Edit: Just appending :80 to the keyserver URL seems to work with gpg to use port 80 instead of 11371, i tested it with gpg --keyserver hkp://keyserver.ubuntu.com:80 --search-key 'your@mail.com'
Thanks @CaffeineDaemon for getting back to us, appreciate it!
Re-reading this, looks like the git-lfs
Feature might be running into similar issues as reported in https://github.com/devcontainers/features/issues/1055 (especially because of https://github.com/devcontainers/features/issues/1072#issuecomment-2351997273 and the fact that keys.openpgp.org
sometimes strips user IDs from keys)
@gauravsaini04 Can we make similar changes to the git-lfs
Feature as of https://github.com/devcontainers/features/pull/1056 ? Thanks!
Edit: Just appending :80 to the keyserver URL seems to work with gpg to use port 80 instead of 11371, i tested it with gpg --keyserver hkp://keyserver.ubuntu.com:80 --search-key 'your@mail.com'
If that does't fix the issues faced by @CaffeineDaemon, then we can definitely look into ^ request.
The pipeline job is run in a container based on mcr.microsoft.com/vscode/devcontainers/javascript-node:0-18 with docker, buildx and devcontainer-cli installed on top.
@CaffeineDaemon On a side note, I'd recommend pinning the image to major version 1
instead of 0
in order to receive security patches.
Have added solution in pr #1124
When building our devcontainer on our Gitlab-CI build pipeline (to use it in ci-jobs) with the following command
devcontainer build . --image-name $CI_REGISTRY_IMAGE/devcontainer:$CI_COMMIT_SHA --workspace-folder . --cache-from="type=local,src=.buildx/cache" --cache-to="type=local,dest=.buildx/cache" --cache-to="type=registry,ref=reg.goibykus.de/stp/devcontainer:cache,mode=max,image-manifest=true"
the git-lfs feature fails installation with the following log:
I could not reproduce the issue locally when starting the devcontainer through vscode. Setting the git-lfs feature to Version 1.2.1 fixed the issue in the pipeline. The pipeline job is run in a container based on
mcr.microsoft.com/vscode/devcontainers/javascript-node:0-18
with docker, buildx and devcontainer-cli installed on top.Here is my devcontainer.json and dockerfile: