disser4
commented
11 months ago +1 on this issue!
Closed tianon closed 10 months ago
disser4
commented
11 months ago +1 on this issue!
jinwen-zou-rechargeapps
commented
11 months ago +1, breaking many tools.
hiroshinakasone
commented
11 months ago Is b7b3b788a8d3785c new key?
https://keyserver.ubuntu.com/pks/lookup?search=mysql-build%40oss.oracle.com&fingerprint=on&op=index
glennslaven
commented
11 months ago If you're just looking to build a docker file from the MySQL Debian images you can just add this
rm /etc/apt/sources.list.d/mysql.listto your Dockerfile or run in your container before doing any apt operations. Since the MySQL resources are already included in the image, you probably don't need to apt-get install any of them anyway.
tianon
commented
11 months ago Oh interesting, https://repo.mysql.com/RPM-GPG-KEY-mysql-2023 wasn't listed on https://repo.mysql.com/ yesterday :eyes:
This does require that Oracle / MySQL re-sign their APT repo with the new key if we're supposed to swap though, and I'm not sure yet if they've done that step.
root@519c19c8b144:/# wget -qO- 'https://repo.mysql.com/RPM-GPG-KEY-mysql-2023' | gpg --import
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key B7B3B788A8D3785C: public key "MySQL Release Engineering <mysql-build@oss.oracle.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@519c19c8b144:/# gpg --fingerprint
/root/.gnupg/pubring.kbx
------------------------
pub rsa4096 2023-10-23 [SC] [expires: 2025-10-22]
BCA4 3417 C3B4 85DD 128E C6D4 B7B3 B788 A8D3 785C
uid [ unknown] MySQL Release Engineering <mysql-build@oss.oracle.com>
sub rsa4096 2023-10-23 [E] [expires: 2025-10-22]
Cartman75
commented
11 months ago They have been uploaded to debian, we have been able to use the new signed copies. I dont know about other distrabutions.
mtovmassian
commented
11 months ago @glennslaven thank you for the workaround and @yosifkit thank you for the fix. Can we estimate when it will be available through the Docker mysql:5.7-debian image ?
yosifkit
commented
11 months ago @yosifkit thank you for the fix. Can we estimate when it will be available through the Docker
mysql:5.7-debianimage ?
It will not be updated; the 5.7-debian images were dropped a while back when the packages were no longer updated: https://github.com/docker-library/mysql/pull/987 (https://www.mysql.com/support/eol-notice.html, "Support EOL for Debian 10")
farazsiddiqui2010
commented
11 months ago What about the older images like mysql:5.7.42-debian. It should be supported as many productions are running with it.
tianon
commented
11 months ago Unfortunately, we cannot control MySQL upstream's support or end of life (we're merely packagers of what they publish).
tianon
commented
10 months ago "Hooray", hitting the RPM repos now :smile:
Looks like https://bugs.mysql.com/bug.php?id=85029 has resurged today with an expiration of the PGP key used for signing MySQL releases. :sweat_smile:
It appears that RPM/DNF/YUM don't mind the key being expired, but APT sure does, and fails our (re)builds on 8.0 and 5.7 (Debian-based images).
@ltangvald do you think there's a chance of this key getting a renewed expiration date? If not, we'll probably consider applying something like https://github.com/debuerreotype/debuerreotype/blob/60b625d1ce31bd81525bb67fc3a33f9686bc3433/scripts/.gpgv-ignore-expiration.sh during our build instead (so we still get the cryptographic benefits of PGP but without honoring/failing on the expiration date).
For reference: