Closed psftw closed 4 years ago
As far as I see, the gpg checks are used only for stack
, would a solution to embed the sha512
sum into Dockerfile
s instead?
It's a bit more work to update stack versions, but maybe better than flaky builds?
We have signed artifacts and keys so we might as well use them as intended vs checksums. It turns out, embedding the keys adds more complexity than I'm OK with ( https://github.com/psftw/docker-haskell/commit/465e0640693812b45039b6c6e32295b2275f0a88 ). Splitting up the single RUN command similarly without embedding keys would also help with flakiness, which seems like the right approach.
pushed up changes which split up the build to make fail faster which is the best we can do for now
Note: the original GitHub repository was deleted recently, so we've lost all the issues/discussion :cry:
Building this image is difficult due to issues with GnuPG and key servers. More details in https://github.com/docker-library/faq#openpgp--gnupg-keys-and-verification
The most straight-forward solution would be to directly embed the keys in this repository, though this is not ideal.