Closed psftw closed 4 years ago
phadej
commented
4 years ago As far as I see, the gpg checks are used only for stack, would a solution to embed the sha512 sum into Dockerfiles instead?
It's a bit more work to update stack versions, but maybe better than flaky builds?
psftw
commented
4 years ago We have signed artifacts and keys so we might as well use them as intended vs checksums. It turns out, embedding the keys adds more complexity than I'm OK with ( https://github.com/psftw/docker-haskell/commit/465e0640693812b45039b6c6e32295b2275f0a88 ). Splitting up the single RUN command similarly without embedding keys would also help with flakiness, which seems like the right approach.
psftw
commented
4 years ago pushed up changes which split up the build to make fail faster which is the best we can do for now
Note: the original GitHub repository was deleted recently, so we've lost all the issues/discussion :cry:
Building this image is difficult due to issues with GnuPG and key servers. More details in https://github.com/docker-library/faq#openpgp--gnupg-keys-and-verification
The most straight-forward solution would be to directly embed the keys in this repository, though this is not ideal.