Build 5.8.23 failed

[thatguystone]

It looks like docker-build.sh failed silently when it couldn't import mongo's signing key. It might be beneficial to add set -e so that the script always bails on error.

From the logs:

Executing: /tmp/tmp.8FLFQQ2deg/gpg.1.sh --keyserver
hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6

gpg: requesting key A15703C6 from hkp server keyserver.ubuntu.com

gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm

gpgkeys: key 0C49F3730359A14518585931BC711F9BA15703C6 can't be retrieved

...

W: GPG error: http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY BC711F9BA15703C6
W: The repository 'http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 Release' is not signed.

...

Reading package lists...
Building dependency tree...
Reading state information...

The following additional packages will be installed:
  binutils jsvc libcommons-daemon-java mongodb-org-mongos mongodb-org-server
  mongodb-org-shell mongodb-org-tools

Suggested packages:
  binutils-doc java-virtual-machine

The following NEW packages will be installed:
  binutils jsvc libcommons-daemon-java mongodb-org mongodb-org-mongos
  mongodb-org-server mongodb-org-shell mongodb-org-tools unifi

0 upgraded, 9 newly installed, 0 to remove and 4 not upgraded.
Need to get 70.3 MB/137 MB of archives.
After this operation, 405 MB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  mongodb-org-server mongodb-org-shell mongodb-org-mongos mongodb-org-tools
  mongodb-org

[jacobalberty]

Looks like 'latest' tag succeeded so it worked, rebuilding 5.8.23 tag now with set -e.

I need to add a retry to it though as a proper fix

[thatguystone]

In my experience, retrying on gpg recv failures typically doesn't work; when a key server is down, it's usually down for a while. Trying different keyservers seems to be what others haven done: https://github.com/tianon/gosu/issues/35#issuecomment-293015727

[jacobalberty]

In this instance it was definitely an ephemeral failure as images succeeded both right before and after, but keyserver.ubuntu.com is a pool so a retry should hit the next server in the pool, though it looks like theres only 2 servers in that pool.

[jacobalberty]

looks like the keys only exist on the ubuntu keyservers anyway, I can't find them on any of the other servers tianon suggests, need to just go with a basic retry

[thatguystone]

That's odd. I just tried them all, and they all have both keys:

$ for server in ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80 pgp.mit.edu; do echo $server; gpg --keyserver $server --recv C0A52C50 0C49F3730359A14518585931BC711F9BA15703C6; echo; done

ha.pool.sks-keyservers.net
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

hkp://p80.pool.sks-keyservers.net:80
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

keyserver.ubuntu.com
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

hkp://keyserver.ubuntu.com:80
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

pgp.mit.edu
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

[Apteryks]

That was probably just an issue with the key server. Some people had encountered the same the same problem retrieving the GNU Ring key (https://git.ring.cx/savoirfairelinux/ring-project/issues/491) but depending on the server used it would work or not:

sudo apt-key adv --keyserver pgp.mit.edu --recv-keys A295D773307D25A33AE72F2F64CD5FA175348F84
sudo: unable to resolve host pc-hlefeuvre
Executing: /tmp/tmp.7VdgBwOIxG/gpg.1.sh --keyserver
pgp.mit.edu
--recv-keys
A295D773307D25A33AE72F2F64CD5FA175348F84
gpg: requesting key 75348F84 from hkp server pgp.mit.edu
gpgkeys: key A295D773307D25A33AE72F2F64CD5FA175348F84 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm

But then:

 sudo apt-key adv --keyserver sks.rarc.net --recv-keys
A295D773307D25A33AE72F2F64CD5FA175348F84 Executing: /tmp/tmp.pR9wfUifv/gpg.1.sh --keyserver sks.rarc.net --recv-keys A295D773307D25A33AE72F2F64CD5FA175348F84
gpg: requesting key 75348F84 from hkp server sks.rarc.net
gpg: key 75348F84: public key "Ring - Savoir-Faire Linux, Inc ring@lists.savoirfairelinux.net" imported
gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)

[thatguystone]

Since this seems to be resolved, I'm going to close.