Closed thatguystone closed 6 years ago
Looks like 'latest' tag succeeded so it worked, rebuilding 5.8.23 tag now with set -e.
I need to add a retry to it though as a proper fix
In my experience, retrying on gpg recv failures typically doesn't work; when a key server is down, it's usually down for a while. Trying different keyservers seems to be what others haven done: https://github.com/tianon/gosu/issues/35#issuecomment-293015727
In this instance it was definitely an ephemeral failure as images succeeded both right before and after, but keyserver.ubuntu.com is a pool so a retry should hit the next server in the pool, though it looks like theres only 2 servers in that pool.
looks like the keys only exist on the ubuntu keyservers anyway, I can't find them on any of the other servers tianon suggests, need to just go with a basic retry
That's odd. I just tried them all, and they all have both keys:
$ for server in ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80 pgp.mit.edu; do echo $server; gpg --keyserver $server --recv C0A52C50 0C49F3730359A14518585931BC711F9BA15703C6; echo; done
ha.pool.sks-keyservers.net
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
hkp://p80.pool.sks-keyservers.net:80
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
keyserver.ubuntu.com
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
hkp://keyserver.ubuntu.com:80
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
pgp.mit.edu
gpg: key BC711F9BA15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" not changed
gpg: key 06E85760C0A52C50: "UniFi Developers <unifi-dev@ubnt.com>" not changed
gpg: Total number processed: 2
gpg: unchanged: 2
That was probably just an issue with the key server. Some people had encountered the same the same problem retrieving the GNU Ring key (https://git.ring.cx/savoirfairelinux/ring-project/issues/491) but depending on the server used it would work or not:
sudo apt-key adv --keyserver pgp.mit.edu --recv-keys A295D773307D25A33AE72F2F64CD5FA175348F84
sudo: unable to resolve host pc-hlefeuvre
Executing: /tmp/tmp.7VdgBwOIxG/gpg.1.sh --keyserver
pgp.mit.edu
--recv-keys
A295D773307D25A33AE72F2F64CD5FA175348F84
gpg: requesting key 75348F84 from hkp server pgp.mit.edu
gpgkeys: key A295D773307D25A33AE72F2F64CD5FA175348F84 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm
But then:
sudo apt-key adv --keyserver sks.rarc.net --recv-keys
A295D773307D25A33AE72F2F64CD5FA175348F84 Executing: /tmp/tmp.pR9wfUifv/gpg.1.sh --keyserver sks.rarc.net --recv-keys A295D773307D25A33AE72F2F64CD5FA175348F84
gpg: requesting key 75348F84 from hkp server sks.rarc.net
gpg: key 75348F84: public key "Ring - Savoir-Faire Linux, Inc ring@lists.savoirfairelinux.net" imported
gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
Since this seems to be resolved, I'm going to close.
It looks like
docker-build.sh
failed silently when it couldn't import mongo's signing key. It might be beneficial to addset -e
so that the script always bails on error.From the logs: