search

jlesage / docker-baseimage-gui

A minimal docker baseimage to ease creation of X graphical application containers
MIT License
1.2k stars 179 forks source link

Add RSA signing keys for untrusted installation of CJK font, fix #39 #73

Closed benedict-chan closed 2 years ago

benedict-chan commented 2 years ago

The installation of CJK font has error:

[cont-init.d] 10-cjk-font.sh: installing CJK font... [cont-init.d] 10-cjk-font.sh: fetch http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz [cont-init.d] 10-cjk-font.sh: WARNING: Ignoring http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz: UNTRUSTED signature

Applying this can fix the issues, https://alpinelinux.org/posts/Alpine-edge-signing-keys-rotated.html

Will also PR you on the v4 branch

jlesage commented 2 years ago

On what version of the baseimage the issue is seen ?

benedict-chan commented 2 years ago

On what version of the baseimage the issue is seen ?

I have the issue on the latest firefox image for more than a month. I tested it via executing the command in the container when it is running. From the edge link command it is related to Alpine version 3.16, and based on latest firefox image it is using baseimage: jlesage/baseimage-gui:alpine-3.15-v3.5.8

Note, I however tried to make a new image based on jlesage/baseimage-gui:alpine-3.15-v3.5.8, and run it with CJK enabled, it did installed successfully without issue.

I actually tried to build baseimage locally to really test it but it failed building.

I searched and looks like you only add edge for this font so I added the fix here.

jlesage commented 2 years ago

It seems that latest versions of the baseimage already have the right keys.

I ran the following test:

docker pull jlesage/firefox && docker run --rm -e ENABLE_CJK_FONT=1 jlesage/firefox

And you can see that CJK font is installing correctly:

[cont-init.d] 10-cjk-font.sh: executing...
[cont-init.d] 10-cjk-font.sh: installing CJK font...
[cont-init.d] 10-cjk-font.sh: fetch http://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
[cont-init.d] 10-cjk-font.sh: fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
[cont-init.d] 10-cjk-font.sh: fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
[cont-init.d] 10-cjk-font.sh: (1/1) Installing font-wqy-zenhei (0.9.45-r2)
[cont-init.d] 10-cjk-font.sh: Executing fontconfig-2.13.1-r4.trigger
[cont-init.d] 10-cjk-font.sh: Executing mkfontscale-1.2.1-r1.trigger
[cont-init.d] 10-cjk-font.sh: OK: 444 MiB in 165 packages
[cont-init.d] 10-cjk-font.sh: exited 0.

Are you sure you are using the latest Firefox image ?

benedict-chan commented 2 years ago

Oops, turns out my image is old, sorry about that, I will close the PRs.