Rultor Reloads GPG Keys on every Build when Decrypting, Failing to Communicate with the Keyserver Fails Builds Needlessly

original-brownbear commented 8 years ago

This is coming from https://github.com/yegor256/rultor/issues/1003:

Currently we have this code in Rultor:

    /**
     * Decrypt instructions.
     * @return Instructions
     * @throws IOException If fails
     */
    public Iterable<String> commands() throws IOException {
        final Collection<XML> assets =
            this.profile.read().nodes("/p/entry[@key='decrypt']/entry");
        final Collection<String> commands = new LinkedList<String>();
        if (!assets.isEmpty()) {
            commands.add("gpgconf --reload gpg-agent");
            commands.add(
                Joiner.on(' ').join(
                    "gpg --keyserver hkp://pool.sks-keyservers.net",
                    this.proxy,
                    "--verbose --recv-keys 9AF0FA4C"
                )
            );
            commands.add("gpg --version");
        }

Part of the issues reported in https://github.com/yegor256/rultor/issues/1003 are a result of the call to the key-server sporadically failing like so:

gpg --keyserver hkp://pool.sks-keyservers.net --verbose --recv-keys 9AF0FA4C
gpg: requesting key 9AF0FA4C from hkp server pool.sks-keyservers.net
gpgkeys: HTTP fetch error 52: Empty reply from server
gpg: no valid OpenPGP data found.

Failing to contact the keyserver needs to be handled in a more reasonable and stable manner. Rultor needs to reload the key from a different server in case the given one fails, this should never be something that breaks a build given the wide availability of key servers.

original-brownbear commented 8 years ago

@alex-palevsky this is a bug.