GPG Keyserver for gosu key intermittently fails

[craSH]

Host operating system

macOS High Sierra 10.13

Docker Version

Client:
 Version:      17.09.0-ce
 API version:  1.32
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:40:09 2017
 OS/Arch:      darwin/amd64

Server:
 Version:      17.09.0-ce
 API version:  1.32 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:45:38 2017
 OS/Arch:      linux/amd64
 Experimental: false

What tag are you using

Example: beta

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

docker build -t unifi-beta --build-arg PKGURL=<unifi-beta-controller-url>/unifi_sysvinit_all.deb .

What do you expect to happen?

Command within Dockerfile to retrieve the PGP key should succeed, and then proceed to import it/continue as normal.

What actually happens?

[...]


2017-10-16 06:31:30 (33.1 MB/s) - '/usr/local/bin/gosu.asc' saved [543/543]

+ mktemp -d
+ export GNUPGHOME=/tmp/tmp.8DN8Bjgz7Y
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
gpg: keybox '/tmp/tmp.8DN8Bjgz7Y/pubring.kbx' created
gpg: keyserver receive failed: Cannot assign requested address

If I run the same gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 command on my host system (same network path to the keyserver), I also observe an error. The GPG version is different, so the output differs a little:

gpg: keyserver receive failed: No data

Similar issue reported elsewhere

This is the same issue as reported in this other project's issue, and it is not specific to that project nor this one, but just an issue with the particular GPG keyserver that is being used: tianon/gosu#35

There is a workaround suggested in that issue thread for trying several explicit keyservers until the command succeeds, since it appears that if a single server within a pool fails, the client just aborts entirely. Would you be open to having something like that implemented to handle this situation?

[jacobalberty]

I'd seen the thread and have played with it the list on my local branch. I just spent all of my free time today straightening out the travis-ci checks. I'll check in the fix for this shortly

[craSH]

Thanks!

[jacobalberty]

NP, thanks for the curl fix as well

[marcus-aa]

It is some kind of IPV6-related issue. Try ipv4.pool.sks-keyservers.net instead.