Skip to content

Better support of gpg keys installation behind a proxy #621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 5, 2018
Merged

Better support of gpg keys installation behind a proxy #621

merged 1 commit into from
Feb 5, 2018

Conversation

paolomainardi
Copy link
Contributor

Building the base image from scratch starting from the source in a proxied environment, it can cause issues using gpg to import keys, this MR address the issue by changing the gpg host port to 80 and adding the protocol.

Refs: https://unix.stackexchange.com/questions/75892/keyserver-timed-out-when-trying-to-add-a-gpg-public-key

@chorrell
Copy link
Contributor

chorrell commented Feb 5, 2018

LGTM!

And it looks like this might solve the random timeouts and failures we've seen in Travis-CI when fetching gpg keys. Looking at the test builds for this PR, the builds are faster and there are no delays or retries when fetching the gpg keys:

https://travis-ci.org/nodejs/docker-node/builds/337534011

Previous builds, particularly the failed ones, you see a lot of No route to host errors

chorrell

This comment was marked as off-topic.

Sign in to view

SimenB

This comment was marked as off-topic.

Sign in to view

chorrell pushed a commit to chorrell/docker-image-testing-example that referenced this pull request Feb 5, 2018
Better support of gpg keys installation behind a proxy
8bcdfe1 
See
https://unix.stackexchange.com/questions/75892/keyserver-timed-out-when-trying-to-add-a-gpg-public-key

nodejs/docker-node#621
@chorrell chorrell merged commit 0fae949 into nodejs:master Feb 5, 2018
@chorrell
Copy link
Contributor

chorrell commented Feb 5, 2018

I'm not sure if hkp://ha.pool.sks-keyservers.net:80 actually works.

When I try that locally I get:

$ gpg --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg: keyserver receive failed: No route to host

@tianon
Copy link
Contributor

tianon commented Feb 5, 2018 via email

@chorrell
Copy link
Contributor

chorrell commented Feb 5, 2018

ah, right, forgot about the p80. I'll do a follow up PR.

@chorrell
Copy link
Contributor

chorrell commented Feb 5, 2018

For reference:

$ gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
key 7434390BDBE9B9C5:
4 signatures not checked due to missing keys
gpg: key 7434390BDBE9B9C5: "Colin Ihrig <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

@chorrell chorrell mentioned this pull request Feb 5, 2018
Closed
@paolomainardi paolomainardi mentioned this pull request Feb 5, 2018
Merged
@kfarnung kfarnung mentioned this pull request Feb 7, 2018
Merged
@chorrell chorrell mentioned this pull request Feb 16, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chorrell chorrell chorrell approved these changes

@SimenB SimenB SimenB approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@paolomainardi @chorrell @tianon @SimenB