Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve examples in README #21

Merged
merged 5 commits into from
Nov 27, 2018
Merged

Improve examples in README #21

merged 5 commits into from
Nov 27, 2018

Conversation

Tekki
Copy link
Contributor

@Tekki Tekki commented Nov 18, 2018

Changes mentioned in #20.

@Tekki
Copy link
Contributor Author

Tekki commented Nov 19, 2018

The Travis tests are failing. Has nothing to do with the README, but I'll try to fix it.

@Tekki
Copy link
Contributor Author

Tekki commented Nov 19, 2018

Still failing. @zakame can you take a look at it?
perl6-docker-travis

Addition: This seems to be a common problem when calling key servers from Docker files. Take a look at the following solution: jacobalberty/unifi-docker@599dff1

Dockerfile Outdated
&& gpg --keyserver $keyserver --recv-keys $keyfp \
&& gpg --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \
&& gpg --no-tty --keyserver $keyserver --recv-keys $keyfp \
&& gpg --no-tty --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be just --batch on both lines (no need for --no-tty with --batch).

See https://bugs.debian.org/913614 and all the linked things on docker-library/busybox#55 for more information.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tianon could we also just inline the GPG pubkey here (and avoid using keyserver for this altogether?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed, and we still have the error.

@tianon
Copy link
Contributor

tianon commented Nov 20, 2018

Regarding GPG keyserver flakiness, see docker-library/official-images#4252 (especially docker-library/php#666 / https://github.com/tianon/pgp-happy-eyeballs).

README.md Show resolved Hide resolved
README.md Show resolved Hide resolved
Dockerfile Outdated
&& gpg --keyserver $keyserver --recv-keys $keyfp \
&& gpg --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \
&& gpg --no-tty --keyserver $keyserver --recv-keys $keyfp \
&& gpg --no-tty --batch --verify ${tmpdir}/rakudo.tar.gz.asc ${tmpdir}/rakudo.tar.gz \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tianon could we also just inline the GPG pubkey here (and avoid using keyserver for this altogether?)

@tianon
Copy link
Contributor

tianon commented Nov 20, 2018

could we also just inline the GPG pubkey here (and avoid using keyserver for this altogether?)

You could, but it's kind of heinous for review on our end (and more annoying for users to verify/validate). See https://gist.github.com/anonymous/362532182df471f1cf72c106cd4427fb / https://gist.github.com/anonymous/306f789c50e2e855e881123b6d83c6d4 for an example of how that ends up looking (which is really, really annoying for users to search to verify that the key being used is the same key published by the project short of downloading and comparing the two files or importing the keys and comparing afterwards).

If you implement just the "happy eyeballs" bit of https://github.com/docker-library/php/pull/666/files#diff-354f30a63fb0907d4ad57269548329e3, this problem should go away for your Travis builds (and they'll then be building in an environment that mimics our official build environment more closely, where we apply very similar DNS hijacking for common PGP keyservers):

  - wget -qO- 'https://github.com/tianon/pgp-happy-eyeballs/raw/master/hack-my-builds.sh' | bash

@Tekki
Copy link
Contributor Author

Tekki commented Nov 21, 2018

"happy eyeballs" added, and I see green lights. 🍀 @tianon thanks for guiding us to the runway!

Copy link
Contributor

@tianon tianon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anything in particular holding this up? Anything I (or we, as the official images maintainers) can help out with?

Copy link
Member

@zakame zakame left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Tekki for the work and @tianon for the review! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants