Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Skip pgp-happy-eyeballs on build tests #11924

Merged
merged 1 commit into from
Feb 25, 2022

Conversation

yosifkit
Copy link
Member

This is the workaround for stale servers that we are seeing in #11917 (comment) and #11727 (comment).

Using this line in generate.sh to skip pgp-happy-eyeballs setup.

I don't think we should remove pgp-happy-eyeballs from the build servers since we haven't hit the stale keyservers there. This can be re-enabled once tianon/pgp-happy-eyeballs#4 has a proper solution.

@tianon tianon merged commit 190e420 into docker-library:master Feb 25, 2022
@tianon tianon deleted the less-happy branch February 25, 2022 00:04
@tianon
Copy link
Member

tianon commented Feb 25, 2022

This can be re-enabled once tianon/pgp-happy-eyeballs#4 has a proper solution.

IMO, we shouldn't re-enable this -- pgp-happy-eyeballs was designed for a time when SKS was relatively healthy, which really isn't the case anymore. The "gossip network" might still be alive and active, but finding a good, up-to-date list of "which servers should we consider as OK" is a very challenging problem that I don't think is worth solving.

Both hkps://keys.openpgp.org and hkps://keyserver.ubuntu.com are great, stable replacements that work well and solve the problem to the extent any of our image builds actually require. 🙈

I think we should probably adjust the wording in https://github.com/docker-library/faq#openpgp--gnupg-keys-and-verification to make the current situation (and our suggested "solutions", ie those two keyservers, preferred in that order) more clear.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants