Skip to content

Commit d33acdc

Browse files
felliottfelliott
committed
improve gpg reliability
 * gpg key verification occasionally fails due to network issues when attempting to fetch keys. Combat this with two approaches: * Disable ipv6 testing in dirmngr.conf. [1] * Provide a fallback list of keyservers to pull from. [2] [1] usbarmory/usbarmory-debian-base_image#9 (comment) [2] tianon/gosu#39 (comment)
1 parent 4a1944f commit d33acdc

File tree

1 file changed

+13
-8
lines changed

1 file changed

+13
-8
lines changed

Dockerfile

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -32,14 +32,13 @@ RUN usermod -d /home www-data \
3232
gnupg2 \
3333
# gosu
3434
&& export GOSU_VERSION='1.10' \
35-
&& for key in \
36-
# GOSU
37-
B42F6819007F00F88E364FD4036A9C25BF357DD4 \
35+
&& mkdir ~/.gnupg && chmod 600 ~/.gnupg && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
36+
&& for server in hkp://ipv4.pool.sks-keyservers.net:80 \
37+
hkp://ha.pool.sks-keyservers.net:80 \
38+
hkp://pgp.mit.edu:80 \
39+
hkp://keyserver.pgp.com:80 \
3840
; do \
39-
gpg --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys "$key" || \
40-
gpg --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys "$key" || \
41-
gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" || \
42-
gpg --keyserver hkp://keyserver.pgp.com:80 --recv-keys "$key" \
41+
gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || echo "Trying new server..." \
4342
; done \
4443
&& curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
4544
&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
@@ -63,7 +62,13 @@ RUN apt-get update \
6362
&& apt-get install -y \
6463
curl \
6564
gnupg2 \
66-
&& gpg --keyserver pool.sks-keyservers.net --recv-keys AFEEAEA3 \
65+
&& for server in hkp://ipv4.pool.sks-keyservers.net:80 \
66+
hkp://ha.pool.sks-keyservers.net:80 \
67+
hkp://pgp.mit.edu:80 \
68+
hkp://keyserver.pgp.com:80 \
69+
; do \
70+
gpg --keyserver "$server" --recv-keys AFEEAEA3 && break || echo "Trying new server..." \
71+
; done \
6772
&& curl -SL "$LIBREOFFICE_MIRROR_URL/$LIBREOFFICE_VERSION/deb/x86_64/$LIBREOFFICE_ARCHIVE" -o $LIBREOFFICE_ARCHIVE \
6873
&& curl -SL "$LIBREOFFICE_MIRROR_URL/$LIBREOFFICE_VERSION/deb/x86_64/$LIBREOFFICE_ARCHIVE.asc" -o $LIBREOFFICE_ARCHIVE.asc \
6974
&& gpg --verify "$LIBREOFFICE_ARCHIVE.asc" \

0 commit comments

Comments
 (0)