From 79ad393823f2df7abacf3415a50ff1f9eaf36fc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Andr=C3=A9?= Date: Wed, 30 Jan 2019 11:11:00 +0100 Subject: [PATCH] Fix broken xtrabackup and monasca-grafana images Percona started signing packages with a new public GPG key, without providing it via HTTPS. Ship the PERCONA-PACKAGING-KEY extracted from the percona-release package. https://jira.percona.com/browse/PT-1685 monasca-grafana broken by 'rake' missing when trying to install the 'fpm' gem. Co-Authored-By: Mark Goddard Change-Id: Ica9867448dc20864f2fd4614a295a23a4a625af4 Closes-Bug: #1813906 Closes-Bug: #1813927 --- docker/base/Dockerfile.j2 | 6 ++ docker/base/gpg-keys/PERCONA-PACKAGING-KEY | 77 ++++++++++++++++++++ docker/base/percona-release.repo | 4 +- docker/monasca/monasca-grafana/Dockerfile.j2 | 2 +- 4 files changed, 86 insertions(+), 3 deletions(-) create mode 100644 docker/base/gpg-keys/PERCONA-PACKAGING-KEY diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index 2af3ae8744..79fc0fdffa 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -56,6 +56,11 @@ COPY yum.conf /etc/yum.conf {% endblock %} #### BEGIN REPO ENABLEMENT + +# Workaround https://bugs.launchpad.net/kolla/+bug/1813906 +# https://jira.percona.com/browse/PT-1685 +COPY gpg-keys/PERCONA-PACKAGING-KEY /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY + {% set base_yum_repo_files = [ ] %} @@ -84,6 +89,7 @@ COPY yum.conf /etc/yum.conf 'https://repos.influxdata.com/influxdb.key', 'https://packagecloud.io/gpg.key', 'https://www.percona.com/downloads/RPM-GPG-KEY-percona', + '/etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY', 'https://packages.treasuredata.com/GPG-KEY-td-agent' ] %} {% endif %} diff --git a/docker/base/gpg-keys/PERCONA-PACKAGING-KEY b/docker/base/gpg-keys/PERCONA-PACKAGING-KEY new file mode 100644 index 0000000000..248d7256a6 --- /dev/null +++ b/docker/base/gpg-keys/PERCONA-PACKAGING-KEY @@ -0,0 +1,77 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBFd0veABEADyFa8jPHXhhX1XS9W7Og4p+jLxB0aowElk4Kt6lb/mYjwKmQ77 +9ZKUAvb1xRYFU1/NEaykEl/jxE7RA/fqlqheZzBblB3WLIPM0sMfh/D4fyFCaKKF +k2CSwXtYfhk9DOsBP2K+ZEg0PoLqMbLIBUxPl61ZIy2tnF3G+gCfGu6pMHK7WTtI +nnruMKk51s9Itc9vUeUvRGDcFIiEEq0xJhEX/7J/WAReD5Am/kD4CvkkunSqbhhu +B6DV9tAeEFtDppEHdFDzfHfTOwlHLgTvgVETDgLgTRXzztgBVKl7Gdvc3ulbtowB +uBtbuRr49+QIlcBdFZmM6gA4V5P9/qrkUaarvuIkXWQYs9/8oCd3SRluhdxXs3xX +1/gQQXYHUhcdAWrqS56txncXf0cnO2v5kO5rlOX1ovpNQsc69R52LJKOLA1Kmjca +JNtC+4e+SF2upK14gtXK384z7owXYUA4NRZOEu+UAw7wAoiIWPUfzMEHYi8I3Rsz +EtpVyOQC5YyYgwzIdt4YxlVJ0CUoinvtIygies8LkA5GQvaGJHYG1aQ3i9WDddCX +wtoV1uA4EZlEWjTXlSRc92jhSKut/EWbmYHEUhmvcfFErrxUPqirpVZHSaXY5Rdh +KVFyx9JcRuIQ0SJxeHQPlaEkyhKpTDN5Cw7USLwoXfIu2w0w0W06LdXZ7wARAQAB +tDtQZXJjb25hIERldmVsb3BtZW50IFRlYW0gKFBhY2thZ2luZyBrZXkpIDxpbmZv +QHBlcmNvbmEuY29tPokCNwQTAQgAIQUCWwLC+wIbAwULCQgHAgYVCAkKCwIEFgID +AQIeAQIXgAAKCRCTNKJfhQfvpYf+D/oD7dFS0eXR4OH2g8CACNeTWB2EJ57W0gyL +wko42IjBSOSogB4BMm/3vlk8PefikTU5+Z/fYK3OIJV7kMIEXNfnNzr3QWvafHRR +qGUoTmvP29O5Y4s7oGllIUOlr9gwtSGfHnjtF+WZBhko2uH6KvXBJay28ye4S8sS +zDQdk8RULFN4hfIT4duOjo7Clf4iZtoUX7bVN32NRYH8Ss4IvbdDOAjlzjQa+NgO +SEsDvP3DwRoZQcAIMXngOMlPa/SA87pAcOup/8AvX3i7F7ZfWkKys3jpoSRyt0Ol +InpOrlJqJY4ugSxNkCgz+21kb1EVtIjSY8LAMPzZ5OAiiG0MyOTUyKFhzAkE1Mn3 +Cs9TzNjybPlvPGt6CsckjgReL2XQBqITRsmLOwzWguuqduBlPISVoeGUPpEBj7Hv +Ca7p9QbEaXtN5JmlAFLwPTuM4S5IxG5bEXMFECKL45J8F9G/EGs/qO/HSebQsJ/+ +i5Ct6gElUwIOaaCUPpWG0qwR2aP4QAndvLsaGN7v6BmtLYw8+n5vjIueFXh/gRyI +8eOIxrCUYhukkdM+YQ0h6Xd+X8FvHdYRGHmW86Ro2HkBqqKyXbab04+769jpzCdM +b0oKzXapU94mKuWZ+fOncshTpUN17neFzb1YIc2kcwb3rQxDJNd7IR3mq+d3yapk +vTYlP7uFk7RGUGVyY29uYSBNeVNRTCBEZXZlbG9wbWVudCBUZWFtIChQYWNrYWdp +bmcga2V5KSA8bXlzcWwtZGV2QHBlcmNvbmEuY29tPokCOQQwAQgAIwUCWwLD2Rwd +IFVzZXIgSUQgaXMgbm8gbG9uZ2VyIHZhbGlkAAoJEJM0ol+FB++lW4UQALX2/ofm +ALXhdC0nlh4X1MJLPpmLjyZKTyK3YNOUJukzGW0LVGIq4SAvPxw4oc4zQ1PCQuUG +oj062Fd4sWF1oGFQBOVUAebnyCOcAE1ybcpw9FhdB6ZGa0hTx1RD9jg+OT8e1u62 +XbQyRuLBbbncyIt/lhTcqnCVv14auolAVLuFqiFx5uk2n1x5Y5bs6ABt9Ka0MhYZ +m6Qyhm0kGNYn+AiHEwNgdAboe155zp2augVVDmGS+s+tVD60nnWzZLsZGCCZh2gJ +jyxxXNaIeY7OyaMRQFa3gBVGd7UeJZ1d3MR4nR7wlKMUXSC8a0l+bkgi/sgyAJNg +X3bCiEDRIGxGv/Dgg1/ahKVEch/W0Y+0DyifPzAFtnCBH0c2GJUrU8/c2i1iKhYf +/r/711136Oqd5LDROQGzo4dnzdTs3qEeWdIVkgSwaLUFrw6Kq0tAnZSqHK2WQw3C +1oPdlBMimysOhJnwsmYbtlgRF2/rU7QiuJvMHXqBPfOSHKRcy5hoa5S2+PCe/IXB +Qmod1MlmfsUH6TjwC5SWGFaIm76+ROsiQKie28fAqRLKqeNvuaMqxTsVpYofQZXE +JcSyhwhTcaQxsrYYM+4z8sbdxiIqR7PW6BthsAKCrOr6U53Pm00+yI16Tt7FNcVc +wHl+lRTe/EhDQ93LvbFvB4/Svx/GLdlvdsHaiQI3BBMBCgAhBQJXdL3gAhsDBQsJ +CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEJM0ol+FB++l4koQAKkrRP+K/p/TGlnq +lbNyS5gdSIB1hxT3iFwIdF9EPZq0U+msh8OY7omV/82rJp4T5cIJFvivtWQpEwpU +jJtqBzVrQlF+12D1RFPSoXkmk6t4opAmCsAmAtRHaXIzU9WGJETaHl57Trv5IPMv +15X3TmLnk1mDMSImJoxWJMyUHzA37BlPjvqQZv5meuweLCbL4qJS015s7Uz+1f/F +siDLsrlE0iYCAScfBeRSKF4MSnk5huIGgncaltKJPnNYppXUb2wt+4X2dpY3/V0B +oiG8YBxV6N7sA7lC/OoYF6+H3DMlSxGBQEb1i9b6ypwZIbG6CnM2abLqO67D3XGx +559/FtAgxrDBX1f63MQKlu+tQ9mOrCvSbt+bMGT6frFopgH6XiSOhOiMmjUazVRB +sXRK/HM5qIk5MK0tGPSgpc5tr9NbMDmp58OQZYQscslKhx0EDDYHQyHfYFS2qodu +RwQG4BgpZm2xjGM/auCvdZ+pxjqy7dnEXvMVf0i1BylkyW4p+oK5nEwY3KHljsRx +uJ0+gjfyj64ihNMSqDX5k38T2GPSXm5XAN+/iazlIuiqPQKLZWUjTOwr2/AA6Azt +U/fmsXV2swz8WekqT2fphvWKUOISr3tEGG+HF1iIY43BoAMHYYOcdSI1ZODZq3Wi +c+zlN1WzPshDB+d3acxeV5JhstvPuQINBFd0veABEACfuHVbey5qG5P6rRhAX2pd +d/f7iwHdcW1+evxCfCR5fHzsO1LRwlHM9GRqlztKzgxzAIfgUXqdMXUs6vW8agfk +u553h8gBqrhdq9NH65/YenzV/Sv9c/EGzsBQurau1RC4gfJ4jgAedu4FQKZvVr// +0NTWuJm3el3orYYz4rLq79avSgD7Q/uK8/j71zgCJixsFzjC8ehRlOtMdetPTY36 +zc2LjQSMTSpE7SvEbrk6yDKpQvZabl3dmkEkBvoFpat7x+i3ZtBCzRFTx2rH/9DW +KCO+SuGVBXs8vhLtAvKKjbWGGU9LrmESZcahI6fliH5w28NvpOuJlr8Rn/6jQmJD +DPKO50XKM8hpT6DBqIE99YqYLUzXAKf4Y88FyHvlO6kiVbXaOYz1OTqCWVqjaMYF +biPW6NgDX0hyE9uG0lfNA9P5edqyPSEaTN+kpD9OVqG6R0uPBCFY8u25NrNRhMqI +FQdvI54eEtN0ktFP0FrlFFkg6S+l+3Qsr9sMDKCUVTJ/BkKwqkdhTv5XY4KiIEJQ +jvMKr0vH5lYiPDGX/3KsJL+rxJjA++4Wh40WBLYDSDWSAfCPSokg1lRjOaMDhnH5 +YnUeEk6Mhy61DQRsH+xEpeL/F1L06u0Wh+0iXqKXJA4jvU4XwGSkzg3yaablkYnu +n5myhIQYswIdCyEH4Wl3SQARAQABiQIfBBgBCgAJBQJXdL3gAhsMAAoJEJM0ol+F +B++lxqkQAIC7jz1CWt+tbKgutLRFcxexNQZoTAAPTk3OjqqeCLWO1cmHtmjNSXTc +5rpX78vPEYQjzQpAARZxAppAdeJHBzm9Qrfiyo7TW8P0Gf9c9p1mPUtl2g0BNvRU +7zYzgCF1aIwKtS+XO2UdTT56Gy5vaxd1BiTg8J9ytkIGSkuSXSOASeGC5RmN3SaD +6yomVa483k9kVhhSOUzKwYK9f2WgGhI1xxpVF5LbbRhCoEz4ia/TqJoWdH/agul3 +4AGWOgPRhMu+FEpb/nons73XTwQtcXiZAe9z4ZltVsSciolgRzPwkXxMmWVMme9Y +ymVCPTrzxPi6nc6npSZzE275m02u86V2htwD2MbSuGmcTdmAPPfXgQ5XM57ELElD +bNA1eN1jZAhzYBLv63X+nNOy6ysuac5Q7ozyBOIpNksLleA0+FzsnYmPlGqzYtnD +6nFglDn898jk/LWkwitL472fh8RRbDYffsXealiy6W2TYKrQl52ajLV7D5PUUS9x +SlAPcdPSuXAzh7GhOKDommWwLfPo0uYN3Xja+AkW135ctz4evCpvZjkBTfog07FG +lumduUK5fHvJYiSyV1P5SKr4722C8jWCo2YcS+IsZgVFFuY1bG6HtiImpP75IM0G +3g1uyd2OhF9nGDSxjp4kKWnUoGdV0P1bUXaAbvXRzlIcx7dOD7tZ +=cTh+ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/docker/base/percona-release.repo b/docker/base/percona-release.repo index 6d6e0d26ae..334d296f2f 100644 --- a/docker/base/percona-release.repo +++ b/docker/base/percona-release.repo @@ -3,11 +3,11 @@ name = Percona-Release YUM repository - $basearch baseurl = https://repo.percona.com/release/$releasever/RPMS/$basearch enabled = 0 gpgcheck = 1 -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Percona +gpgkey = https://www.percona.com/downloads/RPM-GPG-KEY-percona [percona-release-noarch] name = Percona-Release YUM repository - noarch baseurl = https://repo.percona.com/release/$releasever/RPMS/noarch enabled = 0 gpgcheck = 1 -gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Percona +gpgkey = https://www.percona.com/downloads/RPM-GPG-KEY-percona diff --git a/docker/monasca/monasca-grafana/Dockerfile.j2 b/docker/monasca/monasca-grafana/Dockerfile.j2 index 4a88bb0a27..a43d71dc03 100644 --- a/docker/monasca/monasca-grafana/Dockerfile.j2 +++ b/docker/monasca/monasca-grafana/Dockerfile.j2 @@ -48,7 +48,7 @@ ARG monasca_grafana_version=grafana4 ARG monasca_grafana_url=https://github.com/monasca/grafana/archive/$monasca_grafana_version.tar.gz {% block monasca_grafana_install %} -RUN gem install fpm \ +RUN gem install rake fpm \ && curl -sSL -o /tmp/monasca-grafana.tgz ${monasca_grafana_url} \ && mkdir -p ${monasca_grafana_build_path} \ && tar --strip 1 -xvf /tmp/monasca-grafana.tgz -C ${monasca_grafana_build_path} \