From 930ac1114b9d2c91c2d6c277202a80b729ff9903 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Mon, 23 Aug 2021 14:20:51 -0700 Subject: [PATCH] Fix docker image builds The image builds are trying to fetch a gpg pubkey from keybase which does not exist. This causes the builds to fail. Fix this by vendoring the key in the swift repo directly. This should be more reliable. Upstream bug at https://github.com/just-containers/s6-overlay/issues/352 Note I looked up the pubkey given the hash on that issue and copied its contents into this change. I can't vouch for the validity of this key beyond that. However, if it is listed in that issue and validates the packages from s6 then it is probably good. Change-Id: I3f42fbaae5f246836024f95b549b487b41bd6f1d --- Dockerfile | 2 +- Dockerfile-py3 | 2 +- docker/s6-gpg-pub-key | 69 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 docker/s6-gpg-pub-key diff --git a/Dockerfile b/Dockerfile index 5fb5cddfb2..3584802c4b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,7 +46,7 @@ RUN mkdir /etc/swift && \ echo && \ echo && \ echo "================ installing s6-overlay ===================" && \ - curl https://keybase.io/justcontainers/key.asc | gpg --import && \ + gpg --import /opt/swift/docker/s6-gpg-pub-key && \ gpg --verify /tmp/s6-overlay-$ARCH.tar.gz.sig /tmp/s6-overlay-$ARCH.tar.gz && \ gunzip -c /tmp/s6-overlay-$ARCH.tar.gz | tar -xf - -C / && \ gunzip -c /tmp/socklog-overlay-amd64.tar.gz | tar -xf - -C / && \ diff --git a/Dockerfile-py3 b/Dockerfile-py3 index 89ee92d2a5..fd41853651 100644 --- a/Dockerfile-py3 +++ b/Dockerfile-py3 @@ -46,7 +46,7 @@ RUN mkdir /etc/swift && \ echo && \ echo && \ echo "================ installing s6-overlay ===================" && \ - curl https://keybase.io/justcontainers/key.asc | gpg --import && \ + gpg --import /opt/swift/docker/s6-gpg-pub-key && \ gpg --verify /tmp/s6-overlay-$ARCH.tar.gz.sig /tmp/s6-overlay-$ARCH.tar.gz && \ gunzip -c /tmp/s6-overlay-$ARCH.tar.gz | tar -xf - -C / && \ gunzip -c /tmp/socklog-overlay-amd64.tar.gz | tar -xf - -C / && \ diff --git a/docker/s6-gpg-pub-key b/docker/s6-gpg-pub-key new file mode 100644 index 0000000000..c3a865fa2c --- /dev/null +++ b/docker/s6-gpg-pub-key @@ -0,0 +1,69 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: SKS 1.1.6 +Comment: Hostname: pgp.mit.edu + +mQINBFe3YfMBEAC6pERKLjXDcWWrMU9l68ujJkbCjtnKYRKsIjsmvoETHJkCZaHXX0JoVFth +7OEhEh8wQG6PTWb6HPFWJxKJaLTOS6d5xc7i8iMWFjUkssh7jEJY0unON8OleggjL4bPz2Ra +Ox5hKJru1A8BjDdT4XyYWk+PFjaJGmll7FyqyVIng2bGRYgRah+CjKPjzk1RX5cfz48lO1wg +Fs4rzd/SrpcbqMW1nv57ZCNK1nPrDpXytrMA2ZaMxWa5I13NXTQ9hJw0yhCV46f+4vXBvz4l +0HrVqlZE16iaiW9rniHHM1FFqH9aOMU6PWWNzrO4cyMiNBEgLT5jNAFFteKufUKaOlGRT768 +kyRfvC/uYND3BdZ8EcC+e8Fe+g7Xj/L85853XeCApDIT+FG4Poiby71SWu/PDk9qm/BJ18kh +6f8EJvWJWMBQJCQHYs5LWEU0BUSnFucbJhd6wF+47wDC9hByvwSOc+5Q4BIj4WHoOCYjaeX5 +ET2Kto7+E4UZjC+38q0G7oH4sOfe7FFHW/R9y/9AUj/AGhNx+lyruKOXKuTZByZlHZKWV4LT +mkey3NIRahYKWWZIBN8ndAkP62QHuMGfWOKDC6VwgFVQGkHGYZ3NuEUNsN35P77XY7G7K8dV +wlidTS57JZarNpILNJJsYkfMd6zrRZf9a+cZWMxyvgXKgaCx4QARAQABtDVKdXN0IENvbnRh +aW5lcnMgQm90IDxqdXN0LmNvbnRhaW5lcnMucm9ib3RAZ21haWwuY29tPokCNAQTAQoAHgUC +V7dh8wIbAwMLCQcDFQoIAh4BAheAAxYCAQIZAQAKCRBhAbJ4Oy/RYQrJD/49WWEJXgcZClEt +BQUTo9KZKehAh9K5+455/lFtUh8YEhiF+7HAVlOL3KlGbg/ZUXkrXbGMW4Cm91nz99Fr+rZp +LPcogZ0Lox5IVPn6zjmxRrWuaEvH/SlnhjUiBj9/rMgWwzTSV0PLP6bOhMJ0NIteAgW+jzSy +4Sf4N+3XE1HAeL3sUtYex0FXzRTQAjMAnCa6AJS1dCJRc0tuI13XkiZnVnqELF2CCSnaPj6o +hn/90/sKhr7PSGQznagiAjG49nzqOE/9CRVOy8JqNS+1Y8A1PmCVofvgy3uaPKL/yLMRXk2j ++5Fed9aVGXG3JE5lJjWUAyeL3jTEdE336tc+kHVUXrTSza/akvFHTJQfaw+MVuRIPT2JvZLl +ePOxHgM+U9eOJ7rwXYoLS/e5KrGvhi+LCMO3r4UfIGL3cgtGkM7rwvfY3uMCq7hfoA6d4SGw +h99J6h3M7O9+UxB4VH8yjQJl6ghY0ruEgp1PpKSo9Ogdz/loZpEExnOzp4zrdFalKcy9ehUh +Ody/S79NlKsWOE1DtbM6IQHDxZplT9IJhTxuqrDgsIaYgwUxipqvA/kEU5k5QIIoJU8u5o6i +ZLuC6mlqOhjmLst6/ndXuVAG4GwDKrwxri3zmctxHRwDzTJXsZsKYOqrheO6HRu+6VVVNAI5 +Q/nI/vN79vbZGAb8Z5PgZrkBDQRXt2HzAQgAsrKhLIusc/9dUOPi9f3FN30obwZLZRp8qTND +glqSyAaL5WiiGJII1erM66s1dIv1qqUbTNd6nAKfb2w5zbgAOTAKsGNEzljFKAApdZm/sAyk +Wx9PTqVQov6PAjzgoWC9yH8UcxhvxPtpw+rqnz1oUVK9paszoZWuPz5jAE/ZhdrEXy/51ckS +jJ/p8T55SFK3p6UzSGDqQRfDwHDgDJMIzPABpnPk+ETf/YYWbJwOx81YrlRKBau8XdyBkRlK +ZeZ+SrvDMugn45lWSdjXJZ2BH1U7akuWd7lYP3xI/Vfs2rF3e+7+72W75s/3pOVckdbgn13B +REgdptgOBX9ILCtpwQARAQABiQNEBBgBCgAPBQJXt2HzBQkPCZwAAhsiASkJEGEBsng7L9Fh +wF0gBBkBCgAGBQJXt2HzAAoJECU2yhbfT82iCzoH/iAw5+zBpXdE3Ju/KrCpZ4JwzSkAw4n7 +uj4UzTtzYb5KfkXAkIQFq5MTHJ6jpHe6g6aJf5Z4NV2cbw/4d9W5rAzXkuKnksoo7JbRDt+T +adCBCuoz8HvkVT4lgV6TTWx3kMESGaqz/y0d8P+FRCKhmbv4ayTAZZJM2cdDcqtum8sYPs9R +d6L13x8hZGTSKavLwus64/GA2tOa334zDDI1+7AoJRRLApqdYZmX/LrQykNoNR7RSzLIn5+S +GdCS6JU8c0oQnJgf+7zililWqagkYRqaHhcBy90XiYOPMdHyKmudcfvpYLE78E0iyHhfmsAj +I+pK3U4MquRA+v8AfL5/PLRKbhAAomTfB2WPI9ea1nN6OfCZZE9bq/PVmeahW0CZoBmCQJLn +oypbBtMUnOhSFd+QUWekH8+prkvq15s8LdjfhJWlzMRbwourZvffmeHX8dTuMZwwV+7flnf+ +AH9OnwcKNg5/T4aRm3gZGSV7fTFh1Regx3136TIyRcwPqjwqbc9slW6Bg9veE3ayveUKaG0S +WDjkPad4wqFWTF84vAD+T6p1hMxBrInkj8ocHXkyxdndQAuVd4dCjdm/dlpFs/ntZFhVQUFG +zjqZaSvqQpKIui1x3WDap1RFy7n81B/e23eO+R8CyJg+upI38FIroR38EGhEFAjgcqKSi+0f +WDsXR49XjIO5EX7RkFhnMudvMA+sW2PsI7yAfIFrTO8VEnevAwsVNIeTpyYnVVFBTUGeRP5u +9eNoLO3wHpARvsT4JtmdVWoTX2XzQA9xXa+6cOmiT4XLnwtIU4a8W1dfINqMUVLBhIJD2zvL +TppISqzmIISugSMiNND0kvkp9moYXz0QodrEHzJDZmzqbTv5IAs+gPER1eNS2BZKJjXJ7Egn +2JDWIRgm2kzS1BaSyL004F39AfsKCBcsBsbsTIUcmpRUwLjMpdkomkGGA3RHnfk06odrEEQO +72ZOIsIwd1+X5U8tK9pnEH0/RsZONUMPtGrQ4Pe0ZlNZUHCyN6U633MUO32Wmru5AQ0EV7dh +8wEIAOAvY6Wrlp6k/Fknu/wIZLWoGIOTR11iYgHHvVWWeoatleewsqHbzCMiCQ5txX5RJJv7 +F5xDURmoqwpKdkjFVqriuCt506MeztBohRqTvDYOczS/eQJuI+pR9/aGmESErP9+B9AmQ+rN +no391Z+HRI75VIP+AnTZGYVMec5fQbFUwws3Dt9VeXgPIPixfVoXtz5vQPj9EfH3RTQ//9Vz +zznZkHBPFMroM3VLznwlDb9a2Z4S4WVgztMMrZnlYmym6tN1sm61TPNK+4KFy+FNFbudcHcg +AXXT7H5/rNhUD8aMMLAQHqNCeg/eXCQO0Sp2TzBs/x90jti9cGmyMfsZDKkAEQEAAYkDRAQY +AQoADwUCV7dh8wUJDwmcAAIbDAEpCRBhAbJ4Oy/RYcBdIAQZAQoABgUCV7dh8wAKCRDZBk7K +WLNt46vQB/0QOlN8vMJNVlJJZ2TD+Es63/bjd/oa1djnBXFhqii/vY1WI7c1lUK+JPIu7RpE +eb3ZwpwnTeHxLe+kJtvEjTdHygM0KtWdq+MHAX+t+5AJA9UyVIQupztH+/87/GvtxYMIQRwg +WY9ExP1HAi8vyLxOxQNmc1A3boYY5GA16L3AOGxtOIn43qDTz5RwY+s1A1zyUq4zczBA/Fma +ddqN0N/arjHEkE1cLXEypcYme1xfLE8mpU3/7FSyHdQxW2o/KqoDkqVj12oKAMuBnKcYoKmr +qsmy8eHpmbfMUrRE7frpGeF4II/NgCfEYOAxysOOq4IRXQClaZpquL4AOXN2EVjz/awQAKU6 +fpScpzZoNAMJYnbTQrs8YEy4VUFvUyZWpSVDj5aAhrZApbb7LfGQyBMFxHARnwDGv9AK6Sl+ +vHp8zvPn9nHE3D9tLGIWtjCRRhPe/RY1wWyw8ZUmBN6jDZ1LSh/Tqr7J24zsLmxGBUJcDfZ/ +awv/sabqPp0AGbs/qQwjxgWj9en6IS2+mWnWL3sQXOmxdFil/0+Tx5WOrEtCkR35yPLnTSeY +xKP6KKfG7gA8xLxXKxxVMojjAzN0Dxb0+0iQ4RwPygb79OzAsx588Rv2Qo8kf0QyvgUZhufv +q355qQ248FU4gBEcLc5b2yu1Iz1nToubu74Uwl9t7XzZs+RP/6ZGuItSHxsqLzVFexmNdcXh +oKfu58NnH1Fi9wMKtAKCH31q235wSh/x0YM391cdIvSjxfItNXtykR7KDbal7YLOa5dKyRyf +2WiYMCEAQSoRVj6A4ylRsqs9hirvYinNSWPa1ZrketKz+9g+rj0/pmQjKAPiapYkarp5yT8d +dgQ1XuwGCaPZXhByS9s6SonZwvrthrHFoWfK7JzkepYoBKy/nGUNt+9NDWbCB6sAe2zLAfmA +tsOhB7ZO8/AlPRQCIvEGRXcEtbYkxtB2vMNGPbIoHDv5QvbHP0Foj79SwRg/2a9wiq6i5Vwv +wGWOhC4ELGF+imX35GGbJq0a8A2z5WX6 +=VHze +-----END PGP PUBLIC KEY BLOCK-----