0k
/
0k-charms
6
3
Fork 2
Code Issues 11 Pull Requests 5 Releases Wiki Activity
Labels Milestones
New Issue

[cron] Debian signing key expired for Jessie prevent to build docker image #28

Closed
by Ghost opened 2 years ago · 1 comments
Ghost commented 2 years ago

Following the installation guide for Lokavaluto (https://docs.elabore.coop/s/DEi9BNKwD#)

When installing JustOdooIt at Step 5, launching :

compose --debug up

Starting failed, at cron docker image generation.

This line in Dockerfile fails with this output message :

W: GPG error: http://deb.debian.org jessie-updates InRelease: The following signatures were invalid: KEYEXPIRED 1668891673
W: GPG error: http://deb.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1668891673

A possible workaround is to add the --force-yes parameter in file /srv/charm-store/cron/build/Dockerfile

After that, we can verify on a running container that key expired at 2022-11-19

root@8ee950b91a5e:/# apt-key list | grep -A 1 expired
pub   4096R/2B90D010 2014-11-21 [expired: 2022-11-19]
uid                  Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
--
pub   4096R/C857C906 2014-11-21 [expired: 2022-11-19]
uid                  Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
--

We can update those keys using the following commands :

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 2B90D010
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C857C906

But can't we update the image to a newer Debian release ?

Following the installation guide for Lokavaluto (https://docs.elabore.coop/s/DEi9BNKwD#) When installing JustOdooIt at Step 5, launching : ``` compose --debug up ``` Starting failed, at **cron** docker image generation. [This line in Dockerfile](https://git.myceliandre.fr/0k/0k-charms/src/commit/8200afa024bf920738acc1a714670190db7e28fc/cron/build/Dockerfile#L4) fails with this output message : ``` W: GPG error: http://deb.debian.org jessie-updates InRelease: The following signatures were invalid: KEYEXPIRED 1668891673 W: GPG error: http://deb.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1668891673 ``` A possible workaround is to add the `--force-yes` parameter in file **/srv/charm-store/cron/build/Dockerfile** After that, we can verify on a running container that key expired at 2022-11-19 ``` root@8ee950b91a5e:/# apt-key list | grep -A 1 expired pub 4096R/2B90D010 2014-11-21 [expired: 2022-11-19] uid Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org> -- pub 4096R/C857C906 2014-11-21 [expired: 2022-11-19] uid Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org> -- ``` We can update those keys using the following commands : ``` apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 2B90D010 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C857C906 ``` But can't we update the image to a newer Debian release ?
vlab commented 1 year ago
Owner

Sorry, not being very good at following up on these issues on gitea. Thanks, your report is very helpful, and I solved the issue recently with another way. But your report is excellent.

As you noticed, since 19 of november 2022, the official docker debian image copy that we hosted on docker.0k.io had its gpg keys expired.

I updated the repository with a newer debian jessie image having the newer gpg keys (an it is still an official image, for what it worths). This doesn't change anything in the code of 0k-charms. But should solve the issue completely without adding any complexity to any process.

Please remember, thou, that you need to run a docker pull docker.0k.io/debian:jessie on the command line of your host, as it won't fetch the newer version otherwise.

I'll close this issue as I tested this and feel the issue is fixed, but feel free to come back and re-open it if you don't feel it is.

Thanks you again for the excellent feedback.

Sorry, not being very good at following up on these issues on gitea. Thanks, your report is very helpful, and I solved the issue recently with another way. But your report is excellent. As you noticed, since 19 of november 2022, the official docker debian image copy that we hosted on `docker.0k.io` had its gpg keys expired. I updated the repository with a newer debian jessie image having the newer gpg keys (an it is still an official image, for what it worths). This doesn't change anything in the code of `0k-charms`. But should solve the issue completely without adding any complexity to any process. Please remember, thou, that you need to run a `docker pull docker.0k.io/debian:jessie` on the command line of your host, as it won't fetch the newer version otherwise. I'll close this issue as I tested this and feel the issue is fixed, but feel free to come back and re-open it if you don't feel it is. Thanks you again for the excellent feedback.
vlab closed this issue 1 year ago
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
0k/dev/master
backup
boris/smtp-extern
charm-codimd-new
cups_service_alpha
dev
dev1
dhcp
element
etherpad-upd
framadate
lokavaluto/dev/master
master
matomo
new-mailhog-charms
new-monujo-options
nj-collabra-office
nj-keycloak-17.0
nj-organice-charm
nj-vaulwarden-migrate
ntfy-install
odoo_fix_webhook_url
postgres
test
upd-docker
update-latest-synapse
wip
Labels
Apply labels
Clear labels
bug
Something is not working duplicate
This issue or pull request already exists enhancement
New feature help wanted
Need some help invalid
Something is wrong question
More information is needed win wontfix
This won't be fixed
No Label bug duplicate enhancement help wanted invalid question win wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes