Skip to content
This repository has been archived by the owner on Sep 7, 2023. It is now read-only.

docker build failed: gpg: keyserver receive failed: No keyserver available #137

Open
zhangguanzhang opened this issue Oct 23, 2019 · 8 comments

Comments

@zhangguanzhang
Copy link

Executing ca-certificates-20190108-r0.trigger
OK: 35 MiB in 49 packages
+ gpg --keyserver pgp.mit.edu --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: keyserver receive failed: No keyserver available
The command '/bin/sh -c set -eux &&     apk add --no-cache ca-certificates curl dumb-init gnupg libcap openssl su-exec iputils jq tzdata &&     gpg --keyserver pgp.mit.edu --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C &&     mkdir -p /tmp/build &&     cd /tmp/build &&    apkArch="$(apk --print-arch)" &&     case "${apkArch}" in         aarch64) consulArch='arm64' ;;         armhf) consulArch='arm' ;;      x86) consulArch='386' ;;         x86_64) consulArch='amd64' ;;         *) echo >&2 "error: unsupported architecture: ${apkArch} (see ${HASHICORP_RELEASES}/consul/${CONSUL_VERSION}/)" && exit 1 ;;     esac &&     wget ${HASHICORP_RELEASES}/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_${consulArch}.zip &&     wget ${HASHICORP_RELEASES}/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS&&     wget ${HASHICORP_RELEASES}/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS.sig &&     gpg --batch --verify consul_${CONSUL_VERSION}_SHA256SUMS.sig consul_${CONSUL_VERSION}_SHA256SUMS &&     grep consul_${CONSUL_VERSION}_linux_${consulArch}.zip consul_${CONSUL_VERSION}_SHA256SUMS | sha256sum -c &&     unzip -d /bin consul_${CONSUL_VERSION}_linux_${consulArch}.zip &&     cd /tmp &&     rm -rf/tmp/build &&     apk del gnupg openssl &&     rm -rf /root/.gnupg &&     ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime &&     echo ${TZ} > /etc/timezone &&     consul version' returned a non-zero code: 2
@techy16
Copy link

techy16 commented Oct 23, 2019

I am getting the same exeception while docker build for consul

  • gpg --keyserver pgp.mit.edu --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C
    gpg: directory '/root/.gnupg' created
    gpg: keybox '/root/.gnupg/pubring.kbx' created
    gpg: keyserver receive failed: No keyserver available

@blake
Copy link
Member

blake commented Jan 15, 2020

@zhangguanzhang or @techy16, are you by chance attempting to build the container while on a network with a strict firewall or HTTP proxy?

By default gpg will use TCP port 11371 to download the keys. If you are behind a firewall/proxy that does not permit that port, you will receive that same error. See this post on StackOverflow (https://serverfault.com/questions/168826/how-to-install-gpg-keys-from-behind-a-firewall/888715) for modifying the gpg command to use HTTP to fetch the keys, or to configure it to use a proxy.

@zhangguanzhang
Copy link
Author

Now it resolve, maybe the web is error at that time

@zhangguanzhang
Copy link
Author

It appeared again

Executing ca-certificates-20191127-r1.trigger
OK: 32 MiB in 53 packages
+ gpg --keyserver pgp.mit.edu --recv-keys 91A6E7F85D05C65630BEF18951852D87348FFC4C
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: keyserver receive failed: No keyserver available

@mlollo
Copy link

mlollo commented Jun 29, 2020

For Dockerfile 1.8.0
I used a portion of the Dockerfile of the docker-vault repo and it seams to work with this block :

# Set up certificates, base tools, and Consul.
# libc6-compat is needed to symlink the shared libraries for ARM builds
RUN set -eux && \
    apk add --no-cache ca-certificates curl dumb-init gnupg libcap openssl su-exec iputils jq libc6-compat && \
    CONSUL_GPGKEY=91A6E7F85D05C65630BEF18951852D87348FFC4C; \
    found=''; \
    for server in \
        hkp://p80.pool.sks-keyservers.net:80 \
        hkp://keyserver.ubuntu.com:80 \
        hkp://pgp.mit.edu:80 \
    ; do \
        echo "Fetching GPG key $CONSUL_GPGKEY from $server"; \
        gpg --batch --keyserver "$server" --recv-keys "$CONSUL_GPGKEY" && found=yes && break; \
    done; \
    test -z "$found" && echo >&2 "error: failed to fetch GPG key $CONSUL_GPGKEY" && exit 1; \
    mkdir -p /tmp/build && \
    cd /tmp/build && \
    apkArch="$(apk --print-arch)" && \
    case "${apkArch}" in \
        aarch64) consulArch='arm64' ;; \
        armhf) consulArch='armhfv6' ;; \
        x86) consulArch='386' ;; \
        x86_64) consulArch='amd64' ;; \
        *) echo >&2 "error: unsupported architecture: ${apkArch} (see ${HASHICORP_RELEASES}/consul/${CONSUL_VERSION}/)" && exit 1 ;; \
    esac && \
    wget ${HASHICORP_RELEASES}/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_${consulArch}.zip && \
    wget ${HASHICORP_RELEASES}/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS && \
    wget ${HASHICORP_RELEASES}/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS.sig && \
    gpg --batch --verify consul_${CONSUL_VERSION}_SHA256SUMS.sig consul_${CONSUL_VERSION}_SHA256SUMS && \
    grep consul_${CONSUL_VERSION}_linux_${consulArch}.zip consul_${CONSUL_VERSION}_SHA256SUMS | sha256sum -c && \
    unzip -d /bin consul_${CONSUL_VERSION}_linux_${consulArch}.zip && \
    cd /tmp && \
    rm -rf /tmp/build && \
    gpgconf --kill all && \
    apk del gnupg openssl && \
    rm -rf /root/.gnupg && \
# tiny smoke test to ensure the binary we downloaded runs
    consul version

@zhangguanzhang
Copy link
Author

I will try afternoon

@zhangguanzhang
Copy link
Author

@mlollo I think you shuold take a pull request to change this to correct

@jwalzer
Copy link

jwalzer commented Sep 21, 2020

I created a pullrequest, because noone seems to care for a long time.
But formalities on this are going haywire.

I will not sign any "CLA" for the inclusion of such a trivial patch.
Please get sensible about the paperwork according trivial changes like that.

Yes! I grant the complete Intellectal Value of this change to Hashicorp if you insist, but Please, Get this damn file fixed!

# for free to subscribe to this conversation on GitHub. Already have an account? #.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants