Description
I currently maintain the InfluxData images for chronograf, kapacitor, influxdb, and telegraf. When we release a new version, we go through a process where all of these images get built usually multiple times before a pull request is eventually created.
Unfortunately, we keep running into an issue with the GPG keys and I'm not sure what to do. It usually delays the upload by about a day while I wait for the GPG keyservers to sort themselves out.
We use the following run line in every image to retrieve the GPG key and we will usually get this at least once during our regular build:
RUN set -ex && \
for key in \
05CE15085FC09D18E99EFB22684A14CF2582E0C5 ; \
do \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" || \
gpg --keyserver pgp.mit.edu --recv-keys "$key" || \
gpg --keyserver keyserver.pgp.com --recv-keys "$key" ; \
done
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 05CE15085FC09D18E99EFB22684A14CF2582E0C5
gpg: directory '/root/.gnupg' created
gpg: new configuration file '/root/.gnupg/dirmngr.conf' created
gpg: new configuration file '/root/.gnupg/gpg.conf' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: keyserver receive failed: Address not available
+ gpg --keyserver pgp.mit.edu --recv-keys 05CE15085FC09D18E99EFB22684A14CF2582E0C5
gpg: keyserver receive failed: No data
+ gpg --keyserver keyserver.pgp.com --recv-keys 05CE15085FC09D18E99EFB22684A14CF2582E0C5
gpg: keyserver receive failed: Host is unreachable
Do you have any advice or best practices for GPG keys? Whatever we are doing, it isn't working well for us. I've seen some reports on issues that switching to an ipv4-only GPG keyserver works, but I also found another comment here that says it's a red herring and doesn't really help.
Thanks for any help.