Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

devcontainer docker build is broken due to old signing key #163

Closed
tommyp1ckles opened this issue Feb 12, 2022 · 6 comments · Fixed by envoyproxy/envoy#19949
Closed

devcontainer docker build is broken due to old signing key #163

tommyp1ckles opened this issue Feb 12, 2022 · 6 comments · Fixed by envoyproxy/envoy#19949
Assignees
@phlax
Labels
area/build area/docker bug Something isn't working

Comments

@tommyp1ckles
Copy link

tommyp1ckles commented Feb 12, 2022
edited
Loading

Title: devcontainer docker build is brokend due to old signing key

Description:
.devcontainer/Dockerfile build seems to be broken due to an out of date signing key for apt.kitware.

The current base image version contains the following one:

pub   rsa4096 2020-12-08 [SC] [expires: 2023-06-01]
      2EEA 8022 39DD F0E5 2942  A7B4 FCEE 74BB 7F3C 88C8
uid           [ unknown] Kitware Apt Archive Automatic Signing Key (2021) <debian@kitware.com>
sub   rsa4096 2020-12-08 [S] [expires: 2023-06-01]

However there seems to be a newer one available: wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | gpg. Bumping the devcontainer build image to 514e2f7bc36c1f0495a523b16aab9168a4aa13b6 (which includes the 2022 kitware key) seems to fix the build for me.

Repro steps:
run docker build .devcontainer or try creating dev container in VSCode.

Logs:

W: GPG error: https://apt.kitware.com/ubuntu bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6AF7F09730B3F0A4
E: The repository 'https://apt.kitware.com/ubuntu bionic InRelease' is not signed.
@tommyp1ckles tommyp1ckles added the bug Something isn't working label Feb 12, 2022
@htuch
Copy link
Member

htuch commented Feb 13, 2022

@phlax can you look into this one? Thanks.

@tommyp1ckles tommyp1ckles changed the title devcontainer docker build is brokend due to old signing key devcontainer docker build is broken due to old signing key Feb 13, 2022
@phlax phlax transferred this issue from envoyproxy/envoy Feb 13, 2022
@phlax
Copy link
Member

phlax commented Feb 13, 2022

thanks for reporting this @tommyp1ckles ive shifted it to this repo as the problem afaict is with the build image that is maintained here

@tommyp1ckles
Copy link
Author

@phlax Sounds good. Seems like the newer builds on your docker hub pick up the new key. Might just be a case of bumping the docker image?

@phlax
Copy link
Member

phlax commented Feb 14, 2022

Might just be a case of bumping the docker image?

@tommyp1ckles i think you are right - i moved here because i thought the image was up to date - but actually it hasnt been bumped since october 21, and there was a new image created in envoy 13 days ago

do you want to raise a PR to update the images in envoy ?

the newer hash image is

envoyproxy/envoy-build-ubuntu:514e2f7bc36c1f0495a523b16aab9168a4aa13b6

an example of updating previously can be seen here

envoyproxy/envoy@a29f9b7

lmk, im happy to do it it if necessary

@tommyp1ckles
Copy link
Author

@phlax Ok, sounds good. I'll make a PR.

@tommyp1ckles tommyp1ckles mentioned this issue Feb 15, 2022
Merged
@tommyp1ckles
Copy link
Author

Created: envoyproxy/envoy#19949

Should I bump the build tools repo version as well?

@erikjoh erikjoh mentioned this issue Jan 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phlax phlax

Labels
area/build area/docker bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump dev build image version. tommyp1ckles/envoy
3 participants
@phlax @tommyp1ckles @htuch