| Message ID | 20230215120208.35807-3-anthony.perard@citrix.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | automation: Update containers to allow HTTPS access to xenbits | expand |
On 15/02/2023 12:02 pm, Anthony PERARD wrote: > We can't easily install package on Debian Jessie anymore, the release > keys seems to have expired without a way to get new ones. We have > these warning: > W: GPG error: http://deb.debian.org jessie-updates InRelease: The following signatures were invalid: KEYEXPIRED 1668891673 > W: GPG error: http://deb.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1668891673 > > So, from now on, ignore the warning and force the installation of > packages that can't be authenticated. > > Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> > --- > > Or, we could just not test on Jessie anymore. Jessie fell out of support in 2020, so its certainly not reasonable to be testing it any more. But on older branches, we do want to keep it around, so I guess we want to fix the containers to still be buildable... But is this really the best option? Some googling suggests that all we need is a properly up-to-date debian-keyring package. Are the jessie docker tags really shipping with a broken base package? ~Andrew
On Wed, Feb 15, 2023 at 12:36:30PM +0000, Andrew Cooper wrote: > On 15/02/2023 12:02 pm, Anthony PERARD wrote: > > We can't easily install package on Debian Jessie anymore, the release > > keys seems to have expired without a way to get new ones. We have > > these warning: > > W: GPG error: http://deb.debian.org jessie-updates InRelease: The following signatures were invalid: KEYEXPIRED 1668891673 > > W: GPG error: http://deb.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1668891673 > > > > So, from now on, ignore the warning and force the installation of > > packages that can't be authenticated. > > > > Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> > > --- > > > > Or, we could just not test on Jessie anymore. > > Jessie fell out of support in 2020, so its certainly not reasonable to > be testing it any more. > > But on older branches, we do want to keep it around, so I guess we want > to fix the containers to still be buildable... > > But is this really the best option? Some googling suggests that all we > need is a properly up-to-date debian-keyring package. Are the jessie > docker tags really shipping with a broken base package? I did try to find a better solution that "--force-yes", I did find out about installaling the latest "debian-archive-keyring", but it is already up-to-date. Installing "debian-keyring" instead doesn't change the keys. But it looks like there's another way. We could use "debian/eol:jessie" as base image instead of "debian:jessie", and that works. I'll update the patch with that.
diff --git a/automation/build/debian/jessie-i386.dockerfile b/automation/build/debian/jessie-i386.dockerfile index 3f86d91f63..c617b6fbfb 100644 --- a/automation/build/debian/jessie-i386.dockerfile +++ b/automation/build/debian/jessie-i386.dockerfile @@ -13,6 +13,8 @@ ENTRYPOINT ["linux32"] # build depends RUN apt-get update && \ apt-get --quiet --yes install \ + # WARNING! Force installation to ignore expired release key + --force-yes \ build-essential \ zlib1g-dev \ libncurses5-dev \ diff --git a/automation/build/debian/jessie.dockerfile b/automation/build/debian/jessie.dockerfile index 2f19adcad3..8918b26d75 100644 --- a/automation/build/debian/jessie.dockerfile +++ b/automation/build/debian/jessie.dockerfile @@ -11,6 +11,8 @@ WORKDIR /build # build depends RUN apt-get update && \ apt-get --quiet --yes install \ + # WARNING! Force installation to ignore expired release key + --force-yes \ build-essential \ zlib1g-dev \ libncurses5-dev \
We can't easily install package on Debian Jessie anymore, the release keys seems to have expired without a way to get new ones. We have these warning: W: GPG error: http://deb.debian.org jessie-updates InRelease: The following signatures were invalid: KEYEXPIRED 1668891673 W: GPG error: http://deb.debian.org jessie Release: The following signatures were invalid: KEYEXPIRED 1668891673 So, from now on, ignore the warning and force the installation of packages that can't be authenticated. Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> --- Or, we could just not test on Jessie anymore. --- automation/build/debian/jessie-i386.dockerfile | 2 ++ automation/build/debian/jessie.dockerfile | 2 ++ 2 files changed, 4 insertions(+)