Work around intermittent error from GPG server

Using the proposal of tianon/gosu#35 to try different servers until we have a working one.
guewen · Mar 19, 2018 · ce79b30 · ce79b30
1 parent 7a13b98
commit ce79b30
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 18 deletions.
diff --git a/10.0/Dockerfile b/10.0/Dockerfile
@@ -58,12 +58,22 @@ RUN set -x; \
         && rm -rf /var/lib/apt/lists/* wkhtmltox.deb
 
 # grab gosu for easy step-down from root
-RUN gpg --keyserver pool.sks-keyservers.net --keyserver-options http-proxy=$http_proxy --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-        && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
-        && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
-        && gpg --verify /usr/local/bin/gosu.asc \
-        && rm /usr/local/bin/gosu.asc \
-        && chmod +x /usr/local/bin/gosu
+# fix intermittent gpg server error from https://github.com/tianon/gosu/issues/35
+RUN export GNUPGHOME="$(mktemp -d)" \
+    && for server in $(shuf -e ha.pool.sks-keyservers.net \
+                               hkp://p80.pool.sks-keyservers.net:80 \
+                               keyserver.ubuntu.com \
+                               hkp://keyserver.ubuntu.com:80 \
+                               pgp.mit.edu) ; do \
+         gpg --keyserver "$server" --keyserver-options http-proxy=$http_proxy --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
+       done \
+    && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
+    && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
+    && gpg --verify /usr/local/bin/gosu.asc \
+    && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
+    && chmod +x /usr/local/bin/gosu \
+    # verify that the binary works
+    && gosu nobody true
 
 # grab dockerize for generation of the configuration file and wait on postgres
 RUN curl -o dockerize-linux-amd64-v0.6.0.tar.gz https://github.com/jwilder/dockerize/releases/download/v0.6.0/dockerize-linux-amd64-v0.6.0.tar.gz -SL \

diff --git a/11.0/Dockerfile b/11.0/Dockerfile
@@ -73,12 +73,22 @@ RUN set -x; \
         && rm -rf /var/lib/apt/lists/* /root/.cache/pip/*
 
 # grab gosu for easy step-down from root
- RUN gpg --keyserver pool.sks-keyservers.net --keyserver-options http-proxy=$http_proxy --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-         && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
-         && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
-         && gpg --verify /usr/local/bin/gosu.asc \
-         && rm /usr/local/bin/gosu.asc \
-         && chmod +x /usr/local/bin/gosu
+# fix intermittent gpg server error from https://github.com/tianon/gosu/issues/35
+RUN export GNUPGHOME="$(mktemp -d)" \
+    && for server in $(shuf -e ha.pool.sks-keyservers.net \
+                               hkp://p80.pool.sks-keyservers.net:80 \
+                               keyserver.ubuntu.com \
+                               hkp://keyserver.ubuntu.com:80 \
+                               pgp.mit.edu) ; do \
+         gpg --keyserver "$server" --keyserver-options http-proxy=$http_proxy --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
+       done \
+    && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
+    && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
+    && gpg --verify /usr/local/bin/gosu.asc \
+    && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
+    && chmod +x /usr/local/bin/gosu \
+    # verify that the binary works
+    && gosu nobody true
 
 # grab dockerize for generation of the configuration file and wait on postgres
 RUN curl -o dockerize-linux-amd64-v0.6.0.tar.gz https://github.com/jwilder/dockerize/releases/download/v0.6.0/dockerize-linux-amd64-v0.6.0.tar.gz -SL \

diff --git a/9.0/Dockerfile b/9.0/Dockerfile
@@ -58,12 +58,22 @@ RUN set -x; \
         && rm -rf /var/lib/apt/lists/* wkhtmltox.deb
 
 # grab gosu for easy step-down from root
-RUN gpg --keyserver pool.sks-keyservers.net --keyserver-options http-proxy=$http_proxy --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-        && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
-        && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
-        && gpg --verify /usr/local/bin/gosu.asc \
-        && rm /usr/local/bin/gosu.asc \
-        && chmod +x /usr/local/bin/gosu
+# fix intermittent gpg server error from https://github.com/tianon/gosu/issues/35
+RUN export GNUPGHOME="$(mktemp -d)" \
+    && for server in $(shuf -e ha.pool.sks-keyservers.net \
+                               hkp://p80.pool.sks-keyservers.net:80 \
+                               keyserver.ubuntu.com \
+                               hkp://keyserver.ubuntu.com:80 \
+                               pgp.mit.edu) ; do \
+         gpg --keyserver "$server" --keyserver-options http-proxy=$http_proxy --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
+       done \
+    && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture)" \
+    && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.10/gosu-$(dpkg --print-architecture).asc" \
+    && gpg --verify /usr/local/bin/gosu.asc \
+    && rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc \
+    && chmod +x /usr/local/bin/gosu \
+    # verify that the binary works
+    && gosu nobody true
 
 # grab dockerize for generation of the configuration file and wait on postgres
 RUN curl -o dockerize-linux-amd64-v0.6.0.tar.gz https://github.com/jwilder/dockerize/releases/download/v0.6.0/dockerize-linux-amd64-v0.6.0.tar.gz -SL \