Differential D5235
Use the recommanded way to declare the repository signing keys Authored by vsellier on Mar 12 2021, 12:40 PM.
Details
The new yarn's repository signing key was not recognized via the [1] https://wiki.debian.org/DebianRepository/UseThirdParty Related to T3120 If we are ok with this way, perhaps we should also change the way the key of docker build
Diff Detail
Event TimelineComment Actions Official yarn documentation recommends to do it that way: curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - Looks simpler to me but there might be a reason to not use apt-key. Comment Actions I discovered when I looked at the issue that apt-key is deprecated : https://manpages.debian.org/testing/apt/apt-key.8.en.html + the link to the debian wiki in the description Comment Actions Looks like the pubkey.gpg file from yarnpkg.com is truncated. gpg --dearmor must "fix" the file enough to make it readable by apt... (and I guess it would also work to put the dearmored file in /etc/apt/trusted.gpg.d) Overall, please use signed-by for all third party repos, as you've noticed that it's the "blessed" (as much as a wiki page is blessed) method for third-party repositories now... Comment Actions The build was failing with a cryptic error : 14:20:43 error committing wijin0be0ztxj3pd6l64aeahh: invalid mutable ref 0xc001a73760: invalid: error committing 8bvh4xv6le4xw14m4fr8zvwho: invalid mutable ref 0xc001a72040: invalid: executor failed running [/bin/sh -c export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y apt-transport-https curl ca-certificates gpg && echo deb [signed-by=/usr/share/keyrings/postgres-archive-keyring.gpg] http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main > /etc/apt/sources.list.d/postgres.list && curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /usr/share/keyrings/postgres-archive-keyring.gpg && echo deb [signed-by=/usr/share/keyrings/yarnpkg-archive-keyring.gpg] https://dl.yarnpkg.com/debian/ stable main > /etc/apt/sources.list.d/yarnpkg.list && curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarnpkg-archive-keyring.gpg && echo deb [signed-by=/usr/share/keyrings/elasticsearch-archive-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main > /etc/apt/sources.list.d/elastic-7.x.list && curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor > /usr/share/keyrings/elasticsearch-archive-keyring.gpg && echo deb [signed-by=/usr/share/keyrings/cassandra.gpg] http://www.apache.org/dist/cassandra/debian 40x main > /etc/apt/sources.list.d/cassandra.list && curl -fsSL https://downloads.apache.org/cassandra/KEYS | gpg --dearmor > /usr/share/keyrings/cassandra.gpg && apt-get update && apt-get upgrade -y && apt-get install -y arcanist build-essential cassandra elasticsearch fuse3 git-lfs jq libfuse3-dev libsvn-dev libsystemd-dev lzip maven mercurial pkg-config postgresql-11 postgresql-client-11 postgresql-server-dev-11 python3-dev python3-pip python3-venv subversion tini yarn zstd]: stat /var/lib/docker/overlay2/8bvh4xv6le4xw14m4fr8zvwho: no such file or directory 14:20:43 make: *** [Makefile:45: swh-jenkins/base-buster] Error 1 14:20:43 Build step 'Execute shell' marked build as failure A restart of the docker daemon on thyssen solved the problem but now there is an issue the the cassandra image using an not existing ovh mirror. |