Skip to content

Update all gpg --recv-keys invocations with explicit "did it download" checks#2252

Merged
PeterDaveHello merged 1 commit intonodejs:mainfrom
infosiftr:fetching-gnupg
Jul 7, 2025
Merged

Update all gpg --recv-keys invocations with explicit "did it download" checks#2252
PeterDaveHello merged 1 commit intonodejs:mainfrom
infosiftr:fetching-gnupg

Conversation

@tianon
Copy link
Contributor

@tianon tianon commented Jul 2, 2025

This solves for the case of gpg --recv-keys receiving enough valid data that it doesn't return a non-zero exit code, but that it also doesn't import a key by explicitly checking afterwards that it did import the key we asked for (so that the fallback to keyserver.ubuntu.com actually happens appropriately for keys whose UID are no longer validated on keys.openpgp.org).

See also:

@tianon
Update all gpg --recv-keys invocations with explicit "did it downlo…
d78e8df 
…ad" checks

This solves for the case of `gpg --recv-keys` receiving enough valid data that it doesn't return a non-zero exit code, but that it also doesn't import a key by explicitly checking afterwards that it did import the key we asked for (so that the fallback to keyserver.ubuntu.com actually happens appropriately for keys whose UID are no longer validated on keys.openpgp.org).
@tianon
Copy link
Contributor Author

tianon commented Jul 2, 2025

(all those "linting" annotations are especially annoying to see here, especially given I'm the author of moby/buildkit#5130 😅)

@MikeMcC399

This comment was marked as outdated.

Sign in to view
@MikeMcC399 MikeMcC399 mentioned this pull request Jul 5, 2025
Closed
@MikeMcC399
Copy link
Contributor

MikeMcC399 commented Jul 6, 2025

@tianon

Thanks for proposing this remedy!

I've duplicated it to PR cypress-io/cypress-docker-images#1380 which builds Docker images for Cypress based on selectable versions of Node.js, browser versions, etc. for website testing.

@PeterDaveHello PeterDaveHello requested a review from Copilot July 6, 2025 18:32

This comment was marked as spam.

Sign in to view

@PeterDaveHello PeterDaveHello requested a review from a team July 7, 2025 14:58
@PeterDaveHello PeterDaveHello merged commit 3ac814a into nodejs:main Jul 7, 2025
21 checks passed
@github-actions
Copy link

github-actions bot commented Jul 7, 2025

Created PR on the official-images repo (docker-library/official-images#19405). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub.

@nodejs-github-bot nodejs-github-bot mentioned this pull request Jul 7, 2025
Merged
@tianon tianon deleted the fetching-gnupg branch July 7, 2025 20:52
@nschonni nschonni mentioned this pull request Jul 16, 2025
Merged
12 tasks
chorrell added a commit to chorrell/docker-image-testing-example that referenced this pull request Aug 12, 2025
@chorrell
Update how keys are fetched
50cad2e 
See: nodejs/docker-node#2252
chorrell added a commit to chorrell/docker-image-testing-example that referenced this pull request Aug 12, 2025
@chorrell
Dockerfile-updates (#47)
480d9c6 
* Update how keys are fetched

See: nodejs/docker-node#2252

* Fix Dockerfile linting issues
@MikeMcC399 MikeMcC399 mentioned this pull request Jan 30, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PeterDaveHello PeterDaveHello PeterDaveHello approved these changes

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@MikeMcC399 MikeMcC399 MikeMcC399 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tianon @MikeMcC399 @PeterDaveHello