Closed Bug 1565013 Opened 3 months ago Closed 3 months ago

HACL image builder times out while fetching gpg key

Categories

(NSS :: Test, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kjacobs, Assigned: kjacobs)

Details

Attachments

(1 file)

HACL image builder is failing in setup.sh, due to a timeout while fetching a gpg key for clang/llvm package verification:

curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
+ curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   543  100   543    0     0   2004      0 --:--:-- --:--:-- --:--:--  2003
# Verify the signature.
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
+ gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key 345AD05D from hkp server pool.sks-keyservers.net
gpgkeys: key B6C8F98282B944E3B0D5C2530FC3042E345AD05D can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm
INFO[0145] The command [/bin/sh -c bash /tmp/setup.sh] returned a non-zero code: 2 
[taskcluster 2019-07-10 19:36:13.933Z] === Task Finished ===```

ugh, can we check in that key as part of the tooling? That seems safer.

This patch adds a copy of the expected key for clang+llvm package verification, rather than fetching it each time we build.

Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → 3.46
You need to log in before you can comment on or make changes to this bug.