i am new in docker, when i run the command docker-compose up i am getting below error in that
+ gpg --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key 33CFC8B3 from hkp server ha.pool.sks-keyservers.net
?: ha.pool.sks-keyservers.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: Connection timed out
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
ERROR: Service 'php' failed to build: The command '/bin/sh -c set -xe && for key in $GPG_KEYS; do gpg --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys "$key"; done' returned a non-zero code: 2
here i have attached my docker yml file, can anyone please help me how to resolve this issue ?
application:
build: misc/docker/code
volumes:
- .:/var/www/seagull
tty: true
db:
image: mysql:5.6
ports:
- 3306:3306
environment:
MYSQL_ROOT_PASSWORD: toor
redis:
image: redis
ports:
- 6379:6379
php:
build: misc/docker/php-fpm/5.6
expose:
- "9000"
volumes_from:
- application
links:
- db
- redis
environment:
- REDIS_BACKEND=redis:6379
nginx:
build: misc/docker/nginx
ports:
- 80:80
links:
- php
volumes_from:
- application
volumes:
- ./var/log/nginx:/var/log/nginx
Keyserver issues are unfortunately very common -- Try a number of different methods, and the only method that's reasonably successful at combating the issue on a large scale is trying multiple keyservers in a loop until one succeeds. Usually, just re-starting the failing build is enough to get it to work, but there may be firewalls, etc in place that force a keyserver switch (keyserver.ubuntu.com is a good one that supports port 80 and is commonly allowed).
#ptsiampas Solved by getting it from multiple servers..
key='B42F6819007F00F88E364FD4036A9C25BF357DD4'; \
gpg --yes --always-trust --keyserver pgp.mit.edu --recv-keys "$key" || \
gpg --yes --always-trust --keyserver keyserver.pgp.com --recv-keys "$key" || \
gpg --yes --always-trust --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" ; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
#camilo0365 Solved it in this way.
for server in ha.pool.sks-keyservers.net \
hkp://p80.pool.sks-keyservers.net:80 \
keyserver.ubuntu.com \
hkp://keyserver.ubuntu.com:80 \
pgp.mit.edu; do
gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || echo "Trying new server..."
done
you can use proxy, to solve your problem.
gpg --keyserver-options http-proxy="http://XXXXXXX"
--keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
Also for
ERROR: Service 'php' failed to build:
try docker-compose build --no-cache php-fpm
Related
This is a snippet of a Dockerfile that is exhibiting an error that I don't understand:
FROM dorowu/ubuntu-desktop-lxde-vnc
LABEL maintainer "bpinaya#wpi.edu"
# Adding keys for ROS
RUN sh -c 'echo "deb http://packages.ros.org/ros/ubuntu $(lsb_release -sc) main" > /etc/apt/sources.list.d/ros-latest.list'
RUN apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
Gives this result
RUN apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
---> Running in 7bb30729ec87
Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.HkofyyhjvI/gpg.1.sh --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.HkofyyhjvI/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr
The command '/bin/sh -c apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116' returned a non-zero code: 2
According to this post here, you need to install dirmngr. I also needed to install gnupg in order to get this to work on my local docker container when testing.
I updated your Dockerfile code below with my changes:
FROM dorowu/ubuntu-desktop-lxde-vnc
LABEL maintainer "bpinaya#wpi.edu"
# Update
RUN apt-get update && \
apt-get upgrade -y
# Install required packages
RUN apt-get install -y \
dirmngr \
gnupg
# Adding keys for ROS
RUN sh -c 'echo "deb http://packages.ros.org/ros/ubuntu $(lsb_release -sc) main" > /etc/apt/sources.list.d/ros-latest.list'
RUN apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
This gave me the following output on the last step:
Step 6/6 : RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
---> Running in a0cfb3588173
Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.USze27holj/gpg.1.sh --keyserver hkp://pgp.mit.edu:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
gpg: key 5523BAEEB01FA116: public key "ROS Builder <rosbuild#ros.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
Occasionally this reports back with the following error:
gpg: keyserver receive failed: Cannot assign requested address
That error doesn't seem consistent though, so it could be something with my own network connection.
I wanted to comment but don't have enough reputation to. Please consider my answer as an appendix to #brian-elliott 's answer. Dirmngr seems to have some strange default setup to use tor or some non-standard DNS. So make sure you have something like this:
standard-resolver
keyserver keyserver.ubuntu.com
keyserver keys.gnupg.net
in your ~/.gnupg/dirmngr.conf
I am trying the command docker-compose up to start the Validator Node in my Hyperledger Sawtooth setup on my Ubuntu machine.
I am running this command behind my company's proxy.
When I use the command docker-compose up, I get the following output:
Building validator
Step 1/15 : FROM ubuntu:xenial
---> 4a689991aa24
Step 2/15 : RUN echo "deb http://repo.sawtooth.me/ubuntu/ci xenial universe" >> /etc/apt/sources.list && (apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8AA7AF1F1091A5FD || apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 8AA7AF1F1091A5FD) && apt-get update
---> Using cache
---> 59b3dd0413ec
Step 3/15 : RUN apt-get install -y -q --allow-downgrades git python3 python3-stdeb
---> Using cache
---> fa792ef3800a
Step 4/15 : RUN apt-get install -y -q --allow-downgrades python3-grpcio python3-grpcio-tools python3-protobuf
---> Using cache
---> b21e9522d61d
Step 5/15 : RUN apt-get install -y -q --allow-downgrades python3-cbor python3-colorlog python3-cryptography>=1.7.1 python3-dev python3-lmdb python3-netifaces=0.10.4-0.1build2 python3-pyformance python3-secp256k1 python3-toml python3-yaml python3-zmq unzip
---> Using cache
---> bff0f3b39a0a
Step 6/15 : RUN curl -OLsS https://github.com/google/protobuf/releases/download/v3.5.1/protoc-3.5.1-linux-x86_64.zip && unzip protoc-3.5.1-linux-x86_64.zip -d protoc3 && rm protoc-3.5.1-linux-x86_64.zip
---> Running in 37e4dd702373
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
ERROR: Service 'validator' failed to build: The command '/bin/sh -c curl -OLsS https://github.com/google/protobuf/releases/download/v3.5.1/protoc-3.5.1-linux-x86_64.zip && unzip protoc-3.5.1-linux-x86_64.zip -d protoc3 && rm protoc-3.5.1-linux-x86_64.zip' returned a non-zero code: 60
It says that the server verification failed and stops at step(6/15).
How do I fix this?
You need to install the key for the repository.
For the stable repository, use:
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8AA7AF1F1091A5FD
$ sudo add-apt-repository 'deb [arch=amd64] http://repo.sawtooth.me/ubuntu/bumper/stable xenial universe'
For the nightly, development repository use:
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 44FC67F19B2466EA
$ sudo apt-add-repository 'deb [arch=amd64] http://repo.sawtooth.me/ubuntu/nightly xenial universe'
The following command seems to work when running it in a shell
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
but fails when executed in a Dockerfile as follows:
Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.1CIuj3LUOP/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
gpg: cannot open '/dev/tty': No such device or address
The specific Dockerfile RUN commands executes on a openjdk:8 image which in turn draws from buildpack-deps:stretch-scm
Solved by adding --no-tty on the apt-key adv command also;
Any idea however why this was happening?
I build the rabbitMQ alpine docker image locally, see complete Dockerfile
RUN export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc
And randomly I got error below (mostly in jenkins CI system)
rm -rf /tmp/tmp.bBBnjn rabbitmq-server.tar.xz.asc
rm: can't remove '/tmp/tmp.bBBnjn/S.gpg-agent.extra': No such file or directory
or
rm -rf /tmp/tmp.GlfNBI rabbitmq-server.tar.xz.asc
rm: can't remove '/tmp/tmp.GlfNBI/S.gpg-agent.ssh': No such file or directory
It looks like the gpg agent is just stopped during rm. (It exists when to delete, but disappear when delete happens)
I use Ubuntu 16.04 LTS version
$ docker info
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 193
Server Version: 1.12.6
Storage Driver: overlay
Backing Filesystem: extfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
..
Any solution for this ?
Change it to below and it should work all the time
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" || \
gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" || \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" ; \
gpg --batch --verify rabbitmq-server.tar.xz.asc rabbitmq-server.tar.xz; \
pkill -9 gpg-agent; \
pkill -9 dirmngr; \
rm -rf "$GNUPGHOME";
gpg-agent and dirmngr run in background and at times takes time to exist. I believe rm picks up the files of these process and when it tries to delete the daemon and files area already gone. So adding these two pkill should remove the error
I am following the instructions for installing Yarn on CircleCI, but CircleCI is showing these errors when trying to check the key server:
sudo apt-key adv --keyserver pgp.mit.edu --recv D101F7899D41F3C3
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.j5q2IRFiKK --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d//apt.postgresql.org.gpg --keyserver pgp.mit.edu --recv D101F7899D41F3C3
gpg: requesting key 9D41F3C3 from hkp server pgp.mit.edu
gpgkeys: key D101F7899D41F3C3 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
sudo apt-key adv --keyserver pgp.mit.edu --recv D101F7899D41F3C3 returned exit code 2
Action failed: sudo apt-key adv --keyserver pgp.mit.edu --recv D101F7899D41F3C3
The error message means that GPG couldn't load the public GPG key used to verify the package signatures. Try doing this instead:
sudo apt-key adv --fetch-keys http://dl.yarnpkg.com/debian/pubkey.gpg
The issue is that the pgp.mit.edu keyserver sometimes has outages, which results in the error message you're seeing. Loading the GPG key via URL should be more reliable.