Skip to content

D
devcontainer-features
Unverified Commit f4551899 authored by H3xCat's avatar H3xCat Committed by GitHub
Browse files
Options

Resolve slow key retrieval when some GPG key servers are not reachable (#1016) 

* Reduce timeout to GPG key servers for Python feature

* Dynamically find out reachable GPG servers

* Apply fix to other features

* Fix build issues

* Fix shellcheck SC2068 by quoting array expansion

* Bump up patch version for affected features

* improve readability for keyservers_curl_map
parent 09d56322
Show whitespace changes
Inline Side-by-side
Showing with 354 additions and 50 deletions
src/git-lfs/devcontainer-feature.json
View file @ f4551899
{ {
"id": "git-lfs", "id": "git-lfs",
"version": "1.2.1", "version": "1.2.2",
"name": "Git Large File Support (LFS)", "name": "Git Large File Support (LFS)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/git-lfs", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/git-lfs",
"description": "Installs Git Large File Support (Git LFS) along with needed dependencies. Useful for base Dockerfiles that often are missing required install dependencies like git and curl.", "description": "Installs Git Large File Support (Git LFS) along with needed dependencies. Useful for base Dockerfiles that often are missing required install dependencies like git and curl.",
......
src/git-lfs/install.sh
View file @ f4551899
...@@ -15,10 +15,6 @@ GIT_LFS_ARCHIVE_GPG_KEY_URI="https://packagecloud.io/github/git-lfs/gpgkey" ...@@ -15,10 +15,6 @@ GIT_LFS_ARCHIVE_GPG_KEY_URI="https://packagecloud.io/github/git-lfs/gpgkey"
GIT_LFS_ARCHIVE_ARCHITECTURES="amd64 arm64" GIT_LFS_ARCHIVE_ARCHITECTURES="amd64 arm64"
GIT_LFS_ARCHIVE_VERSION_CODENAMES="stretch buster bullseye bionic focal jammy" GIT_LFS_ARCHIVE_VERSION_CODENAMES="stretch buster bullseye bionic focal jammy"
GIT_LFS_CHECKSUM_GPG_KEYS="0x88ace9b29196305ba9947552f1ba225c0223b187 0x86cd3297749375bcf8206715f54fe648088335a9 0xaa3b3450295830d2de6db90caba67be5a5795889" GIT_LFS_CHECKSUM_GPG_KEYS="0x88ace9b29196305ba9947552f1ba225c0223b187 0x86cd3297749375bcf8206715f54fe648088335a9 0xaa3b3450295830d2de6db90caba67be5a5795889"
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
set -e set -e
...@@ -64,15 +60,52 @@ find_version_from_git_tags() { ...@@ -64,15 +60,52 @@ find_version_from_git_tags() {
echo "${variable_name}=${!variable_name}" echo "${variable_name}=${!variable_name}"
} }
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as # Import the specified key in a variable name passed in as
receive_gpg_keys() { receive_gpg_keys() {
local keys=${!1} local keys=${!1}
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it. # GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0 local retry_count=0
local gpg_ok="false" local gpg_ok="false"
......
src/git/devcontainer-feature.json
View file @ f4551899
{ {
"id": "git", "id": "git",
"version": "1.3.0", "version": "1.3.1",
"name": "Git (from source)", "name": "Git (from source)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/git", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/git",
"description": "Install an up-to-date version of Git, built from source as needed. Useful for when you want the latest and greatest features. Auto-detects latest stable version and installs needed dependencies.", "description": "Install an up-to-date version of Git, built from source as needed. Useful for when you want the latest and greatest features. Auto-detects latest stable version and installs needed dependencies.",
......
src/git/install.sh
View file @ f4551899
...@@ -11,10 +11,6 @@ GIT_VERSION=${VERSION} # 'system' checks the base image first, else installs 'la ...@@ -11,10 +11,6 @@ GIT_VERSION=${VERSION} # 'system' checks the base image first, else installs 'la
USE_PPA_IF_AVAILABLE=${PPA} USE_PPA_IF_AVAILABLE=${PPA}
GIT_CORE_PPA_ARCHIVE_GPG_KEY=E1DD270288B4E6030699E45FA1715D88E1DF1F24 GIT_CORE_PPA_ARCHIVE_GPG_KEY=E1DD270288B4E6030699E45FA1715D88E1DF1F24
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
if [ "$(id -u)" -ne 0 ]; then if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
...@@ -68,6 +64,38 @@ clean_up() { ...@@ -68,6 +64,38 @@ clean_up() {
} }
clean_up clean_up
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as # Import the specified key in a variable name passed in as
receive_gpg_keys() { receive_gpg_keys() {
local keys=${!1} local keys=${!1}
...@@ -77,11 +105,16 @@ receive_gpg_keys() { ...@@ -77,11 +105,16 @@ receive_gpg_keys() {
keyring_args="--no-default-keyring --keyring $2" keyring_args="--no-default-keyring --keyring $2"
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it. # GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0 local retry_count=0
local gpg_ok="false" local gpg_ok="false"
......
src/github-cli/devcontainer-feature.json
View file @ f4551899
{ {
"id": "github-cli", "id": "github-cli",
"version": "1.0.12", "version": "1.0.13",
"name": "GitHub CLI", "name": "GitHub CLI",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/github-cli", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/github-cli",
"description": "Installs the GitHub CLI. Auto-detects latest version and installs needed dependencies.", "description": "Installs the GitHub CLI. Auto-detects latest version and installs needed dependencies.",
......
src/github-cli/install.sh
View file @ f4551899
...@@ -11,10 +11,6 @@ CLI_VERSION=${VERSION:-"latest"} ...@@ -11,10 +11,6 @@ CLI_VERSION=${VERSION:-"latest"}
INSTALL_DIRECTLY_FROM_GITHUB_RELEASE=${INSTALLDIRECTLYFROMGITHUBRELEASE:-"true"} INSTALL_DIRECTLY_FROM_GITHUB_RELEASE=${INSTALLDIRECTLYFROMGITHUBRELEASE:-"true"}
GITHUB_CLI_ARCHIVE_GPG_KEY=23F3D4EA75716059 GITHUB_CLI_ARCHIVE_GPG_KEY=23F3D4EA75716059
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
set -e set -e
...@@ -26,6 +22,37 @@ if [ "$(id -u)" -ne 0 ]; then ...@@ -26,6 +22,37 @@ if [ "$(id -u)" -ne 0 ]; then
exit 1 exit 1
fi fi
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as # Import the specified key in a variable name passed in as
receive_gpg_keys() { receive_gpg_keys() {
...@@ -35,11 +62,16 @@ receive_gpg_keys() { ...@@ -35,11 +62,16 @@ receive_gpg_keys() {
keyring_args="--no-default-keyring --keyring $2" keyring_args="--no-default-keyring --keyring $2"
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it. # GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0 local retry_count=0
local gpg_ok="false" local gpg_ok="false"
......
src/kubectl-helm-minikube/devcontainer-feature.json
View file @ f4551899
{ {
"id": "kubectl-helm-minikube", "id": "kubectl-helm-minikube",
"version": "1.1.9", "version": "1.1.10",
"name": "Kubectl, Helm, and Minikube", "name": "Kubectl, Helm, and Minikube",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/kubectl-helm-minikube", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/kubectl-helm-minikube",
"description": "Installs latest version of kubectl, Helm, and optionally minikube. Auto-detects latest versions and installs needed dependencies.", "description": "Installs latest version of kubectl, Helm, and optionally minikube. Auto-detects latest versions and installs needed dependencies.",
......
src/kubectl-helm-minikube/install.sh
View file @ f4551899
...@@ -22,10 +22,6 @@ MINIKUBE_SHA256="${MINIKUBE_SHA256:-"automatic"}" ...@@ -22,10 +22,6 @@ MINIKUBE_SHA256="${MINIKUBE_SHA256:-"automatic"}"
USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}" USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
HELM_GPG_KEYS_URI="https://raw.githubusercontent.com/helm/helm/main/KEYS" HELM_GPG_KEYS_URI="https://raw.githubusercontent.com/helm/helm/main/KEYS"
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
if [ "$(id -u)" -ne 0 ]; then if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
...@@ -234,6 +230,38 @@ get_helm() { ...@@ -234,6 +230,38 @@ get_helm() {
curl -sSL "https://github.com/helm/helm/releases/download/${HELM_VERSION}/${helm_filename}.asc" -o "${tmp_helm_filename}.asc" curl -sSL "https://github.com/helm/helm/releases/download/${HELM_VERSION}/${helm_filename}.asc" -o "${tmp_helm_filename}.asc"
} }
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
if [ ${HELM_VERSION} != "none" ]; then if [ ${HELM_VERSION} != "none" ]; then
# Install Helm, verify signature and checksum # Install Helm, verify signature and checksum
echo "Downloading Helm..." echo "Downloading Helm..."
...@@ -255,7 +283,7 @@ if [ ${HELM_VERSION} != "none" ]; then ...@@ -255,7 +283,7 @@ if [ ${HELM_VERSION} != "none" ]; then
mkdir -p "${GNUPGHOME}" mkdir -p "${GNUPGHOME}"
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
curl -sSL "${HELM_GPG_KEYS_URI}" -o /tmp/helm/KEYS curl -sSL "${HELM_GPG_KEYS_URI}" -o /tmp/helm/KEYS
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
gpg -q --import "/tmp/helm/KEYS" gpg -q --import "/tmp/helm/KEYS"
if ! gpg --verify "${tmp_helm_filename}.asc" > ${GNUPGHOME}/verify.log 2>&1; then if ! gpg --verify "${tmp_helm_filename}.asc" > ${GNUPGHOME}/verify.log 2>&1; then
echo "Verification failed!" echo "Verification failed!"
......
src/python/devcontainer-feature.json
View file @ f4551899
{ {
"id": "python", "id": "python",
"version": "1.6.2", "version": "1.6.3",
"name": "Python", "name": "Python",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/python", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/python",
"description": "Installs the provided version of Python, as well as PIPX, and other common Python utilities. JupyterLab is conditionally installed with the python feature. Note: May require source code compilation.", "description": "Installs the provided version of Python, as well as PIPX, and other common Python utilities. JupyterLab is conditionally installed with the python feature. Note: May require source code compilation.",
......
src/python/install.sh
View file @ f4551899
...@@ -31,12 +31,7 @@ ADDITIONAL_VERSIONS="${ADDITIONALVERSIONS:-""}" ...@@ -31,12 +31,7 @@ ADDITIONAL_VERSIONS="${ADDITIONALVERSIONS:-""}"
# Comma-separated list of additional tools to be installed via pipx. # Comma-separated list of additional tools to be installed via pipx.
IFS="," read -r -a DEFAULT_UTILS <<< "${TOOLSTOINSTALL:-flake8,autopep8,black,yapf,mypy,pydocstyle,pycodestyle,bandit,pipenv,virtualenv,pytest}" IFS="," read -r -a DEFAULT_UTILS <<< "${TOOLSTOINSTALL:-flake8,autopep8,black,yapf,mypy,pydocstyle,pycodestyle,bandit,pipenv,virtualenv,pytest}"
PYTHON_SOURCE_GPG_KEYS="64E628F8D684696D B26995E310250568 2D347EA6AA65421D FB9921286F5E1540 3A5CA953F73C700D 04C367C218ADD4FF 0EDDC5F26A45C816 6AF053F07D9DC8D2 C9BE28DEE6DF025C 126EB563A74B06BF D9866941EA5BBD71 ED9D77D5 A821E680E5FA6305" PYTHON_SOURCE_GPG_KEYS="64E628F8D684696D B26995E310250568 2D347EA6AA65421D FB9921286F5E1540 3A5CA953F73C700D 04C367C218ADD4FF 0EDDC5F26A45C816 6AF053F07D9DC8D2 C9BE28DEE6DF025C 126EB563A74B06BF D9866941EA5BBD71 ED9D77D5 A821E680E5FA6305"
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
KEYSERVER_PROXY="${HTTPPROXY:-"${HTTP_PROXY:-""}"}" KEYSERVER_PROXY="${HTTPPROXY:-"${HTTP_PROXY:-""}"}"
...@@ -130,6 +125,38 @@ updaterc() { ...@@ -130,6 +125,38 @@ updaterc() {
fi fi
} }
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as # Import the specified key in a variable name passed in as
receive_gpg_keys() { receive_gpg_keys() {
local keys=${!1} local keys=${!1}
...@@ -143,11 +170,16 @@ receive_gpg_keys() { ...@@ -143,11 +170,16 @@ receive_gpg_keys() {
keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}"
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it. # GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0 local retry_count=0
local gpg_ok="false" local gpg_ok="false"
...@@ -182,6 +214,11 @@ receive_gpg_keys_centos7() { ...@@ -182,6 +214,11 @@ receive_gpg_keys_centos7() {
keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}"
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
...@@ -193,7 +230,7 @@ receive_gpg_keys_centos7() { ...@@ -193,7 +230,7 @@ receive_gpg_keys_centos7() {
set +e set +e
echo "(*) Downloading GPG keys..." echo "(*) Downloading GPG keys..."
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ]; do until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ]; do
for keyserver in $(echo "${GPG_KEY_SERVERS}" | sed 's/keyserver //'); do for keyserver in $(echo "$(get_gpg_key_servers)" | sed 's/keyserver //'); do
( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys --keyserver=${keyserver} ) 2>&1 ( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys --keyserver=${keyserver} ) 2>&1
downloaded_keys=$(gpg --list-keys | grep ^pub | wc -l) downloaded_keys=$(gpg --list-keys | grep ^pub | wc -l)
if [[ ${num_keys} = ${downloaded_keys} ]]; then if [[ ${num_keys} = ${downloaded_keys} ]]; then
......
src/ruby/devcontainer-feature.json
View file @ f4551899
{ {
"id": "ruby", "id": "ruby",
"version": "1.2.2", "version": "1.2.3",
"name": "Ruby (via rvm)", "name": "Ruby (via rvm)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/ruby", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/ruby",
"description": "Installs Ruby, rvm, rbenv, common Ruby utilities, and needed dependencies.", "description": "Installs Ruby, rvm, rbenv, common Ruby utilities, and needed dependencies.",
......
src/ruby/install.sh
View file @ f4551899
...@@ -23,10 +23,6 @@ ADDITIONAL_VERSIONS="${ADDITIONALVERSIONS:-""}" ...@@ -23,10 +23,6 @@ ADDITIONAL_VERSIONS="${ADDITIONALVERSIONS:-""}"
DEFAULT_GEMS="rake" DEFAULT_GEMS="rake"
RVM_GPG_KEYS="409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB" RVM_GPG_KEYS="409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB"
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
set -e set -e
...@@ -72,6 +68,38 @@ updaterc() { ...@@ -72,6 +68,38 @@ updaterc() {
fi fi
} }
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as # Import the specified key in a variable name passed in as
receive_gpg_keys() { receive_gpg_keys() {
local keys=${!1} local keys=${!1}
...@@ -80,11 +108,16 @@ receive_gpg_keys() { ...@@ -80,11 +108,16 @@ receive_gpg_keys() {
keyring_args="--no-default-keyring --keyring \"$2\"" keyring_args="--no-default-keyring --keyring \"$2\""
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it. # GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0 local retry_count=0
local gpg_ok="false" local gpg_ok="false"
......
src/terraform/devcontainer-feature.json
View file @ f4551899
{ {
"id": "terraform", "id": "terraform",
"version": "1.3.7", "version": "1.3.8",
"name": "Terraform, tflint, and TFGrunt", "name": "Terraform, tflint, and TFGrunt",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/terraform", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/terraform",
"description": "Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.", "description": "Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.",
......
src/terraform/install.sh
View file @ f4551899
...@@ -28,9 +28,6 @@ TERRAFORM_DOCS_SHA256="${TERRAFORM_DOCS_SHA256:-"automatic"}" ...@@ -28,9 +28,6 @@ TERRAFORM_DOCS_SHA256="${TERRAFORM_DOCS_SHA256:-"automatic"}"
TERRAFORM_GPG_KEY="72D7468F" TERRAFORM_GPG_KEY="72D7468F"
TFLINT_GPG_KEY_URI="https://raw.githubusercontent.com/terraform-linters/tflint/v0.46.1/8CE69160EB3F2FE9.key" TFLINT_GPG_KEY_URI="https://raw.githubusercontent.com/terraform-linters/tflint/v0.46.1/8CE69160EB3F2FE9.key"
GPG_KEY_SERVERS="keyserver hkps://keyserver.ubuntu.com
keyserver hkps://keys.openpgp.org
keyserver hkps://keyserver.pgp.com"
KEYSERVER_PROXY="${HTTPPROXY:-"${HTTP_PROXY:-""}"}" KEYSERVER_PROXY="${HTTPPROXY:-"${HTTP_PROXY:-""}"}"
architecture="$(uname -m)" architecture="$(uname -m)"
...@@ -47,6 +44,37 @@ if [ "$(id -u)" -ne 0 ]; then ...@@ -47,6 +44,37 @@ if [ "$(id -u)" -ne 0 ]; then
exit 1 exit 1
fi fi
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkps://keyserver.ubuntu.com"]="https://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkps://keyserver.pgp.com"]="https://keyserver.pgp.com"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as # Import the specified key in a variable name passed in as
receive_gpg_keys() { receive_gpg_keys() {
local keys=${!1} local keys=${!1}
...@@ -58,11 +86,16 @@ receive_gpg_keys() { ...@@ -58,11 +86,16 @@ receive_gpg_keys() {
keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}"
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it. # GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0 local retry_count=0
local gpg_ok="false" local gpg_ok="false"
......
test/python/install_cpython_fallback_prev_version_test.sh
View file @ f4551899
...@@ -93,6 +93,38 @@ check_packages() { ...@@ -93,6 +93,38 @@ check_packages() {
esac esac
} }
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as # Import the specified key in a variable name passed in as
receive_gpg_keys() { receive_gpg_keys() {
local keys=${!1} local keys=${!1}
...@@ -106,11 +138,16 @@ receive_gpg_keys() { ...@@ -106,11 +138,16 @@ receive_gpg_keys() {
keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}"
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it. # GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0 local retry_count=0
local gpg_ok="false" local gpg_ok="false"
...@@ -145,6 +182,11 @@ receive_gpg_keys_centos7() { ...@@ -145,6 +182,11 @@ receive_gpg_keys_centos7() {
keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}"
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
...@@ -156,7 +198,7 @@ receive_gpg_keys_centos7() { ...@@ -156,7 +198,7 @@ receive_gpg_keys_centos7() {
set +e set +e
echo "(*) Downloading GPG keys..." echo "(*) Downloading GPG keys..."
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ]; do until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ]; do
for keyserver in $(echo "${GPG_KEY_SERVERS}" | sed 's/keyserver //'); do for keyserver in $(echo "$(get_gpg_key_servers)" | sed 's/keyserver //'); do
( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys --keyserver=${keyserver} ) 2>&1 ( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys --keyserver=${keyserver} ) 2>&1
downloaded_keys=$(gpg --list-keys | grep ^pub | wc -l) downloaded_keys=$(gpg --list-keys | grep ^pub | wc -l)
if [[ ${num_keys} = ${downloaded_keys} ]]; then if [[ ${num_keys} = ${downloaded_keys} ]]; then
......
test/ruby/ruby_fallback_test.sh
View file @ f4551899
...@@ -13,10 +13,6 @@ check "ruby" ruby -v ...@@ -13,10 +13,6 @@ check "ruby" ruby -v
trap 'echo "Last executed command failed at line ${LINENO}"' ERR trap 'echo "Last executed command failed at line ${LINENO}"' ERR
RVM_GPG_KEYS="409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB" RVM_GPG_KEYS="409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB"
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkp://keyserver.ubuntu.com:80
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
# Clean up # Clean up
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
...@@ -63,6 +59,38 @@ check_packages() { ...@@ -63,6 +59,38 @@ check_packages() {
fi fi
} }
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as # Import the specified key in a variable name passed in as
receive_gpg_keys() { receive_gpg_keys() {
local keys=${!1} local keys=${!1}
...@@ -71,11 +99,16 @@ receive_gpg_keys() { ...@@ -71,11 +99,16 @@ receive_gpg_keys() {
keyring_args="--no-default-keyring --keyring \"$2\"" keyring_args="--no-default-keyring --keyring \"$2\""
fi fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image # Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg" export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME} mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME} chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" | tee ${GNUPGHOME}/dirmngr.conf > /dev/null echo -e "disable-ipv6\n$(get_gpg_key_servers)" | tee ${GNUPGHOME}/dirmngr.conf > /dev/null
# GPG key download sometimes fails for some reason and retrying fixes it. # GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0 local retry_count=0
local gpg_ok="false" local gpg_ok="false"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment