build: update debian-archive-keyring for archived debian repos, fixes #7320#7324
Conversation
|
Download the artifacts for this pull request:
See Testing a PR. |
|
So impressive! |
rfay
left a comment
There was a problem hiding this comment.
Looks great, minimal risk, much better approach.
| echo "deb http://archive.debian.org/debian/ stretch main contrib non-free" >/etc/apt/sources.list; \ | ||
| # Fix APT for Debian Stretch (EOL; upstream mirrors disabled) | ||
| # Based on: https://serverfault.com/a/1131653 | ||
| RUN if grep "Debian GNU/Linux 9" /etc/issue >/dev/null; then \ |
There was a problem hiding this comment.
This might be better/easier with a heredoc these days, no need to change unless you want to. https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/
| DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests -o APT::Get::AllowUnauthenticated=true debian-archive-keyring; \ | ||
| fi | ||
| # Remove obsolete MySQL 5.5/5.6 Jessie and before keys so they don't make expiration key test stumble | ||
| RUN for item in "75DD C3C4 A499 F1A1 8CB5 F3C8 CBF8 D6FD 518E 17E1" "126C 0D24 BD8A 2942 CC7D F8AC 7638 D044 2B90 D010" "D211 6914 1CEC D440 F2EB 8DDA 9D6D 8F6B C857 C906" "A1BD 8E9D 78F7 FE5C 3E65 D8AF 8B48 AD62 4692 5553" "ED6D 6527 1AAC F0FF 15D1 2303 6FB2 A1C2 65FF B764"; do \ |
| `, app.GetMinimalContainerTimeout()) | ||
| } | ||
| extraDBContent = extraDBContent + fmt.Sprintf(` | ||
| RUN set -e; source /etc/os-release; if [ "${VERSION_CODENAME:-}" = "stretch" ] || [ "${VERSION_CODENAME:-}" = "buster" ]; then \ |
There was a problem hiding this comment.
Again might be candidate for heredoc.
|
I refactored the logic to use heredoc. |
rfay
left a comment
There was a problem hiding this comment.
Looks great to me. HEREDOC format may make it a little easier to maintain in the future.
|
debian buster has been moved to archive
|
The Issue
How This PR Solves The Issue
debian-archive-keyring, which fixes the problem with Debian gpg keyscheck_key_expirations.shifcondition is now simpler/etc/apt/sources.list.d/mysql.listfrommysql:5.6vim-tinyinstead ofvimfor PostgreSQLdbimage<distro>-pgdg mainwith<distro>-pgdg-archive mainfor PostgreSQL(pgdg-archive has more packages, see https://apt-archive.postgresql.org/)
Manual Testing Instructions
Using AMD64 machine, test MySQL 5.5:
See errors here:
No errors:
Using AMD64 machine, test MySQL 5.6:
No errors:
And test different PostgreSQL configs (
ddev startconfirms successful installation):(PostgreSQL 9,10,11 will work on AMD64 only)
Automated Testing Overview
Release/Deployment Notes