aws-codebuild-docker-images icon indicating copy to clipboard operation
aws-codebuild-docker-images copied to clipboard
verified publisher icon aws

gpg keyserver: https://sks-keyservers.net/ is deprecated

Open tamsky opened this issue 4 years ago • 0 comments

A gpg keyserver URL that is currently in use within many Dockerfiles has been deprecated/retired/discontinued.

https://sks-keyservers.net/ currently has a banner:

This service is deprecated. This means it is no longer maintained, 
and new HKPS certificates will not be issued. Service reliability should not be expected.

Update 2021-06-21: Due to even more GDPR takedown requests,
the DNS records for the pool will no longer be provided at all.

See upstream for source of sks.srv.dumain.com reference, mentioned below:

  • https://github.com/nodejs/node/pull/39731

This repo currently has several references to this service:

# grep sks-keyservers -r .
./unsupported_images/python/3.3.6/Dockerfile:   && (gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \
./unsupported_images/python/2.7.12/Dockerfile:  && (gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \
./unsupported_images/python/3.5.2/Dockerfile:   && (gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \
./unsupported_images/python/3.6.5/Dockerfile:   && (gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \
./unsupported_images/python/3.7.1/Dockerfile:   && (gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \
./unsupported_images/python/3.4.5/Dockerfile:   && (gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \
./unsupported_images/android-java-8/26.1.1/Dockerfile:      gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
./unsupported_images/android-java-8/26.1.1/Dockerfile:      gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
./unsupported_images/nodejs/10.14.1/Dockerfile:      gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
./unsupported_images/nodejs/10.14.1/Dockerfile:      gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
./unsupported_images/nodejs/10.1.0/Dockerfile:      gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
./unsupported_images/nodejs/10.1.0/Dockerfile:      gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
./unsupported_images/nodejs/4.4.7/Dockerfile:      gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
./unsupported_images/nodejs/5.12.0/Dockerfile:      gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
./unsupported_images/nodejs/8.11.0/Dockerfile:      gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
./unsupported_images/nodejs/8.11.0/Dockerfile:      gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
./unsupported_images/nodejs/7.0.0/Dockerfile:      gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
./unsupported_images/nodejs/4.3.2/Dockerfile:      gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
./unsupported_images/nodejs/6.3.1/Dockerfile:      gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
./unsupported_images/nodejs/6.3.1/Dockerfile:      gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
./unsupported_images/php/7.0/Dockerfile:        ( gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" \
./unsupported_images/php/5.6/Dockerfile:        ( gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" \
./unsupported_images/php/7.1/Dockerfile:        gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
./al2/aarch64/standard/1.0/Dockerfile:    && (gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \
./al2/aarch64/standard/1.0/Dockerfile:  && gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \
./al2/aarch64/standard/1.0/Dockerfile:         ( gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" \

Recommended actions:

  • [ ] In all Dockerfiles, replace all sks-keyserver.net references:
  • p80.pool.sks-keyservers.net
  • ipv4.pool.sks-keyservers.net
  • ha.pool.sks-keyservers.net with
  • sks.srv.dumain.com

tamsky avatar Aug 12 '21 06:08 tamsky