Fix `gpg: keyserver receive failed: Address not available`

[lorddaedra]

Sometimes during build I see

+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
gpg: keybox '/tmp/tmp.aEHofD/pubring.kbx' created
gpg: keyserver receive failed: Address not available

Suggested solution: add servers as alternatives or/and try again in several seconds same server...

Not sure, may be related https://github.com/gliderlabs/docker-alpine/issues/254

[lorddaedra]

Okay, I fixed it via code in Nodejs Dockerfile https://github.com/nodejs/docker-node/blob/3ffba881ad5a78d33b8edf888d5406222b60686e/4.8/alpine/Dockerfile#L31,L32,L33

I suggest to copy it to Python image too...

[jumanjiman]

according to https://riseup.net/en/security/message-security/openpgp/best-practices#use-the-sks-keyserver-pool-instead-of-one-specific-server-with-secure-connections

Most OpenPGP clients come configured with a single, specific keyserver. This is not ideal because if the keyserver fails, or even worse, if it appears to work but is not functioning properly, you may not receive critical key updates. Not only is this a single point of failure, it is also a prime source of leaks of relationship information between OpenPGP users, and thus an attack target.

Therefore, we recommend using the sks keyservers pool. The machines in this pool have regular health checks to ensure that they are functioning properly. If a server is not working well, it will be removed automatically from the pool.

...snip...

This may be better to suggest as an enhancement to upstream alpine's gnupg aport.

https://bugs.alpinelinux.org/projects/alpine

https://pkgs.alpinelinux.org/packages?name=gnupg*&

[andyshinn]

Is this just a temporary DNS issue? I'm not sure what we would do in this image in this case.

[nkhanal0]

Mine was solved after I disconnected Tunnelblick. Hope disconnecting from your VPN helps.

[alexanderilyin]

@lorddaedra thanks for PR, ported to https://github.com/docker-library/php/pull/697.