universe
universe copied to clipboard
Published
20 hours ago •
mesosphere
mesosphere
Make Base Fails
I was baking an air-gapped universe and failed during the make base step. It appears that the source for the nginx server is no longer valid. I see the following error when trying to create the base image:
Step 3/10 : RUN apt-key adv --keyserver hkp://zimmermann.mayfirst.org --recv-keys "$GPG_KEY" || apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" || apt-key adv --keyserver pool.sks-keyservers.net --recv-keys "$GPG_KEY" || apt-key adv --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" || apt-key adv --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter nginx-module-perl nginx-module-njs gettext-base && rm -rf /var/lib/apt/lists/*
---> Running in 7ee646c2e73e
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.fYlLfQGqzx --no-auto-check-trustdb --trust-model always --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://zimmermann.mayfirst.org --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
gpg: requesting key 7BD9BF62 from hkp server zimmermann.mayfirst.org
gpg: key 7BD9BF62: public key "nginx signing key <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Get:1 http://nginx.org jessie InRelease [2856 B]
Get:2 http://security.debian.org jessie/updates InRelease [44.9 kB]
Get:3 http://security.debian.org jessie/updates/main amd64 Packages [822 kB]
Get:4 http://nginx.org jessie/nginx amd64 Packages [16.7 kB]
Ign http://httpredir.debian.org jessie InRelease
Ign http://httpredir.debian.org jessie-updates InRelease
Get:5 http://httpredir.debian.org jessie Release.gpg [2420 B]
Ign http://httpredir.debian.org jessie-updates Release.gpg
Get:6 http://httpredir.debian.org jessie Release [148 kB]
Ign http://httpredir.debian.org jessie-updates Release
Get:7 http://httpredir.debian.org jessie/main amd64 Packages [9098 kB]
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
Err http://httpredir.debian.org jessie-updates/main amd64 Packages
404 Not Found
Fetched 10.1 MB in 1s (5495 kB/s)
W: Failed to fetch http://httpredir.debian.org/debian/dists/jessie-updates/main/binary-amd64/Packages 404 Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.
The command '/bin/sh -c apt-key adv --keyserver hkp://zimmermann.mayfirst.org --recv-keys "$GPG_KEY" || apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" || apt-key adv --keyserver pool.sks-keyservers.net --recv-keys "$GPG_KEY" || apt-key adv --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" || apt-key adv --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter nginx-module-perl nginx-module-njs gettext-base && rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100
make: *** [base] Error 100
I have attempted on both my local workstation and an ec2 instance in us-east-1. In both cases make base failed at the same step.
Yes, nginx changed how they distribute signing keys, and Debian Jessie packages are no longer being signed.
It's not an official fix, but if you replace docker/local-universe/Dockerfile.base with the gist found here, it works:
https://gist.github.com/cneth/aaca2872f235d13a599739ca6527c54a
Keep in mind that all this stuff is really out of date and likely has many CVE's and other unpatched issues.
