[Podman] Re: podman image for ngninx

El día Wednesday, December 06, 2023 a las 08:41:28AM -0800, Robin Lee Powell via Podman escribió: With Robin's hint I'm a bit further the road. I learned from our ID departement, that I must use a SQID proxy to connect the Internet. When I set $ export https_proxy=http://squid-r1.shr.xxxxxxxxx.org:3128 $ export http_proxy=http://squid-r1.shr.xxxxxxxxx.org:3128 The installation in the containers works in part, at least the fetch of the software works: $ nohup podman build -t nginx https://git.io/Jf8ol $ grep Get nohup.out ... Get:16 http://deb.debian.org/debian buster/main amd64 librtmp1 amd64 2.4+20151223.gitfa8646d.1-2 [60.5 kB] Get:17 http://deb.debian.org/debian-security buster/updates/main amd64 libssh2-1 amd64 1.8.0-2.1+deb10u1 [141 kB] Get:18 http://deb.debian.org/debian-security buster/updates/main amd64 libcurl3-gnutls amd64 7.64.0-4+deb10u8 [333 kB] Get:19 http://deb.debian.org/debian buster/main amd64 libreadline7 amd64 7.0-5 [151 kB] Get:20 http://deb.debian.org/debian buster/main amd64 gnupg1 amd64 1.4.23-1 [599 kB] but later the fetch for keys fail in parts, at least, see at the end of this posting. I watched with tcpdump what is fetched, these are the answers from SQUID for the contacted servers: GET.http://ha.pool.sks-keysevers.net:11371/pks/lookup?.... HTTP/1.1.503 -- GET.http://keyserver.ubuntu.com:80/pks/lookup.... HTTP/1.1.200 OK -- GET.http://p80.pool.sks-keyservers.net:80/pks/lookup... HTTP/1.1.503 Service.Unavail... -- GET.http://pgp.mit.edu:11371/pks/lookup... no answer at all from SQUID within 10 secs; What can I do for this server behind a firewall to Internet? Can the fetch and usage of the keys somehow disabled? Thanks in advance matthias ... + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + found= + echo Fetching GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from ha.pool.sks-keyservers.net Fetching GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from ha.pool.sks-keyservers.net + apt-key adv --keyserver ha.pool.sks-keyservers.net --keyserver-options timeout=10 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 Warning: apt-key output should not be parsed (stdout is not a terminal) Executing: /tmp/apt-key-gpghome.PtVEOmYXUa/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --keyserver-options timeout=10 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 gpg: requesting key 7BD9BF62 from hkp server ha.pool.sks-keyservers.net gpgkeys: key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 can't be retrieved gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: keyserver communications error: keyserver helper general error gpg: keyserver communications error: unknown pubkey algorithm gpg: keyserver receive failed: unknown pubkey algorithm + echo Fetching GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from hkp://keyserver.ubuntu.com:80 + apt-key advFetching GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from hkp://keyserver.ubuntu.com:80 --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options timeout=10 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 Warning: apt-key output should not be parsed (stdout is not a terminal) Executing: /tmp/apt-key-gpghome.w2W5sZvXEj/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options timeout=10 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 gpg: requesting key 7BD9BF62 from hkp server keyserver.ubuntu.com gpg: key 7BD9BF62: public key "nginx signing key <signing-key(a)nginx.com&gt;&quot; imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: key 350947F8: "Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster(a)debian.org&gt;&quot; not changed gpg: key 8783D481: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 13 gpg: skipped new keys: 11 gpg: w/o user IDs: 1 gpg: unchanged: 1 Fetching GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from hkp://p80.pool.sks-keyservers.net:80 + echo Fetching GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from hkp://p80.pool.sks-keyservers.net:80 + apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --keyserver-options timeout=10 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 Warning: apt-key output should not be parsed (stdout is not a terminal) Executing: /tmp/apt-key-gpghome.AVA2hAGKvu/gpg.1.sh --keyserver hkp://p80.pool.sks-keyservers.net:80 --keyserver-options timeout=10 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 gpg: requesting key 7BD9BF62 from hkp server p80.pool.sks-keyservers.net gpgkeys: key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 can't be retrieved gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: keyserver communications error: keyserver helper general error gpg: keyserver communications error: unknown pubkey algorithm gpg: keyserver receive failed: unknown pubkey algorithm + echo Fetching GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from pgp.mit.edu Fetching GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from pgp.mit.edu + apt-key adv --keyserver pgp.mit.edu --keyserver-options timeout=10 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 Warning: apt-key output should not be parsed (stdout is not a terminal) Executing: /tmp/apt-key-gpghome.rksF4VZorD/gpg.1.sh --keyserver pgp.mit.edu --keyserver-options timeout=10 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 gpg: requesting key 7BD9BF62 from hkp server pgp.mit.edu gpg: keyserver timed out gpg: keyserver receive failed: keyserver error + test -z + echo error: failed to fetch GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 error: failed to fetch GPG key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + exit 1 Error: building at STEP "RUN set -x && addgroup --system --gid 101 nginx && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates && NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; found=''; for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64|i386) echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get build-dep -y $nginxPackages && ( cd "$tempDir" && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" apt-get source --compile $nginxPackages ) && apt-mark showmanual | xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base && apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi": while running runtime: exit status 1 -- Matthias Apitz, ✉ guru(a)unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland.