diff --git a/src/git-lfs/devcontainer-feature.json b/src/git-lfs/devcontainer-feature.json index 0c6dccad2..c9e0d9b82 100644 --- a/src/git-lfs/devcontainer-feature.json +++ b/src/git-lfs/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "git-lfs", - "version": "1.2.1", + "version": "1.2.2", "name": "Git Large File Support (LFS)", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/git-lfs", "description": "Installs Git Large File Support (Git LFS) along with needed dependencies. Useful for base Dockerfiles that often are missing required install dependencies like git and curl.", diff --git a/src/git-lfs/install.sh b/src/git-lfs/install.sh index 4d14c9918..f5c473816 100755 --- a/src/git-lfs/install.sh +++ b/src/git-lfs/install.sh @@ -15,10 +15,6 @@ GIT_LFS_ARCHIVE_GPG_KEY_URI="https://packagecloud.io/github/git-lfs/gpgkey" GIT_LFS_ARCHIVE_ARCHITECTURES="amd64 arm64" GIT_LFS_ARCHIVE_VERSION_CODENAMES="stretch buster bullseye bionic focal jammy" GIT_LFS_CHECKSUM_GPG_KEYS="0x88ace9b29196305ba9947552f1ba225c0223b187 0x86cd3297749375bcf8206715f54fe648088335a9 0xaa3b3450295830d2de6db90caba67be5a5795889" -GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com -keyserver hkp://keyserver.ubuntu.com:80 -keyserver hkps://keys.openpgp.org -keyserver hkp://keyserver.pgp.com" set -e @@ -64,15 +60,52 @@ find_version_from_git_tags() { echo "${variable_name}=${!variable_name}" } +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371" + ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} + # Import the specified key in a variable name passed in as receive_gpg_keys() { local keys=${!1} + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf + echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf # GPG key download sometimes fails for some reason and retrying fixes it. local retry_count=0 local gpg_ok="false" diff --git a/src/git/devcontainer-feature.json b/src/git/devcontainer-feature.json index 4eef35df0..2d18b8d34 100644 --- a/src/git/devcontainer-feature.json +++ b/src/git/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "git", - "version": "1.3.0", + "version": "1.3.1", "name": "Git (from source)", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/git", "description": "Install an up-to-date version of Git, built from source as needed. Useful for when you want the latest and greatest features. Auto-detects latest stable version and installs needed dependencies.", diff --git a/src/git/install.sh b/src/git/install.sh index 133bff8b1..974dc66c0 100755 --- a/src/git/install.sh +++ b/src/git/install.sh @@ -11,10 +11,6 @@ GIT_VERSION=${VERSION} # 'system' checks the base image first, else installs 'la USE_PPA_IF_AVAILABLE=${PPA} GIT_CORE_PPA_ARCHIVE_GPG_KEY=E1DD270288B4E6030699E45FA1715D88E1DF1F24 -GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com -keyserver hkp://keyserver.ubuntu.com:80 -keyserver hkps://keys.openpgp.org -keyserver hkp://keyserver.pgp.com" if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' @@ -68,6 +64,38 @@ clean_up() { } clean_up +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371" + ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} + # Import the specified key in a variable name passed in as receive_gpg_keys() { local keys=${!1} @@ -77,11 +105,16 @@ receive_gpg_keys() { keyring_args="--no-default-keyring --keyring $2" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf + echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf # GPG key download sometimes fails for some reason and retrying fixes it. local retry_count=0 local gpg_ok="false" diff --git a/src/github-cli/devcontainer-feature.json b/src/github-cli/devcontainer-feature.json index 61b249fde..9b1558ec0 100644 --- a/src/github-cli/devcontainer-feature.json +++ b/src/github-cli/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "github-cli", - "version": "1.0.12", + "version": "1.0.13", "name": "GitHub CLI", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/github-cli", "description": "Installs the GitHub CLI. Auto-detects latest version and installs needed dependencies.", diff --git a/src/github-cli/install.sh b/src/github-cli/install.sh index 2f196c981..18dae33ce 100755 --- a/src/github-cli/install.sh +++ b/src/github-cli/install.sh @@ -11,10 +11,6 @@ CLI_VERSION=${VERSION:-"latest"} INSTALL_DIRECTLY_FROM_GITHUB_RELEASE=${INSTALLDIRECTLYFROMGITHUBRELEASE:-"true"} GITHUB_CLI_ARCHIVE_GPG_KEY=23F3D4EA75716059 -GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com -keyserver hkp://keyserver.ubuntu.com:80 -keyserver hkps://keys.openpgp.org -keyserver hkp://keyserver.pgp.com" set -e @@ -26,6 +22,37 @@ if [ "$(id -u)" -ne 0 ]; then exit 1 fi +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371" + ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} # Import the specified key in a variable name passed in as receive_gpg_keys() { @@ -35,11 +62,16 @@ receive_gpg_keys() { keyring_args="--no-default-keyring --keyring $2" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf + echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf # GPG key download sometimes fails for some reason and retrying fixes it. local retry_count=0 local gpg_ok="false" diff --git a/src/kubectl-helm-minikube/devcontainer-feature.json b/src/kubectl-helm-minikube/devcontainer-feature.json index 8c5dfddc0..dabee64a5 100644 --- a/src/kubectl-helm-minikube/devcontainer-feature.json +++ b/src/kubectl-helm-minikube/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "kubectl-helm-minikube", - "version": "1.1.9", + "version": "1.1.10", "name": "Kubectl, Helm, and Minikube", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/kubectl-helm-minikube", "description": "Installs latest version of kubectl, Helm, and optionally minikube. Auto-detects latest versions and installs needed dependencies.", diff --git a/src/kubectl-helm-minikube/install.sh b/src/kubectl-helm-minikube/install.sh index 871a77ca1..c2f9ba0c9 100755 --- a/src/kubectl-helm-minikube/install.sh +++ b/src/kubectl-helm-minikube/install.sh @@ -22,10 +22,6 @@ MINIKUBE_SHA256="${MINIKUBE_SHA256:-"automatic"}" USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}" HELM_GPG_KEYS_URI="https://raw.githubusercontent.com/helm/helm/main/KEYS" -GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com -keyserver hkp://keyserver.ubuntu.com:80 -keyserver hkps://keys.openpgp.org -keyserver hkp://keyserver.pgp.com" if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' @@ -234,6 +230,38 @@ get_helm() { curl -sSL "https://github.com/helm/helm/releases/download/${HELM_VERSION}/${helm_filename}.asc" -o "${tmp_helm_filename}.asc" } +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371" + ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} + if [ ${HELM_VERSION} != "none" ]; then # Install Helm, verify signature and checksum echo "Downloading Helm..." @@ -255,7 +283,7 @@ if [ ${HELM_VERSION} != "none" ]; then mkdir -p "${GNUPGHOME}" chmod 700 ${GNUPGHOME} curl -sSL "${HELM_GPG_KEYS_URI}" -o /tmp/helm/KEYS - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf + echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf gpg -q --import "/tmp/helm/KEYS" if ! gpg --verify "${tmp_helm_filename}.asc" > ${GNUPGHOME}/verify.log 2>&1; then echo "Verification failed!" diff --git a/src/python/devcontainer-feature.json b/src/python/devcontainer-feature.json index 27417c63e..2cb4cc87b 100644 --- a/src/python/devcontainer-feature.json +++ b/src/python/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "python", - "version": "1.6.2", + "version": "1.6.3", "name": "Python", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/python", "description": "Installs the provided version of Python, as well as PIPX, and other common Python utilities. JupyterLab is conditionally installed with the python feature. Note: May require source code compilation.", diff --git a/src/python/install.sh b/src/python/install.sh index 7da236e0e..e6702add9 100755 --- a/src/python/install.sh +++ b/src/python/install.sh @@ -31,12 +31,7 @@ ADDITIONAL_VERSIONS="${ADDITIONALVERSIONS:-""}" # Comma-separated list of additional tools to be installed via pipx. IFS="," read -r -a DEFAULT_UTILS <<< "${TOOLSTOINSTALL:-flake8,autopep8,black,yapf,mypy,pydocstyle,pycodestyle,bandit,pipenv,virtualenv,pytest}" - PYTHON_SOURCE_GPG_KEYS="64E628F8D684696D B26995E310250568 2D347EA6AA65421D FB9921286F5E1540 3A5CA953F73C700D 04C367C218ADD4FF 0EDDC5F26A45C816 6AF053F07D9DC8D2 C9BE28DEE6DF025C 126EB563A74B06BF D9866941EA5BBD71 ED9D77D5 A821E680E5FA6305" -GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com -keyserver hkp://keyserver.ubuntu.com:80 -keyserver hkps://keys.openpgp.org -keyserver hkp://keyserver.pgp.com" KEYSERVER_PROXY="${HTTPPROXY:-"${HTTP_PROXY:-""}"}" @@ -130,6 +125,38 @@ updaterc() { fi } +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371" + ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} + # Import the specified key in a variable name passed in as receive_gpg_keys() { local keys=${!1} @@ -143,11 +170,16 @@ receive_gpg_keys() { keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf + echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf # GPG key download sometimes fails for some reason and retrying fixes it. local retry_count=0 local gpg_ok="false" @@ -182,6 +214,11 @@ receive_gpg_keys_centos7() { keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} @@ -193,7 +230,7 @@ receive_gpg_keys_centos7() { set +e echo "(*) Downloading GPG keys..." until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ]; do - for keyserver in $(echo "${GPG_KEY_SERVERS}" | sed 's/keyserver //'); do + for keyserver in $(echo "$(get_gpg_key_servers)" | sed 's/keyserver //'); do ( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys --keyserver=${keyserver} ) 2>&1 downloaded_keys=$(gpg --list-keys | grep ^pub | wc -l) if [[ ${num_keys} = ${downloaded_keys} ]]; then diff --git a/src/ruby/devcontainer-feature.json b/src/ruby/devcontainer-feature.json index 2a95fef8b..0618d4296 100644 --- a/src/ruby/devcontainer-feature.json +++ b/src/ruby/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "ruby", - "version": "1.2.2", + "version": "1.2.3", "name": "Ruby (via rvm)", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/ruby", "description": "Installs Ruby, rvm, rbenv, common Ruby utilities, and needed dependencies.", diff --git a/src/ruby/install.sh b/src/ruby/install.sh index a0a97f0b1..befeee4af 100755 --- a/src/ruby/install.sh +++ b/src/ruby/install.sh @@ -23,10 +23,6 @@ ADDITIONAL_VERSIONS="${ADDITIONALVERSIONS:-""}" DEFAULT_GEMS="rake" RVM_GPG_KEYS="409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB" -GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com -keyserver hkp://keyserver.ubuntu.com:80 -keyserver hkps://keys.openpgp.org -keyserver hkp://keyserver.pgp.com" set -e @@ -72,6 +68,38 @@ updaterc() { fi } +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371" + ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} + # Import the specified key in a variable name passed in as receive_gpg_keys() { local keys=${!1} @@ -80,11 +108,16 @@ receive_gpg_keys() { keyring_args="--no-default-keyring --keyring \"$2\"" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf + echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf # GPG key download sometimes fails for some reason and retrying fixes it. local retry_count=0 local gpg_ok="false" diff --git a/src/terraform/devcontainer-feature.json b/src/terraform/devcontainer-feature.json index c4294efd4..3193f25af 100644 --- a/src/terraform/devcontainer-feature.json +++ b/src/terraform/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "terraform", - "version": "1.3.7", + "version": "1.3.8", "name": "Terraform, tflint, and TFGrunt", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/terraform", "description": "Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.", diff --git a/src/terraform/install.sh b/src/terraform/install.sh index 93d27ac7a..a2aace9b4 100755 --- a/src/terraform/install.sh +++ b/src/terraform/install.sh @@ -28,9 +28,6 @@ TERRAFORM_DOCS_SHA256="${TERRAFORM_DOCS_SHA256:-"automatic"}" TERRAFORM_GPG_KEY="72D7468F" TFLINT_GPG_KEY_URI="https://raw.githubusercontent.com/terraform-linters/tflint/v0.46.1/8CE69160EB3F2FE9.key" -GPG_KEY_SERVERS="keyserver hkps://keyserver.ubuntu.com -keyserver hkps://keys.openpgp.org -keyserver hkps://keyserver.pgp.com" KEYSERVER_PROXY="${HTTPPROXY:-"${HTTP_PROXY:-""}"}" architecture="$(uname -m)" @@ -47,6 +44,37 @@ if [ "$(id -u)" -ne 0 ]; then exit 1 fi +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkps://keyserver.ubuntu.com"]="https://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkps://keyserver.pgp.com"]="https://keyserver.pgp.com" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} + # Import the specified key in a variable name passed in as receive_gpg_keys() { local keys=${!1} @@ -58,11 +86,16 @@ receive_gpg_keys() { keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf + echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf # GPG key download sometimes fails for some reason and retrying fixes it. local retry_count=0 local gpg_ok="false" diff --git a/test/python/install_cpython_fallback_prev_version_test.sh b/test/python/install_cpython_fallback_prev_version_test.sh index 85275c73b..c1beba455 100644 --- a/test/python/install_cpython_fallback_prev_version_test.sh +++ b/test/python/install_cpython_fallback_prev_version_test.sh @@ -93,6 +93,38 @@ check_packages() { esac } +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371" + ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} + # Import the specified key in a variable name passed in as receive_gpg_keys() { local keys=${!1} @@ -106,11 +138,16 @@ receive_gpg_keys() { keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf + echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf # GPG key download sometimes fails for some reason and retrying fixes it. local retry_count=0 local gpg_ok="false" @@ -145,6 +182,11 @@ receive_gpg_keys_centos7() { keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} @@ -156,7 +198,7 @@ receive_gpg_keys_centos7() { set +e echo "(*) Downloading GPG keys..." until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ]; do - for keyserver in $(echo "${GPG_KEY_SERVERS}" | sed 's/keyserver //'); do + for keyserver in $(echo "$(get_gpg_key_servers)" | sed 's/keyserver //'); do ( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys --keyserver=${keyserver} ) 2>&1 downloaded_keys=$(gpg --list-keys | grep ^pub | wc -l) if [[ ${num_keys} = ${downloaded_keys} ]]; then diff --git a/test/ruby/ruby_fallback_test.sh b/test/ruby/ruby_fallback_test.sh index 1e65e28e5..1c2179fc3 100644 --- a/test/ruby/ruby_fallback_test.sh +++ b/test/ruby/ruby_fallback_test.sh @@ -13,10 +13,6 @@ check "ruby" ruby -v trap 'echo "Last executed command failed at line ${LINENO}"' ERR RVM_GPG_KEYS="409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB" -GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com -keyserver hkp://keyserver.ubuntu.com:80 -keyserver hkps://keys.openpgp.org -keyserver hkp://keyserver.pgp.com" # Clean up rm -rf /var/lib/apt/lists/* @@ -63,6 +59,38 @@ check_packages() { fi } +# Get the list of GPG key servers that are reachable +get_gpg_key_servers() { + declare -A keyservers_curl_map=( + ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371" + ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com" + ["hkps://keys.openpgp.org"]="https://keys.openpgp.org" + ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371" + ) + + local curl_args="" + local keyserver_reachable=false # Flag to indicate if any keyserver is reachable + + if [ ! -z "${KEYSERVER_PROXY}" ]; then + curl_args="--proxy ${KEYSERVER_PROXY}" + fi + + for keyserver in "${!keyservers_curl_map[@]}"; do + local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}" + if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then + echo "keyserver ${keyserver}" + keyserver_reachable=true + else + echo "(*) Keyserver ${keyserver} is not reachable." >&2 + fi + done + + if ! $keyserver_reachable; then + echo "(!) No keyserver is reachable." >&2 + exit 1 + fi +} + # Import the specified key in a variable name passed in as receive_gpg_keys() { local keys=${!1} @@ -71,11 +99,16 @@ receive_gpg_keys() { keyring_args="--no-default-keyring --keyring \"$2\"" fi + # Install curl + if ! type curl > /dev/null 2>&1; then + check_packages curl + fi + # Use a temporary location for gpg keys to avoid polluting image export GNUPGHOME="/tmp/tmp-gnupg" mkdir -p ${GNUPGHOME} chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" | tee ${GNUPGHOME}/dirmngr.conf > /dev/null + echo -e "disable-ipv6\n$(get_gpg_key_servers)" | tee ${GNUPGHOME}/dirmngr.conf > /dev/null # GPG key download sometimes fails for some reason and retrying fixes it. local retry_count=0 local gpg_ok="false"