Docker-node: gpg: keyserver timed out

Created on 28 Feb 2017  Â·  19Comments  Â·  Source: nodejs/docker-node

I started to get this error every time I try to install node myself. I run this on a machine where the build worked until today. Any advice?

Building web
Step 1 : FROM ruby:2.3.3
 ---> 015bb3c9eda3
Step 2 : RUN apt-get update && apt-get install -y cron sqlite3 gettext-base rsync --no-install-recommends && rm -rf /var/lib/apt/lists/*
 ---> Using cache
 ---> 7abbb6ea8dde
Step 3 : RUN set -ex   && for key in     9554F04D7259F04124DE6B476D5A82AC7E37093B     94AE36675C464D64BAFA68DD7434390BDBE9B9C5     0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93     FD3A5288F042B6850C66B31F09FE44734EB7990E     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1     DD8F2338BAE7501E3DD5AC78C273792F7D83545D     B9AE9905FFD7803F25714661B63B535A4C206CA9     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8   ; do
   gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key";   done
 ---> Running in dda750f4e732
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key 7E37093B from hkp server ha.pool.sks-keyservers.net
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 7E37093B: public key "Christopher Dickinson <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg: requesting key DBE9B9C5 from hkp server ha.pool.sks-keyservers.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
picture andricicezar

Most helpful comment

Ah, so we've found that pool.sks-keyservers.net isn't too reliable (especially in out test builds) so we try multiple keyservers now:

# gpg keys listed at https://github.com/nodejs/node#release-team
RUN set -ex \
  && for key in \
    9554F04D7259F04124DE6B476D5A82AC7E37093B \
    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
    FD3A5288F042B6850C66B31F09FE44734EB7990E \
    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
    56730D5401028683275BD23C23EFEFE93C4CFFFE \
  ; do \
    gpg --keyserver pgp.mit.edu --recv-keys "$key" || \
    gpg --keyserver keyserver.pgp.com --recv-keys "$key" || \
    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" ; \
  done
picture chorrell on 10 Aug 2017
👍104

All 19 comments

I don't know why, but sometimes goes even further, but it never finish the list. Any ideas why?

Building web
Step 1 : FROM ruby:2.3.3
 ---> 015bb3c9eda3
Step 2 : RUN apt-get update && apt-get install -y cron sqlite3 gettext-base rsync --no-install-recommends && rm -rf /var/lib/apt/lists/*
 ---> Using cache
 ---> 7abbb6ea8dde
Step 3 : RUN set -ex   && for key in     9554F04D7259F04124DE6B476D5A82AC7E37093B     94AE36675C464D64BAFA68DD7434390BDBE9B9C5     0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93     FD3A5288F042B6850C66B31F09FE44734EB7990E     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1     DD8F2338BAE7501E3DD5AC78C273792F7D83545D     B9AE9905FFD7803F25714661B63B535A4C206CA9     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8   ; do
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key";   done
 ---> Running in 6564b5b6cf0b
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key 7E37093B from hkp server ha.pool.sks-keyservers.net
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 7E37093B: public key "Christopher Dickinson <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg: requesting key DBE9B9C5 from hkp server ha.pool.sks-keyservers.net
gpg: key DBE9B9C5: public key "Colin Ihrig <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93
gpg: requesting key D2306D93 from hkp server ha.pool.sks-keyservers.net
gpg: key D2306D93: public key "keybase.io/octetcloud <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E
gpg: requesting key 4EB7990E from hkp server ha.pool.sks-keyservers.net
gpg: key 4EB7990E: public key "Jeremiah Senkpiel <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
gpg: requesting key 7EDE3FC1 from hkp server ha.pool.sks-keyservers.net
gpg: key 7EDE3FC1: public key "keybase.io/jasnell <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
+ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
gpg: requesting key 7D83545D from hkp server ha.pool.sks-keyservers.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
ERROR: Service 'web' failed to build: The command '/bin/sh -c set -ex   && for key in     9554F04D7259F04124DE6B476D5A82AC7E37093B     94AE36675C464D64BAFA68DD7434390BDBE9B9C5     0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93     FD3A5288F042B6850C66B31F09FE44734EB7990E     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1     DD8F2338BAE7501E3DD5AC78C273792F7D83545D     B9AE9905FFD7803F25714661B63B535A4C206CA9     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8   ; do     gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key";   done' returned a non-zero code: 2
andricicezar picture andricicezar on 28 Feb 2017

Network issue on your Docker host?

chorrell picture chorrell on 28 Feb 2017

Just had a keyserver timeout myself too. Seems like part of the "HA" pool is acting up.

pesho picture pesho on 28 Feb 2017

The https://sks-keyservers.net/ website is also offline btw.

pesho picture pesho on 28 Feb 2017

Hmmm.. I thought we fixed this with nodejs/docker-node#31 😕

Starefossen picture Starefossen on 28 Feb 2017

Well, we did but the OP might not be doing it the same way?

@andricicezar what does your Dockerfile look like?

chorrell picture chorrell on 28 Feb 2017

Hmmm.. I thought we fixed this with nodejs/docker-node#31

I don't think so. Before that fix the build process continued even if some key(s) failed to download. Now it (correctly) fails in such cases.

pesho picture pesho on 28 Feb 2017

Oh, that's right! nodejs/docker-node#31 ensures we fail early. So I guess ha.pool.sks-keyservers.net isn't exactly "HA"? ¯\_(ツ)_/¯

chorrell picture chorrell on 28 Feb 2017

This is my Dockerfile:

FROM ruby:2.3.3

RUN apt-get update && apt-get install -y cron sqlite3 gettext-base rsync --no-install-recommends && rm -rf /var/lib/apt/lists/*

RUN set -ex \
  && for key in \
    9554F04D7259F04124DE6B476D5A82AC7E37093B \
    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
    0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 \
    FD3A5288F042B6850C66B31F09FE44734EB7990E \
    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
  ; do \
    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
  done
andricicezar picture andricicezar on 28 Feb 2017

Can you try your build again? It seems like there were issues with ha.pool.sks-keyservers.net (as well as S3 and a whole lot of other stuff) but it might be ok now.

chorrell picture chorrell on 28 Feb 2017

Yeah, there were issues with ha.pool.sks-keyservers.net. I found a different server and used that instead of the ha.

Thank you for your help and this project!

andricicezar picture andricicezar on 3 Mar 2017

It seems like key 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 is no longer valid, I've searched it in several servers and all of them returned NOT FOUND

luislobo picture luislobo on 10 Aug 2017

That's odd. It should belong to one of the members of the Node.js release team

https://github.com/nodejs/node#release-team

And I was able to import the key locally via gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5

chorrell picture chorrell on 10 Aug 2017

yeah, for some reason, some of the keys work in my docker file, but others dont.
I had to comment out a couple:

# Prepare NODE options, keys and repositories
## gpg keys listed at https://github.com/nodejs/node
RUN set -ex \
  && for key in \
#    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
    FD3A5288F042B6850C66B31F09FE44734EB7990E \
#    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
    56730D5401028683275BD23C23EFEFE93C4CFFFE \
  ; do \
    gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"; \
  done
luislobo picture luislobo on 10 Aug 2017

Both do work outside of the container though.

luislobo picture luislobo on 10 Aug 2017

Part of my Dockerfile:

FROM ubuntu:16.04
MAINTAINER Luis Lobo Borobia <[email protected]>

RUN apt-get update && apt-get install -y apt-utils
RUN apt-get dist-upgrade -y

## add curl as it is used after
RUN apt-get install -y curl xz-utils unzip telnet locales bzip2

## UTF-8
RUN locale-gen en_US.UTF-8
ENV LANG       en_US.UTF-8
ENV LC_ALL     en_US.UTF-8
RUN localedef -i en_US -f UTF-8 en_US.UTF-8

# Prepare NODE options, keys and repositories
## gpg keys listed at https://github.com/nodejs/node
RUN set -ex \
  && for key in \
#    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
    FD3A5288F042B6850C66B31F09FE44734EB7990E \
#    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
    56730D5401028683275BD23C23EFEFE93C4CFFFE \
  ; do \
    gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"; \
  done
luislobo picture luislobo on 10 Aug 2017

Ah, so we've found that pool.sks-keyservers.net isn't too reliable (especially in out test builds) so we try multiple keyservers now:

# gpg keys listed at https://github.com/nodejs/node#release-team
RUN set -ex \
  && for key in \
    9554F04D7259F04124DE6B476D5A82AC7E37093B \
    94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
    FD3A5288F042B6850C66B31F09FE44734EB7990E \
    71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
    DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
    B9AE9905FFD7803F25714661B63B535A4C206CA9 \
    C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
    56730D5401028683275BD23C23EFEFE93C4CFFFE \
  ; do \
    gpg --keyserver pgp.mit.edu --recv-keys "$key" || \
    gpg --keyserver keyserver.pgp.com --recv-keys "$key" || \
    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" ; \
  done
chorrell picture chorrell on 10 Aug 2017
👍104

OK, I'll try that...

FWIW, this is my current output:

[...]

+ gpg --keyserver pool.sks-keyservers.net --recv-keys C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
gpg: requesting key CC11F4C8 from hkp server pool.sks-keyservers.net
?: pool.sks-keyservers.net: Cannot assign requested address
gpgkeys: HTTP fetch error 7: couldn't connect: Cannot assign requested address
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver unreachable
gpg: keyserver communications error: public key not found
gpg: keyserver receive failed: public key not found
The command '/bin/sh -c set -ex   && for key in     FD3A5288F042B6850C66B31F09FE44734EB7990E     DD8F2338BAE7501E3DD5AC78C273792F7D83545D     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     B9AE9905FFD7803F25714661B63B535A4C206CA9     56730D5401028683275BD23C23EFEFE93C4CFFFE   ; do     gpg --keyserver pool.sks-keyservers.net --recv-keys "$key";   done' returned a non-zero code: 2
luislobo picture luislobo on 10 Aug 2017

@chorrell it worked! Thank you!

luislobo picture luislobo on 10 Aug 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wyattjoh picture wyattjoh  Â·  22Comments
hjanuschka picture hjanuschka  Â·  30Comments
jancurn picture jancurn  Â·  22Comments
Hypnosphi picture Hypnosphi  Â·  19Comments
ORESoftware picture ORESoftware  Â·  20Comments