I have a docker recipe that does not much more than:
FROM fedora:rawhide
RUN dnf -y install ...blah...
If I run this from a Fedora host it works fine, resolving fedora:rawhide
to
registry.fedoraproject.org image ID 23902052bc28
If I run this from a non-Fedora host, such as from GitLab CI, it resolves
to docker.io/library image ID e6ff04a4b8bd.
The latter image fails when installing RPMs due tpo missing gpg keys
# dnf install numactl
Fedora 33 openh264 (From Cisco) - x86_64 5.2 kB/s | 5.1 kB 00:00
Fedora - Modular Rawhide - Developmental packages for the next 1.9 MB/s | 961 kB 00:00
Fedora - Rawhide - Developmental packages for the next Fedora 12 MB/s | 73 MB 00:06
Dependencies resolved.
===============================================================================================
Package Architecture Version Repository
Size
===============================================================================================
Installing:
numactl x86_64 2.0.12-6.fc33 rawhide
69 k
Installing dependencies:
numactl-libs x86_64 2.0.12-6.fc33 rawhide
30 k
Transaction Summary
===============================================================================================
Install 2 Packages
Total download size: 99 k
Installed size: 238 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): numactl-2.0.12-6.fc33.x86_64.rpm 543 kB/s | 69 kB 00:00
(2/2): numactl-libs-2.0.12-6.fc33.x86_64.rpm 207 kB/s | 30 kB 00:00
-----------------------------------------------------------------------------------------------
Total 219 kB/s | 99 kB 00:00
warning:
/var/cache/dnf/rawhide-2d95c80a1fa0a67d/packages/numactl-2.0.12-6.fc33.x86_64.rpm: Header
V4 RSA/SHA256 Signature, key ID 45719a39: NOKEY
Fedora - Rawhide - Developmental packages for the next Fedora 1.6 MB/s | 1.6 kB 00:00
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-33-x86_64 (0x9570FF31) is already
installed
The GPG keys listed for the "Fedora - Rawhide - Developmental packages for the next
Fedora release" repository are already installed but they are not correct for this
package.
Check that the correct key URLs are configured for this repository.. Failing package is:
numactl-2.0.12-6.fc33.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-33-x86_64
Public key for numactl-libs-2.0.12-6.fc33.x86_64.rpm is not installed. Failing package is:
numactl-libs-2.0.12-6.fc33.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-33-x86_64
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
I can see the docker.io image has older packages
# rpm -q fedora-release-container fedora-gpg-keys
fedora-release-container-33-0.9.noarch
fedora-gpg-keys-33-0.8.noarch
than the
registry.fedoraproject.org image
# rpm -q fedora-release-container fedora-gpg-keys
fedora-release-container-33-0.13.noarch
fedora-gpg-keys-33-0.11.noarch
Looking at
https://hub.docker.com/_/fedora?tab=tags I see the rawhide
image is over a month out of date.
As a workaround I tried adding
dnf update -y --nogpgcheck fedora-gpg-keys
and this pulls in fedora-gpg-keys-34-0.1.noarch on docker.io images, and
does nothing on
registry.fedoraproject.org images.
Even after the fedora-gpg-keys update, I still get gpg errors installing
RPMs.
Why is docker.io registry lagging so far behind
registry.fedoraproject.org ?
Why is the
registry.fedoraproject.org image seemingly attached to
F33 content, not pulling in F34 rawhide content ?
While the older docker.io image trying to use F34 rawhide content.
These inconsistency between the registries is making it really quite
painful for using Fedora rawhide images across different host OS.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|