Docker Charm Layer

Docker layer keyserver handling for ppas is not proxy-aware, relies on apt-key and hkp

Bug #1816359 reported by Dmitrii Shcherbakov on 2019-02-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Docker Charm Layer	New	Undecided	Unassigned

Bug Description

Currently this layer first tries to use a key id to retrieve keys and uses hkp://keyserver.ubuntu.com:80 as a default value for apt-key-server which is insecure.

https://github.com/juju-solutions/layer-docker/blob/4272d1a/reactive/docker.py#L356-L362
https://github.com/juju-solutions/layer-docker/blob/4272d1a/reactive/docker.py#L553-L565

add_apt_key('9DC858229FC7DD38854AE2D88D81803C0EBFCD88')

Then it also tries to add a key by using a URL (add_apt_key_url via https://nvidia.github.io/nvidia-container-runtime/gpgkey), however, this is done by simply invoking curl without passing proxy settings explicitly.

The same applied to cuda driver handling.

See this pull request https://github.com/juju/charm-helpers/pull/248 for more information on juju-prefixed proxy settings, keyserver handling, apt-key deprecation.

The expectation is that configuring juju-http-proxy and juju-https-proxy model-configs will result in a properly deployed charm that will use this layer.

See original description

Dmitrii Shcherbakov (dmitriis) on 2019-02-18

description:

updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.