Container Images issueshttps://code.immerda.ch/groups/immerda/container-images/-/issues2023-12-03T13:18:10Zhttps://code.immerda.ch/immerda/container-images/ruby/-/issues/3Ruby json library missing in ruby/devel:3.0 image2023-12-03T13:18:10ZzRuby json library missing in ruby/devel:3.0 image```
LoadError: cannot load such file -- json
``````
LoadError: cannot load such file -- json
```https://code.immerda.ch/immerda/container-images/ruby/-/issues/2Native extensions do not compile in ruby/devel:3.0 image2023-12-03T11:31:03ZzNative extensions do not compile in ruby/devel:3.0 image`gem install` in `centos:9` / `ruby/devel:3.0` image breaks compilation of native extensions with the following message in `mkmf.log`:
```
gcc: fatal error: cannot read spec file '/usr/lib/rpm/redhat/redhat-hardened-cc1': No such file o...`gem install` in `centos:9` / `ruby/devel:3.0` image breaks compilation of native extensions with the following message in `mkmf.log`:
```
gcc: fatal error: cannot read spec file '/usr/lib/rpm/redhat/redhat-hardened-cc1': No such file or directory
```
Related: https://bugs.ruby-lang.org/issues/18691https://code.immerda.ch/immerda/container-images/schleuder-web/-/issues/2Build schleuder in container2023-12-02T14:29:46ZzBuild schleuder in containerCurrently `schleuder-web` is installed from an rpm package. Use a release tarball and build it as part of the image build process instead.Currently `schleuder-web` is installed from an rpm package. Use a release tarball and build it as part of the image build process instead.https://code.immerda.ch/immerda/container-images/ruby/-/issues/1Build fails errors during downloading metadata for repository 'glei'2023-12-02T12:42:22ZzBuild fails errors during downloading metadata for repository 'glei'https://code.immerda.ch/immerda/container-images/ruby/-/jobs/61297
```
📢 Building image for ruby v3.0 on centos:9
Getting image source signatures
Copying blob sha256:e3018fbf395e040111b2ac7fd3b9ae5cc59c60b1c541d60b361e5a02df687d5c
Cop...https://code.immerda.ch/immerda/container-images/ruby/-/jobs/61297
```
📢 Building image for ruby v3.0 on centos:9
Getting image source signatures
Copying blob sha256:e3018fbf395e040111b2ac7fd3b9ae5cc59c60b1c541d60b361e5a02df687d5c
Copying config sha256:ec895ae71689ed550b58ebfcdc312932f3d06d04b3037216e9638937d0b26dd1
Writing manifest to image destination
Storing signatures
CentOS-9 - glei 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'glei':
- Curl error (6): Couldn't resolve host name for https://yum.glei.ch/el9/x86_64/repodata/repomd.xml [getaddrinfo() thread failed to start]
Error: Failed to download metadata for repo 'glei': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
level=error msg="exit status 1"
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1
```https://code.immerda.ch/immerda/container-images/schleuder-web/-/issues/1Use centos 9 as base image2023-12-03T14:14:54ZzUse centos 9 as base imagehttps://code.immerda.ch/immerda/container-images/wkd-srv/-/issues/6Support keys where the uid is just the email.2022-09-20T19:52:11ZmhSupport keys where the uid is just the email.Currently, we are filtering out the valid uids by filtering by uid as recommended by the GnuPG manual:
https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html#Specify-a-User-ID
Background is that the uid field in OpenP...Currently, we are filtering out the valid uids by filtering by uid as recommended by the GnuPG manual:
https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html#Specify-a-User-ID
Background is that the uid field in OpenPGP is just a string, that should follow the "Name <email>" convention (https://datatracker.ietf.org/doc/html/rfc4880#section-5.11) and so far most tools did.
Which is what we are doing: https://code.immerda.ch/immerda/container-images/wkd-srv/-/blob/93820943d4bb4790831a881ea5a03fabc56cd4b6/lib/wkd-srv/key.rb
The Web Key Service RFC says that "The key needs to carry a User ID packet ([RFC4880]) with that mail address." (https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/) and since RFC4880 says that by convention the
However, this means, that we do not allow importing keys where the uid is just the email and nothing more, especially no enclosing <>.
First we should validate, whether the OpenPGP community actually thinks that this is actually as intended or whether you should only see uids with emailaddresses enclosed in <> as valid emails.
Then - if we should support keys with such formatted uids - we must make sure, that we filter out uids that either match the conventional email address filter OR have an exact match on the email address.https://code.immerda.ch/immerda/container-images/wkd-srv/-/issues/5Can't import keys locally2020-12-01T14:26:26Zo@ungehorsam.chCan't import keys locallyusing the local install through iapi-hack I cannot upload a gpg key for user2@example.com. Not sure why, but it works if I remove the import filter from:
https://code.immerda.ch/immerda/container-images/wkd-srv/-/blob/master/lib/wkd-srv...using the local install through iapi-hack I cannot upload a gpg key for user2@example.com. Not sure why, but it works if I remove the import filter from:
https://code.immerda.ch/immerda/container-images/wkd-srv/-/blob/master/lib/wkd-srv/key.rb#L64https://code.immerda.ch/immerda/container-images/wkd-srv/-/issues/4Leaves many defunct gpg-agent around2020-09-22T12:51:38ZmhLeaves many defunct gpg-agent aroundAfter running a while and importing many keys we got quite some defunct gpg-agent processes:
```bash
$ ps aux | grep gpg-agent | wc -l
4331
$ ps aux | grep gpg-agent | tail
232071 32721 0.0 0.0 0 0 ? Zs Aug30 0:...After running a while and importing many keys we got quite some defunct gpg-agent processes:
```bash
$ ps aux | grep gpg-agent | wc -l
4331
$ ps aux | grep gpg-agent | tail
232071 32721 0.0 0.0 0 0 ? Zs Aug30 0:00 [gpg-agent] <defunct>
232071 32727 0.0 0.0 0 0 ? Z Aug30 0:00 [gpg-agent] <defunct>
232071 32728 0.0 0.0 0 0 ? Zs Aug30 0:00 [gpg-agent] <defunct>
232071 32735 0.0 0.0 0 0 ? Z Aug30 0:00 [gpg-agent] <defunct>
232071 32736 0.0 0.0 0 0 ? Zs Aug30 0:00 [gpg-agent] <defunct>
232071 32743 0.0 0.0 0 0 ? Z Aug30 0:00 [gpg-agent] <defunct>
232071 32744 0.0 0.0 0 0 ? Zs Aug30 0:00 [gpg-agent] <defunct>
232071 32755 0.0 0.0 0 0 ? Z Aug30 0:00 [gpg-agent] <defunct>
232071 32756 0.0 0.0 0 0 ? Zs Aug30 0:00 [gpg-agent] <defunct>
232071 32767 0.0 0.0 0 0 ? Z Aug30 0:00 [gpg-agent] <defunct>
```https://code.immerda.ch/immerda/container-images/wkd-srv/-/issues/3No support for punnycode domains2020-08-24T20:57:56ZmhNo support for punnycode domainsCurrently wkd-srv can't publish keys for uids with utf-8 domains, as the email address should be the punny-encoded one, but the keyid should/can be the utf-8 variant.Currently wkd-srv can't publish keys for uids with utf-8 domains, as the email address should be the punny-encoded one, but the keyid should/can be the utf-8 variant.https://code.immerda.ch/immerda/container-images/wkd-srv/-/issues/2Provide API to query Metadata + list all emails2020-08-29T17:53:17ZmhProvide API to query Metadata + list all emailsIt would be nice, to be able to fetch Key Metadata (e.g. expiry date, ...) over an API Call. This would allow to implement expiry date reminders etc.
Additionally, we should be able to query a list of emailaddresses we have keys for. Th...It would be nice, to be able to fetch Key Metadata (e.g. expiry date, ...) over an API Call. This would allow to implement expiry date reminders etc.
Additionally, we should be able to query a list of emailaddresses we have keys for. This would allow us to delete keys of emailaddresses we do not have anymore.