Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow curling to retrieve gpg key #684

Closed
AXington opened this issue Mar 13, 2018 · 3 comments
Closed

Allow curling to retrieve gpg key #684

AXington opened this issue Mar 13, 2018 · 3 comments

Comments

@AXington
Copy link

I'm trying to add the azurecli to a dockerfile I already have (since I have other dependencies using the default is not an option)

Our firewall blocks port 11371 and we don't have an https proxy we can use to get past it and our IT team does not like opening ports to the internet.

I'm not sure why you require the use of apt-key here when other repos like https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod xenial main allow you to curl down the key, see docs here:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-linux

I thought that the key in that link would work, but it does not.
@sptramer
Copy link
Contributor

@derekbekoe Is there some reason why the CLI uses a different signing key than the linked conceptual article? And can you provide me with a link to the key directly so that I can include troubleshooting instructions?

@derekbekoe
Copy link
Contributor

@AXington For historical reasons, the azure-cli package uses a different key than the other packages. Thanks for bringing it to our attention.

We will look at switching to use the same key over the coming weeks.

Until then, this may help you. You can create the .asc file for the other key yourself:

root@1cfae53cd501:/# apt-key adv --keyserver packages.microsoft.com --recv-keys 52E16F86FEE04B979B07E28DB02C46DF417A0893
Executing: /tmp/tmp.0LeY58jSeH/gpg.1.sh --keyserver
packages.microsoft.com
--recv-keys
52E16F86FEE04B979B07E28DB02C46DF417A0893
gpg: requesting key 417A0893 from hkp server packages.microsoft.com
gpg: key 417A0893: public key "MS Open Tech <interop@microsoft.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
root@1cfae53cd501:/# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   2048R/417A0893 2014-10-08
uid                  MS Open Tech <interop@microsoft.com>
sub   2048R/FF1249BC 2014-10-08

root@1cfae53cd501:/# apt-key export 417A0893 > microsoft2.asc
root@1cfae53cd501:/# cat microsoft2.asc 
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----
root@1cfae53cd501:/#

@sptramer
Copy link
Contributor

@AXington - We have resolved this issue. The new instructions for working with the signing key for apt have been updated: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest

This includes instructions for using curl. Thank you for alerting us to these problems!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sptramer @AXington @derekbekoe