lxc download template needs access to hkp://pool.sks-keyservers.net
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
I'm using a cloud instance with configured http_proxy and https_proxy.
Other than that, generally "internet" access is not available.
I run:
lxc-create -t download --list
and I see:
$ sudo lxc-create -t download -n foo -- --list
Setting up the GPG keyring
and I see:
gpg --keyserver hkp://pool.
that seems un-necessary.
I've securely downloaded and installed this package (and many others). I should have been delivered that key also.
For all practical purposes, you've given me the key (as you gave me its hash), and now I'm dependent on an external (generally not highly available) network resource to get the payload.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: lxc 1.0.4-0ubuntu0.1
ProcVersionSign
Uname: Linux 3.13.0-30-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
Date: Mon Jul 7 20:43:19 2014
Ec2AMI: ami-00000023
Ec2AMIManifest: FIXME
Ec2Availability
Ec2InstanceType: m1.small
Ec2Kernel: aki-00000002
Ec2Ramdisk: ari-00000002
ProcEnviron:
TERM=screen
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
Changed in lxc (Ubuntu): | |
status: | New → Incomplete |
The required external connection is so that if we revoke the key, gpg will refuse to validate the indices and container images, therefore letting us immediately prevent any of our user from running malicious code in the event our key is compromised.
However something seems odd in your setup because I took great care to make sure all of this does work through an http proxy and it's indeed what we do on all our CI servers (no outside access, everything goes through a squid proxy) where fetching the key works perfectly fine.
Could you paste your environment and ideally proxy logs to try and figure out why things ended up hanging?