[Build][201811] Fix the jessie mirror removed issue (#14526)

* [Build][201811] Fix the jessie mirror removed issue

* Fix build break for jessie apt key expiration. (#13328)

The GPG key used for Jessie's official repos has since expired, which means building 201911 images no longer works.

Fake the time to be before the expiry date.

* [build] Fix issues caused by docker.com gpg key update. (#14063)

Why I did it
docker.com's gpg key start to work from 2023-02-23. While debian.org's gpg key expired in 2022-11.
We used a walkaround for security checking for debian gpg keys. Now we need to exclude docker.com's gpg key.

How I did it
Update docker.com's gpg key without faketime.
Update others' gpg key with faketime '2022-11'

How to verify it

* Fix build break for jessie apt key expiration

---------

Co-authored-by: Saikrishna Arcot <sarcot@microsoft.com>
Co-authored-by: Liu Shilong <shilongliu@microsoft.com>
This commit is contained in:
xumia 2023-04-07 10:31:36 +08:00 committed by GitHub
parent 523f8b4106
commit ef76e82e40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
33 changed files with 71 additions and 47 deletions

View File

@ -127,9 +127,17 @@ SONIC_BUILD_INSTRUCTION := make \
.PHONY: sonic-slave-build sonic-slave-bash init reset
.DEFAULT_GOAL := all
FAKETIME := rm -rf faketime_0.9.7-2_amd64.deb libfaketime_0.9.7-2_amd64.deb; \
curl "https://sonicstoragepublic.blob.core.windows.net/packages/libfaketime_0.9.7-2_amd64.deb?sp=r&st=2022-12-05T06:39:44Z&se=2032-12-05T14:39:44Z&spr=https&sv=2021-06-08&sr=b&sig=SDqUC7DtESpNHTc1Dsh%2B9%2Finxfo4OwNiXGw762OV2tM%3D" -o libfaketime_0.9.7-2_amd64.deb; \
curl "https://sonicstoragepublic.blob.core.windows.net/packages/faketime_0.9.7-2_amd64.deb?sp=r&st=2022-12-05T04:50:15Z&se=2033-12-06T12:50:15Z&spr=https&sv=2021-06-08&sr=b&sig=7l4dm4tyO73RwwAbRM6zNEglkOjs8bLV%2BJe9coiEHxo%3D" -o faketime_0.9.7-2_amd64.deb; \
cp faketime_0.9.7-2_amd64.deb libfaketime_0.9.7-2_amd64.deb dockers/docker-base/; \
cp faketime_0.9.7-2_amd64.deb libfaketime_0.9.7-2_amd64.deb sonic-slave/; \
cp faketime_0.9.7-2_amd64.deb libfaketime_0.9.7-2_amd64.deb dockers/docker-ptf/
%::
@$(OVERLAY_MODULE_CHECK)
@$(FAKETIME)
@docker inspect --type image $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) &> /dev/null || \
{ echo Image $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) not found. Building... ; \
$(DOCKER_BASE_BUILD) ; }

View File

@ -24,7 +24,12 @@ ENV DEBIAN_FRONTEND=noninteractive
COPY ["dpkg_01_drop", "/etc/dpkg/dpkg.cfg.d/01_drop"]
COPY ["sources.list", "/etc/apt/sources.list"]
COPY ["no-check-valid-until", "no-install-recommend-suggest", "/etc/apt/apt.conf.d/"]
RUN apt-get update
COPY ["faketime_0.9.7-2_amd64.deb", "/root"]
COPY ["libfaketime_0.9.7-2_amd64.deb","/root"]
RUN dpkg -i /root/faketime_0.9.7-2_amd64.deb /root/libfaketime_0.9.7-2_amd64.deb
RUN rm /root/faketime_0.9.7-2_amd64.deb /root/libfaketime_0.9.7-2_amd64.deb
RUN faketime "2022-11-01" apt-get update
# Pre-install fundamental packages
RUN apt-get -y install \

View File

@ -1,8 +1,8 @@
## Debian mirror on Microsoft Azure
## Ref: http://debian-archive.trafficmanager.net/
deb http://debian-archive.trafficmanager.net/debian/ jessie main contrib non-free
deb-src http://debian-archive.trafficmanager.net/debian/ jessie main contrib non-free
deb http://debian-archive.trafficmanager.net/debian-security/ jessie/updates main contrib non-free
deb-src http://debian-archive.trafficmanager.net/debian-security/ jessie/updates main contrib non-free
deb http://packages.trafficmanager.net/snapshot/debian/20230101T000234Z/ jessie main contrib non-free
deb-src http://packages.trafficmanager.net/snapshot/debian/20230101T000234Z/ jessie main contrib non-free
deb http://packages.trafficmanager.net/snapshot/debian-security/20230101T000243Z/ jessie/updates main contrib non-free
deb-src http://packages.trafficmanager.net/snapshot/debian-security/20230101T000243Z/ jessie/updates main contrib non-free
deb http://archive.debian.org/debian/ jessie-backports main contrib non-free

View File

@ -6,7 +6,7 @@ MAINTAINER Xudong Wu
ENV DEBIAN_FRONTEND=noninteractive
## Update apt's cache of available packages
RUN apt-get clean && apt-get update
RUN apt-get clean && faketime "2022-11-01" apt-get update
COPY deps /deps

View File

@ -3,7 +3,7 @@ FROM docker-base
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
# Dependencies for sonic-cfggen
RUN apt-get install -y python-lxml python-yaml python-bitarray python-pip python-dev python-natsort

View File

@ -7,7 +7,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
ENV DEBIAN_FRONTEND=noninteractive
# Update apt's cache of available packages
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
{% if docker_database_debs.strip() -%}
# Copy locally-built Debian package dependencies

View File

@ -7,7 +7,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
ENV DEBIAN_FRONTEND=noninteractive
# Update apt's cache of available packages
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
{% if docker_dhcp_relay_debs.strip() -%}
# Copy built Debian packages

View File

@ -10,7 +10,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
ENV DEBIAN_FRONTEND=noninteractive
# Update apt's cache of available packages
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
# Install required packages
RUN apt-get install -y libdbus-1-3 libdaemon0 libjansson4 libc-ares2 iproute libpython2.7

View File

@ -3,7 +3,7 @@ FROM docker-fpm-quagga
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_fpm_gobgp_debs.split(' ') -%}

View File

@ -7,7 +7,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
ENV DEBIAN_FRONTEND=noninteractive
# Update apt's cache of available packages
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
# Install required packages
RUN apt-get install -y libdbus-1-3 libdaemon0 libjansson4 libpython2.7

View File

@ -7,7 +7,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
ENV DEBIAN_FRONTEND=noninteractive
# Update apt's cache of available packages
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
# Install dependencies
RUN apt-get install -y python-pip libbsd0 libevent-2.0-5 libjansson4 libwrap0 libxml2 libpci3 libperl5.20 libpython2.7

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
RUN apt-get install -f -y ifupdown arping libdbus-1-3 libdaemon0 libjansson4 libpython2.7 pciutils

View File

@ -7,7 +7,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
ENV DEBIAN_FRONTEND=noninteractive
# Update apt's cache of available packages
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
# Install required packages
RUN apt-get install -y python-pip libpython2.7 sensord fancontrol ipmitool

View File

@ -2,8 +2,12 @@ FROM debian:jessie
MAINTAINER Pavel Shirshov
## Remove retired jessie-updates repo
RUN sed -i '/deb http:\/\/deb.debian.org\/debian jessie-updates main/d' /etc/apt/sources.list
COPY ["sources.list", "/etc/apt/sources.list"]
COPY ["faketime_0.9.7-2_amd64.deb", "/root"]
COPY ["libfaketime_0.9.7-2_amd64.deb","/root"]
RUN dpkg -i /root/faketime_0.9.7-2_amd64.deb /root/libfaketime_0.9.7-2_amd64.deb
RUN rm /root/faketime_0.9.7-2_amd64.deb /root/libfaketime_0.9.7-2_amd64.deb
RUN faketime "2022-11-01" apt-get update
## Copy dependencies
COPY \
@ -17,7 +21,6 @@ ENV DEBIAN_FRONTEND=noninteractive
## Set the apt source, update package cache and install necessary packages
RUN sed --in-place 's/httpredir.debian.org/debian-archive.trafficmanager.net/' /etc/apt/sources.list \
&& apt-get update \
&& apt-get upgrade -y \
&& apt-get dist-upgrade -y \
&& apt-get install -y \

View File

@ -0,0 +1 @@
../docker-base/sources.list

View File

@ -7,7 +7,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
ENV DEBIAN_FRONTEND=noninteractive
# Update apt's cache of available packages
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
{% if docker_router_advertiser_debs.strip() -%}
# Copy built Debian packages

View File

@ -10,7 +10,7 @@ ENV PYTHONOPTIMIZE 1
ENV DEBIAN_FRONTEND=noninteractive
# Update apt's cache of available packages
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
# Install curl so we can download and install pip later
# Also install major root CA certificates for curl to reference

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
RUN apt-get install -f -y libdbus-1-3 libdaemon0 libjansson4

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
RUN apt-get install -f -y libdbus-1-3 libdaemon0 libjansson4 libpython2.7

View File

@ -3,7 +3,7 @@ FROM docker-base
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY ["deps/applibs_*.deb", "/deps/applibs-dev_*.deb", "/deps/sx-complib_*.deb", "/deps/sxd-libs_*.deb", "/deps/sx-scew_*.deb", "/deps/sx-examples_*.deb", "/deps/sx-gen-utils_*.deb", "/deps/python-sdk-api_*.deb", "/deps/iproute2_*.deb", "/deps/mlnx-sai_*.deb", "/deps/libthrift-0.9.3_*.deb", "/deps/libnl-3-200_*.deb", "/deps/libnl-genl-3-200_*.deb", "/deps/libnl-route-3-200_*.deb", "/deps/"]

View File

@ -17,7 +17,7 @@ dpkg_apt debs/{{ deb }}{{'; '}}
{%- endfor %}
## Pre-install the fundamental packages
RUN apt-get update \
RUN faketime "2022-11-01" apt-get update \
&& apt-get -y install \
net-tools \
python-pip \

View File

@ -3,7 +3,7 @@ FROM docker-config-engine
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_syncd_bfn_debs.split(' ') -%}

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_saiserver_brcm_debs.split(' ') -%}

View File

@ -17,7 +17,7 @@ dpkg_apt debs/{{ deb }}{{'; '}}
{%- endfor %}
## Pre-install the fundamental packages
RUN apt-get update \
RUN faketime "2022-11-01" apt-get update \
&& apt-get -y install \
net-tools \
python-pip \

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_syncd_brcm_debs.split(' ') -%}

View File

@ -3,7 +3,7 @@ FROM docker-config-engine
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_syncd_invm_debs.split(' ') -%}

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_syncd_mrvl_debs.split(' ') -%}

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_saiserver_mlnx_debs.split(' ') -%}

View File

@ -17,7 +17,7 @@ dpkg_apt debs/{{ deb }}{{'; '}}
{%- endfor %}
## Pre-install the fundamental packages
RUN apt-get update \
RUN faketime "2022-11-01" apt-get update \
&& apt-get -y install \
net-tools \
python-pip \

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_syncd_mlnx_debs.split(' ') -%}

View File

@ -9,7 +9,7 @@ ENV DEBIAN_FRONTEND=noninteractive
COPY ["sonic-dev.gpg.key", "/etc/apt/"]
RUN apt-key add /etc/apt/sonic-dev.gpg.key
RUN echo "deb http://packages.microsoft.com/repos/sonic-dev/ jessie main" >> /etc/apt/sources.list
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
RUN apt-get install -y net-tools \
arping \
@ -36,7 +36,6 @@ RUN apt-get install -y net-tools \
iproute \
libpython2.7 \
grub2-common \
python-click-default-group \
python-click \
python-natsort \
python-tabulate \
@ -55,6 +54,10 @@ RUN pip install six
RUN pip install pyroute2==0.5.3 netifaces==0.10.7
RUN pip install monotonic==1.5
# Fix the python-click-default-group not found issue
RUN pip install --upgrade 'pip<21'
RUN pip install click-default-group
{% if docker_sonic_vs_debs.strip() -%}
# Copy locally-built Debian package dependencies
{%- for deb in docker_sonic_vs_debs.split(' ') %}

View File

@ -6,7 +6,7 @@ RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%s
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
COPY \
{% for deb in docker_syncd_vs_debs.split(' ') -%}

View File

@ -7,15 +7,20 @@ COPY ["no-check-valid-until", "/etc/apt/apt.conf.d/"]
## Remove retired jessie-updates repo
RUN sed -i '/deb http:\/\/deb.debian.org\/debian jessie-updates main/d' /etc/apt/sources.list
RUN echo "deb http://debian-archive.trafficmanager.net/debian/ jessie main contrib non-free" >> /etc/apt/sources.list && \
echo "deb-src http://debian-archive.trafficmanager.net/debian/ jessie main contrib non-free" >> /etc/apt/sources.list && \
echo "deb http://debian-archive.trafficmanager.net/debian-security/ jessie/updates main contrib non-free" >> /etc/apt/sources.list && \
echo "deb-src http://debian-archive.trafficmanager.net/debian-security/ jessie/updates main contrib non-free" >> /etc/apt/sources.list
RUN echo "deb http://packages.trafficmanager.net/snapshot/debian/20230101T000234Z/ jessie main contrib non-free" > /etc/apt/sources.list && \
echo "deb-src http://packages.trafficmanager.net/snapshot/debian/20230101T000234Z/ jessie main contrib non-free" >> /etc/apt/sources.list && \
echo "deb http://packages.trafficmanager.net/snapshot/debian-security/20230101T000243Z/ jessie/updates main contrib non-free" >> /etc/apt/sources.list && \
echo "deb-src http://packages.trafficmanager.net/snapshot/debian-security/20230101T000243Z/ jessie/updates main contrib non-free" >> /etc/apt/sources.list
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y \
COPY ["faketime_0.9.7-2_amd64.deb","/root"]
COPY ["libfaketime_0.9.7-2_amd64.deb","/root"]
RUN dpkg -i /root/faketime_0.9.7-2_amd64.deb /root/libfaketime_0.9.7-2_amd64.deb
RUN rm /root/faketime_0.9.7-2_amd64.deb /root/libfaketime_0.9.7-2_amd64.deb
RUN faketime "2022-11-01" apt-get update && apt-get install -y \
apt-utils \
default-jre-headless \
openssh-server \
@ -319,7 +324,7 @@ RUN git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git /
ENV PATH /usr/share/depot_tools:$PATH
# Install docker engine 17.03.2~ce-0 inside docker and enable experimental feature
RUN apt-get update
RUN faketime "2022-11-01" apt-get update
RUN apt-get install -y \
apt-transport-https \
ca-certificates \
@ -327,12 +332,11 @@ RUN apt-get install -y \
gnupg2 \
software-properties-common
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
RUN add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
RUN apt-get update
RUN echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" >> /etc/apt/sources.list.d/docker.list
RUN apt-get update -o Dir::Etc::sourcelist="sources.list.d/docker.list"
RUN apt-get install -y docker-ce=17.03.2~ce-0~debian-jessie
RUN rm /etc/apt/sources.list.d/docker.list
RUN echo "DOCKER_OPTS=\"--experimental --storage-driver=vfs\"" >> /etc/default/docker
# Remove the stale cert and refresh the certs