-
Notifications
You must be signed in to change notification settings - Fork 536
[ENH] Dockerfile - cache neurodebian apt-key #1837
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
👍 Pinning to a known key is way safer than grabbing from a keyserver every time. Biggest issue is not getting revocations or subkey rotations, though that should be handled by packages failing the apt-get checks when they start getting signed by a new key.
To check for revocations/etc, you could add apt-key adv --refresh-keys --keyserver hkp://ha.pool.sks-keyservers.net 0xA5D32F012649A5A9.
codecov-io
commented
Feb 22, 2017
Codecov Report
@@ Coverage Diff @@ ## master #1837 +/- ## ========================================== - Coverage 72.71% 72.71% -0.01% ========================================== Files 1059 1059 Lines 52550 52550 ========================================== - Hits 38212 38211 -1 - Misses 14338 14339 +1
Continue to review full report at Codecov.
|
Fixes #1834. Install a pre-cached key in the github repo instead
of fetching it from the server.
Nonetheless, I leave commented out the apt-key adv --recv key command
with the url @effigies suggested, just in case we would like to
roll back.