-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Align how http proxies are handled when fetching gpg keys for download verification #1125
base: main
Are you sure you want to change the base?
Conversation
…d verification * Copy receive_gpg_keys in python/install.sh to other features which use gpg verification * Ensure http proxy url is passed to gpg when receiving keys from servers * Could connect to key servers but not receive keys * Remove httpProxy from features as it would have been broken from the issue above
* Fix proxy arg mismatch between downloading collateral and verifying collateral * Should be both or none * Curl should automatically pick up proxy config
@rbambrough-intel please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.
Contributor License AgreementContribution License AgreementThis Contribution License Agreement (“Agreement”) is agreed to by the party signing below (“You”),
|
I noticed while trying to run a dev-container setup behind a corporate proxy that git-lfs was getting stuck waiting for gpg keys.
It downloads the collateral file from, mostly, github and then checks to make sure the hashes match up with what is expected. Due to how the proxy was being handled through the install scripts it would either failure to download the collateral (http proxy not correctly setup in container environment) or would fail to verify the collateral (http proxy setup correctly, but gpg not being passed proxy values).
To solve this I went through and aligned all of the features which use gpg checking with how the python feature does it.
I also removed the httpProxy parameter from the features which had it as anyone using it would have already had to have had the proxy correctly setup in order to download the collateral initially. I was one the fence about this change and would remove it if it is deemed no backwards compatible. I didn't see any documentation on how this type of removal should be handled.
Affected features:
git-lfs
git
github-cli
kubectl-helm-minikube
python
ruby
terraform