airflow: Apt MySQL Client fails to install due to incorrect GPG Key
Apache Airflow version
2.0.2
What happened
When attempting to rebuild an apache airflow image, we are getting failures during our builds when trying to run apt-get update.
The error we see:
#5 3.879 W: GPG error: http://repo.mysql.com/apt/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 467B942D3A79BD29
#5 3.879 E: The repository 'http://repo.mysql.com/apt/debian buster InRelease' is not signed.
What you expected to happen
This behaviour shouldn’t occur but it looks like some changes were published to the mysql apt repository this morning which is when we started experiencing issues.
I think we just need to update the airflow script which installs mysql and has a key already hardcoded here.
How to reproduce
Create a Dockerfile. Add the following lines to the Dockerfile:
FROM apache/airflow:2.0.2-python3.7 as airflow_main
USER root
RUN apt-get update
In a shell
run command -> docker build .
Operating System
Debian 10
Versions of Apache Airflow Providers
No response
Deployment
Docker-Compose
Deployment details
No response
Anything else
We were able to fix this by running the following command before the apt-get update
FROM apache/airflow:2.0.2-python3.7 as airflow_main
USER root
RUN sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29
RUN apt-get update
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project’s Code of Conduct
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 23
- Comments: 24 (16 by maintainers)
Commits related to this issue
- Switch to new MySQL public key MySQL changed key used to sign their apt packages. This caused docker building failing for prod images as MySQL could not be installed. New Public Key is used instead.... — committed to potiuk/airflow by potiuk 2 years ago
- Switch to new MySQL public key (#20912) MySQL changed key used to sign their apt packages. This caused docker building failing for prod images as MySQL could not be installed. New Public Key is ... — committed to apache/airflow by potiuk 2 years ago
- Switch to new MySQL public key (#20912) MySQL changed key used to sign their apt packages. This caused docker building failing for prod images as MySQL could not be installed. New Public Key is used... — committed to apache/airflow by potiuk 2 years ago
- Switch to new MySQL public key (#20912) MySQL changed key used to sign their apt packages. This caused docker building failing for prod images as MySQL could not be installed. New Public Key is used... — committed to apache/airflow by potiuk 2 years ago
- Update docker base image to a version where https://github.com/apache/airflow/issues/20911 is fixed. — committed to rocs-org/data-pipelines by jakobkolb 2 years ago
- Update docker base image to a version where https://github.com/apache/airflow/issues/20911 is fixed. — committed to rocs-org/data-pipelines by jakobkolb 2 years ago
In ubuntu you can run this command
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29The actual fix for this, on the OS level, is
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29(or whatever key ID are you missing)I have the same error:
How do you update the public key for the mysql repository?
I am just refreshing all the images down to 2.1.0. We have a “reproducible” Docker prod imge preparation system that allows us to do this.
https://github.com/apache/airflow/pull/20912/files - this is a fix for us. Somethng like that might work for you. If you can’t get it work reach out to paid support of MySQL.
hello this is hitting us with 2.1.4 is there a workaround ?
@potiuk Hello, 2.1.3 doesn’t work
@potiuk confirming that this now works on
2.0.2.Yep. OUR CI builds started to fail this morning too. Switching to the new mysql public key now.