[openstack-dev] [kolla] Problem in Ubuntu check when building Kolla base image
Jeremy Stanley
fungi at yuggoth.org
Thu Jan 12 16:58:54 UTC 2017
On 2017-01-12 15:02:32 -0000 (-0000), Edmund Rhudy (BLOOMBERG/ 120 PARK) wrote:
[...]
> 2) I don't know why the OSIC Ubuntu mirror is unsigned. I feel
> like it should be a straight clone of Canonical's repos so that
> the baked-in signing key for the Ubuntu base image will just work,
> but presumably it's this way for a reason?
These mirrors have their package indices regenerated at each update
to prevent index inconsistencies which tend to plague other package
mirroring implementations. We've (the Infra team) discussed
switching to directly copying from an official mirror instead and
running some sort of consistency checker before releasing the update
to our mirror network, but so far nobody has found time to finish
work on that solution.
> 3) Specify a custom apt preferences in the gate to allow
> installing unauthenticated packages in the containers (ugly).
[...]
This is what we do currently on our untrusted single-use job nodes.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170112/3a81bc54/attachment.pgp>
More information about the OpenStack-dev
mailing list