Try multiple gpg keyservers

[csandanov]

I often get an error gpg: keyserver receive failed: No keyserver available. I suggest to try multiple key servers if one fails:

ha.pool.sks-keyservers.net
hkp://keyserver.ubuntu.com:80
hkp://p80.pool.sks-keyservers.net:80
pgp.mit.edu

It's really hard to understand sometimes why a key server isn't available, for example, it may be available from travisci but not available from a local machine. It could be caused by proxy services (.e.g. cloudflare) IPs being blocked by a government regulator (hello to abhorrent Roskomnadzor) which used by a key server. Besides, sometimes it just randomly happens even on travisci, so it can improve the build time.

Example script: https://github.com/wodby/alpine/blob/master/bin/gpg_verify

[yosifkit]

My current opinion of this is expressed in docker-library/cassandra#131 (comment).

Related issues: docker-library/tomcat#87, docker-library/tomcat#108, docker-library/mysql#263 (comment), and docker-library/httpd#66 (comment)

[tianon]

Indeed, this is a rampant issue with the public PGP infrastructure in general.

We've gone back and forth on adding a similar loop but don't want to yet open the flood gates to repeat this loop in all of the images maintained in http://github.com/docker-library. We recommend just pulling the images from Docker Hub rather than building them yourself, but if you must build it, then editing the file to choose a gpg server that is better for your location is the solution (a quick sed or awk before docker build).