I had a problem today when building the docker images for T265324, where php-igbinary would get installed from the base repository instead than from the wmf one.
The problem seems to be that the apt priority we define in our base image:
root@deneb:/srv/images/production-images# docker run --rm docker-registry.wikimedia.org/wikimedia-buster:latest /bin/cat /etc/apt/preferences.d/wikimedia Package: \* Pin: release o=Wikimedia Pin-Priority: 1001
doesn't get honored when running on deneb. This is even more mysterious:
deneb:~$ sudo docker run --rm docker-registry.wikimedia.org/wikimedia-buster:latest /bin/sh -c "echo 'Acquire::http::Proxy \"http://webproxy.codfw.wmnet:8080\";' > /etc/apt/apt.conf.d/80_proxy && apt-get update && apt-cache policy prometheus-php-fpm-exporter" Get:1 http://security.debian.org buster/updates InRelease [65.4 kB] Get:2 http://mirrors.wikimedia.org/debian buster InRelease [121 kB] Get:3 http://apt.wikimedia.org/wikimedia buster-wikimedia InRelease [99.7 kB] Get:4 http://mirrors.wikimedia.org/debian buster-updates InRelease [51.9 kB] Get:5 http://security.debian.org buster/updates/main amd64 Packages [315 kB] Get:6 http://mirrors.wikimedia.org/debian buster-backports InRelease [46.7 kB] Get:7 http://mirrors.wikimedia.org/debian buster/main amd64 Packages [10.7 MB] Get:8 http://apt.wikimedia.org/wikimedia buster-wikimedia/main amd64 Packages [63.8 kB] Get:9 http://mirrors.wikimedia.org/debian buster-updates/main amd64 Packages [8728 B] Get:10 http://mirrors.wikimedia.org/debian buster-backports/main amd64 Packages [372 kB] Get:11 http://mirrors.wikimedia.org/debian buster-backports/contrib amd64 Packages [7820 B] Fetched 11.9 MB in 2s (6640 kB/s) Reading package lists... prometheus-php-fpm-exporter: Installed: (none) Candidate: 0.4.1+git20181018.d0d1837-2 Version table: 0.4.1+git20181018.d0d1837-2 500 500 http://apt.wikimedia.org/wikimedia buster-wikimedia/main amd64 Packages
but it works with the *same image* on my computer, where I am not adding the proxy configuration:
$ sudo docker run --rm docker-registry.wikimedia.org/wikimedia-buster:latest /bin/sh -c "apt-get update && apt-cache policy prometheus-php-fpm-exporter" Get:1 http://security.debian.org buster/updates InRelease [65.4 kB] Get:2 http://security.debian.org buster/updates/main amd64 Packages [315 kB] Get:3 http://apt.wikimedia.org/wikimedia buster-wikimedia InRelease [99.7 kB] Get:4 http://mirrors.wikimedia.org/debian buster InRelease [121 kB] Get:5 http://apt.wikimedia.org/wikimedia buster-wikimedia/main amd64 Packages [63.8 kB] Get:6 http://mirrors.wikimedia.org/debian buster-updates InRelease [51.9 kB] Get:7 http://mirrors.wikimedia.org/debian buster-backports InRelease [46.7 kB] Get:8 http://mirrors.wikimedia.org/debian buster/main amd64 Packages [10.7 MB] Get:9 http://mirrors.wikimedia.org/debian buster-updates/main amd64 Packages [8728 B] Get:10 http://mirrors.wikimedia.org/debian buster-backports/main amd64 Packages [372 kB] Get:11 http://mirrors.wikimedia.org/debian buster-backports/contrib amd64 Packages [7820 B] Fetched 11.9 MB in 3s (3929 kB/s) Reading package lists... prometheus-php-fpm-exporter: Installed: (none) Candidate: 0.4.1+git20181018.d0d1837-2 Version table: 0.4.1+git20181018.d0d1837-2 1001 1001 http://apt.wikimedia.org/wikimedia buster-wikimedia/main amd64 Packages
Why is this happening? It needs to be investigated ASAP as this can lead to unintended consequences.