Steps to replicate the issue (include links if applicable):
- Set up a wiki using MediaWiki-Docker
- Add a custom dockerfile following the steps in https://www.mediawiki.org/wiki/MediaWiki-Docker/Configuration_recipes/Customize_base_image. Example:
FROM docker-registry.wikimedia.org/dev/buster-php81-fpm:1.0.1-s2 RUN apt update && \ apt install -y sqlite3 php8.1-pcov wget vim
- Run docker compose build
What happens?:
It fails with the following errors:
=> [mediawiki internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 3.06kB 0.0s => [mediawiki internal] load metadata for docker-registry.wikimedia.org/dev/buster-php81-fpm:1.0.1-s2 0.9s => [mediawiki-web internal] load build definition from DockerfileWeb 0.0s => => transferring dockerfile: 501B 0.0s => [mediawiki-web internal] load metadata for docker-registry.wikimedia.org/dev/buster-apache2:2.0.1 0.9s => [mediawiki internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [mediawiki-web internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => CACHED [mediawiki 1/9] FROM docker-registry.wikimedia.org/dev/buster-php81-fpm:1.0.1-s2@sha256:c4a701d8aeb51c8c99c3dd73a0151598055975ebc64feacb601f3c5d65401876 0.0s => => resolve docker-registry.wikimedia.org/dev/buster-php81-fpm:1.0.1-s2@sha256:c4a701d8aeb51c8c99c3dd73a0151598055975ebc64feacb601f3c5d65401876 0.0s => CACHED [mediawiki-web 1/3] FROM docker-registry.wikimedia.org/dev/buster-apache2:2.0.1@sha256:c897ff8d994484163e4c19154b055c23c55ba2e02e44be4954e465b7ae1323e5 0.0s => => resolve docker-registry.wikimedia.org/dev/buster-apache2:2.0.1@sha256:c897ff8d994484163e4c19154b055c23c55ba2e02e44be4954e465b7ae1323e5 0.0s => ERROR [mediawiki 2/9] RUN apt update && apt install -y sqlite3 php8.1-pcov wget vim 3.7s => CANCELED [mediawiki-web 2/3] RUN apt update && apt install -y vim 3.8s ------ > [mediawiki 2/9] RUN apt update && apt install -y sqlite3 php8.1-pcov wget vim: 0.258 0.258 WARNING: apt does not have a stable CLI interface. Use with caution in scripts. 0.258 0.380 Get:1 http://security.debian.org buster/updates InRelease [34.8 kB] 0.480 Get:2 https://packages.sury.org/php buster InRelease [7559 B] 0.556 Get:3 http://apt.wikimedia.org/wikimedia buster-wikimedia InRelease [178 kB] 0.582 Get:4 http://security.debian.org buster/updates/main amd64 Packages [595 kB] 0.660 Get:5 http://mirrors.wikimedia.org/debian buster InRelease [122 kB] 0.673 Err:2 https://packages.sury.org/php buster InRelease 0.673 The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <deb@sury.org> 1.098 Get:6 http://mirrors.wikimedia.org/debian buster-updates InRelease [56.6 kB] 1.164 Get:7 http://apt.wikimedia.org/wikimedia buster-wikimedia/main amd64 Packages [94.4 kB] 1.209 Ign:8 http://mirrors.wikimedia.org/debian buster-backports InRelease 1.319 Get:9 http://mirrors.wikimedia.org/debian buster/main amd64 Packages [7909 kB] 2.242 Err:10 http://mirrors.wikimedia.org/debian buster-backports Release 2.242 404 Not Found [IP: 208.80.154.139 80] 2.351 Get:11 http://mirrors.wikimedia.org/debian buster-updates/main amd64 Packages [8788 B] 3.092 Reading package lists... 3.644 W: GPG error: https://packages.sury.org/php buster InRelease: The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 DEB.SURY.ORG Automatic Signing Key <deb@sury.org> 3.644 E: The repository 'https://packages.sury.org/php buster InRelease' is not signed. 3.644 E: The repository 'http://mirrors.wikimedia.org/debian buster-backports Release' does not have a Release file. ------ failed to solve: process "/bin/sh -c apt update && apt install -y sqlite3 php8.1-pcov wget vim" did not complete successfully: exit code: 100
What should have happened instead?:
It should complete successfully.
Software version (on Special:Version page; skip for WMF-hosted wikis like Wikipedia): master
Other information (browser name/version, screenshots, etc.):
There seem to be two things going on here: first, it seems that it's using an expired GPG key for sury (related: T360420). Second, there seem to be issues with our own packages; I've been having the sury issue for a while now, but the Wikimedia one seems new (related: T362648, T336680).