Today I ran into an interesting case. An automated CI/CD pipeline, which uses Travis CI in the background, stopped working.
The build process is told to use the "focal" dist image, which uses Ubuntu 20.04 (Focal Fossa):
ck@linux:~/Git/corp/repo$ head .travis.yml
---
sudo: required
dist: focal
services:
- docker
language: generic
before_install:
The error in the build output showed a problem while running the command sudo apt-get update -q inside the before_install section:
W: GPG error: http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 Release: The following signatures were invalid: EXPKEYSIG 656408E390CFB1F5 MongoDB 4.4 Release Signing Key <packaging@mongodb.com>
E: The repository 'http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 Release' is not signed.
The command "sudo apt-get update -q" failed and exited with 100 during .
The error message makes sense: The repository key from the MongoDB repositories had expired and apt does not like this at all and throws a (valid) error. The build process retrieves the non-zero exit code and ... fails.
The first question arose was: Why does this build image use MongoDB? First I thought we added MongoDB as a service by accident, but the .travis.yml did not enable any MongoDB (see above).
So why is the MongoDB repository enabled?
It turns out that MongoDB, alongside others, is enabled by default in the Ubuntu 20.04 (Focal Fossa) image at Travis CI. The package itself is not installed unless mongodb is listed under services, but the repository is enabled by default.
This can be verified by adding a simple ls -la /etc/apt/sources.list.d/ into the before_install section (better at the top before any apt command). The output of a build shows a bunch of repos enabled by default:
$ ls -la /etc/apt/sources.list.d/
total 40
drwxr-xr-x 2 root root 4096 Jun 12 13:27 .
drwxr-xr-x 8 root root 4096 Jun 12 13:27 ..
-rw-r--r-- 1 root root 110 Feb 6 17:21 docker.list
-rw-r--r-- 1 root root 110 Feb 6 17:11 ibm_advanced_tool_chain.list
-rw-r--r-- 1 root root 90 Jun 12 13:27 mongodb-4.4.list
-rw-r--r-- 1 root root 57 Feb 6 17:18 perforce.list
-rw-r--r-- 1 root root 66 Feb 6 17:14 postgresql.list
-rw-r--r-- 1 root root 63 Feb 6 17:08 rabbitmq.list
-rw-r--r-- 1 root root 417 Feb 6 16:50 rabbitmq_rabbitmq-server.list
-rw-r--r-- 1 root root 103 Feb 6 16:50 redis.list
A quick workaround is to adjust the Travis build configuration (.travis.yml) and disable the MongoDB repository by either removing the repo file (/etc/apt/sources.list.d/mongodb-4.4.list) or by renaming it (just another suffix than .list is enough).
ck@linux:~/Git/corp/repo$ head -n 13 .travis.yml
---
sudo: required
dist: focal
services:
- docker
language: generic
before_install:
- ls -la /etc/apt/sources.list.d/
- sudo mv /etc/apt/sources.list.d/mongodb-4.4.list{,.disabled}
- sudo apt-get update -q
This quick fix works and the build process now ran through successfully (passed).
But the real solution needs to be done by Travis CI themselves, as they need to update their focal image to include the new GPG key of the MongoDB repository.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder