[Git-Lfs] - Solution to #1072 issue - Can't download public key (#1124)

* [Git-Lfs] - Solution to #1072 issue * bumped patch version for ths feature
devcontainers · Sep 23, 2024 · d849e12 · d849e12
1 parent d1c0cc2
commit d849e12
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 12 deletions.
diff --git a/src/git-lfs/devcontainer-feature.json b/src/git-lfs/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "git-lfs",
-    "version": "1.2.2",
+    "version": "1.2.3",
     "name": "Git Large File Support (LFS)",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/git-lfs",
     "description": "Installs Git Large File Support (Git LFS) along with needed dependencies. Useful for base Dockerfiles that often are missing required install dependencies like git and curl.",

diff --git a/src/git-lfs/install.sh b/src/git-lfs/install.sh
@@ -62,29 +62,33 @@ find_version_from_git_tags() {
 
 # Get the list of GPG key servers that are reachable
 get_gpg_key_servers() {
-    declare -A keyservers_curl_map=(
-        ["hkp://keyserver.ubuntu.com"]="http://keyserver.ubuntu.com:11371"
-        ["hkp://keyserver.ubuntu.com:80"]="http://keyserver.ubuntu.com"
-        ["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
-        ["hkp://keyserver.pgp.com"]="http://keyserver.pgp.com:11371"
-    )
-
     local curl_args=""
     local keyserver_reachable=false  # Flag to indicate if any keyserver is reachable
 
     if [ ! -z "${KEYSERVER_PROXY}" ]; then
         curl_args="--proxy ${KEYSERVER_PROXY}"
     fi
 
-    for keyserver in "${!keyservers_curl_map[@]}"; do
-        local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
-        if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
+    test_keyserver() {
+        local keyserver="$1"
+        local keyserver_curl_url="$2"
+        if curl -s ${curl_args} --max-time 5 "${keyserver_curl_url}" > /dev/null; then
             echo "keyserver ${keyserver}"
             keyserver_reachable=true
         else
             echo "(*) Keyserver ${keyserver} is not reachable." >&2
         fi
-    done
+    }
+
+    # Explicitly test these in order because Bash v4.4.20 (Ubuntu Bionic)
+    # enumerates associative array keys in a different order than Bash v5
+    test_keyserver "hkp://keyserver.ubuntu.com"    "http://keyserver.ubuntu.com:11371"
+    test_keyserver "hkp://keyserver.ubuntu.com:80" "http://keyserver.ubuntu.com"
+    test_keyserver "hkp://keyserver.pgp.com"       "http://keyserver.pgp.com:11371"
+    # Test this server last because keys.openpgp.org strips user IDs from keys unless
+    # the owner gives permission, which causes gpg in Ubuntu Bionic to reject the key
+    # (https://github.com/devcontainers/features/issues/1055)
+    test_keyserver "hkps://keys.openpgp.org"       "https://keys.openpgp.org"
 
     if ! $keyserver_reachable; then
         echo "(!) No keyserver is reachable." >&2