Taragolis commented on issue #36231: URL: https://github.com/apache/airflow/issues/36231#issuecomment-1857158711
I think the problem might be on Oracle side, packages are signed by expired key `3A79BD29` and new GPG key doesn't `3A79BD29`, but according to the https://dev.mysql.com/doc/refman/8.0/en/checking-gpg-signature.html it should use new one: > [!NOTE] > The 3A79BD29 key expires on 2023-12-14. A new replacement key (A8D3785C) will sign upcoming MySQL 8.0.36 and higher packages. Both keys are installed by the MySQL repository setup packages released with MySQL 8.0.35, and both keys are also available at https://repo.mysql.com/. I've tried to reproduce on main and this also happen to me on x86_64, ARM64 not affected as usual because it use MariaDB client libraries ```bash docker build . \ --build-arg DOCKER_CONTEXT_FILES=./docker-context-files \ --build-arg INSTALL_MYSQL_CLIENT="true" \ --build-arg INSTALL_MYSQL_CLIENT_TYPE=mysql \ --build-arg INSTALL_MSSQL_CLIENT="true" \ --build-arg INSTALL_POSTGRES_CLIENT="true" \ --tag "airflow-image:dec-15" ``` Then I've tried to replace https://github.com/apache/airflow/blob/01fd0d31b46682f4d700aaacf19cfe7a0fe9a057/scripts/docker/install_mysql.sh#L113 By add both keys ```bash export_key "467B942D3A79BD29" "mysql-2022" export_key "A8D3785C" "mysql-2023" ``` then I've got ```console 7.158 Reading package lists... 7.428 W: GPG error: http://repo.mysql.com/apt/debian bookworm InRelease: The following signatures were invalid: EXPKEYSIG 467B942D3A79BD29 MySQL Release Engineering <mysql-bu...@oss.oracle.com> 7.428 E: The repository 'http://repo.mysql.com/apt/debian bookworm InRelease' is not signed. ------ Dockerfile:1506 -------------------- 1505 | # That also protects against AUFS Docker backend problem where changing the executable bit required sync 1506 | >>> RUN bash /scripts/docker/install_mysql.sh prod \ 1507 | >>> && bash /scripts/docker/install_mssql.sh prod \ 1508 | >>> && bash /scripts/docker/install_postgres.sh prod \ 1509 | >>> && adduser --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password \ 1510 | >>> --quiet "airflow" --uid "${AIRFLOW_UID}" --gid "0" --home "${AIRFLOW_USER_HOME_DIR}" \ 1511 | >>> # Make Airflow files belong to the root group and are accessible. This is to accommodate the guidelines from 1512 | >>> # OpenShift https://docs.openshift.com/enterprise/3.0/creating_images/guidelines.html 1513 | >>> && mkdir -pv "${AIRFLOW_HOME}" \ 1514 | >>> && mkdir -pv "${AIRFLOW_HOME}/dags" \ 1515 | >>> && mkdir -pv "${AIRFLOW_HOME}/logs" \ 1516 | >>> && chown -R airflow:0 "${AIRFLOW_USER_HOME_DIR}" "${AIRFLOW_HOME}" \ 1517 | >>> && chmod -R g+rw "${AIRFLOW_USER_HOME_DIR}" "${AIRFLOW_HOME}" \ 1518 | >>> && find "${AIRFLOW_HOME}" -executable -print0 | xargs --null chmod g+x \ 1519 | >>> && find "${AIRFLOW_USER_HOME_DIR}" -executable -print0 | xargs --null chmod g+x 1520 | -------------------- ``` When I keep only new one ```bash export_key "A8D3785C" "mysql" ``` then I've got ```console 14.63 Reading package lists... 14.89 W: GPG error: http://repo.mysql.com/apt/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 467B942D3A79BD29 14.89 E: The repository 'http://repo.mysql.com/apt/debian bookworm InRelease' is not signed. ------ Dockerfile:1505 -------------------- 1504 | # That also protects against AUFS Docker backend problem where changing the executable bit required sync 1505 | >>> RUN bash /scripts/docker/install_mysql.sh prod \ 1506 | >>> && bash /scripts/docker/install_mssql.sh prod \ 1507 | >>> && bash /scripts/docker/install_postgres.sh prod \ 1508 | >>> && adduser --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password \ 1509 | >>> --quiet "airflow" --uid "${AIRFLOW_UID}" --gid "0" --home "${AIRFLOW_USER_HOME_DIR}" \ 1510 | >>> # Make Airflow files belong to the root group and are accessible. This is to accommodate the guidelines from 1511 | >>> # OpenShift https://docs.openshift.com/enterprise/3.0/creating_images/guidelines.html 1512 | >>> && mkdir -pv "${AIRFLOW_HOME}" \ 1513 | >>> && mkdir -pv "${AIRFLOW_HOME}/dags" \ 1514 | >>> && mkdir -pv "${AIRFLOW_HOME}/logs" \ 1515 | >>> && chown -R airflow:0 "${AIRFLOW_USER_HOME_DIR}" "${AIRFLOW_HOME}" \ 1516 | >>> && chmod -R g+rw "${AIRFLOW_USER_HOME_DIR}" "${AIRFLOW_HOME}" \ 1517 | >>> && find "${AIRFLOW_HOME}" -executable -print0 | xargs --null chmod g+x \ 1518 | >>> && find "${AIRFLOW_USER_HOME_DIR}" -executable -print0 | xargs --null chmod g+x 1519 | -------------------- ``` Even latest provided by Oracle APT repo configurator ([mysql-apt-config_0.8.28-1_all.deb](https://repo.mysql.com/mysql-apt-config_0.8.28-1_all.deb)) use [RPM-GPG-KEY-mysql-2022](https://repo.mysql.com/RPM-GPG-KEY-mysql-2022) and not [RPM-GPG-KEY-mysql-2023](https://repo.mysql.com/RPM-GPG-KEY-mysql-2023) @potiuk Maybe it is a good point to switch to MariaDB client libraries by default for x86_64? Because I guess we have a chance to get the same troubleshooting in the end of the 2024. And this is not first time when Oracle MySQL libraries have some problem when MariaDB not, e.g.: - https://github.com/apache/airflow/issues/32708 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
