{"id":376,"date":"2019-02-08T11:34:25","date_gmt":"2019-02-08T10:34:25","guid":{"rendered":"https:\/\/floriantischner.net\/blog\/?p=376"},"modified":"2019-02-08T11:34:25","modified_gmt":"2019-02-08T10:34:25","slug":"building-a-gerrit-docker-image-on-ubuntu-1804-basis","status":"publish","type":"post","link":"https:\/\/floriantischner.net\/blog\/2019\/02\/08\/building-a-gerrit-docker-image-on-ubuntu-1804-basis\/","title":{"rendered":"Building a Gerrit docker-image on Ubuntu 18:04-basis"},"content":{"rendered":"\n

I ran into a small problem trying to create a custom Gerrit docker image.<\/p>\n\n\n\n

Gerrit offers a wonderful deb-repository of their releases and even an official docker image. The official docker image is based on Ubuntu 16.04, which is perfectly fine (it’s an LTS-release), but for reasons irrelevant for this blogpost, I wanted to create a custom image based on Ubuntu 18.04. I ran into the following problem during the apt-get update step after adding the relevant key and repository:<\/p>\n\n\n\n

W: GPG error: http:\/\/deb.gerritforge.com gerrit Release: The following signatures were invalid: F0E24DA66FFAA737081E5A7E1FFFAA5E1871F775
 E: The repository 'mirror:\/\/mirrorlist.gerritforge.com\/deb gerrit Release' is not signed.
 The command '\/bin\/sh -c apt-get update' returned a non-zero code: 100<\/pre>\n\n\n\n
The root cause is that Gerrit signs it’s repository using the SHA1-digest, which was declared untrustworthy in Ubuntu 18.04 (it was declared weak in Ubuntu 16.04).<\/p>\n\n\n\n
If you want to re-enable SHA1 (which is a move that potentially weakens your security!), you can add the following line to your dockerfile. It re-classifies SHA1 from untrusted to  weak.<\/p>\n\n\n\n
RUN echo \"APT::Hashes::SHA1::Weak \"yes\";\">\/etc\/apt\/apt.conf.d\/23allowsha1<\/pre>\n","protected":false},"excerpt":{"rendered":"
I ran into a small problem trying to create a custom Gerrit docker image. Gerrit offers a wonderful deb-repository of their releases and even an official docker image. The official docker image is based on Ubuntu 16.04, which is perfectly fine (it’s an LTS-release), but for reasons irrelevant for this blogpost, I wanted to create […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-376","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/posts\/376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/comments?post=376"}],"version-history":[{"count":1,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/posts\/376\/revisions"}],"predecessor-version":[{"id":377,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/posts\/376\/revisions\/377"}],"wp:attachment":[{"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/media?parent=376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/categories?post=376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/floriantischner.net\/blog\/wp-json\/wp\/v2\/tags?post=376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}