Can'b build image on master branch.

Question

Can'b build image on master branch.

yupitomets opened this issue 3 years ago · 1 comments

I am trying to build a docker image and have following error:

#5 [build  2/11] RUN yum -y update && rm -rf /var/cache/yum/*
#5 sha256:a18e915006ef0c9b3ca52110f578e7d6a2824fae1220d77ed1b98e97047de39f
#5 0.286 Loaded plugins: ovl, priorities
#5 1.897 https://cdn.amazonlinux.com/2/core/2.0/x86_64/0c4b5094bba8d46b07c60e3d85cd8baac5f75d07af6a33086b6d0cd9eb2e13f1/repodata/repomd.xml?instance_id=URLError&region=unknown: [Errno 14] curl#60 - "SSL certificate problem: unable to get local issuer certificate"
#5 1.898 Trying other mirror.
#5 1.898
#5 1.898
#5 1.898  One of the configured repositories failed (Amazon Linux 2 core repository),
#5 1.898  and yum doesn't have enough cached data to continue. At this point the only
#5 1.898  safe thing yum can do is fail. There are a few ways to work "fix" this:
#5 1.898
#5 1.898      1. Contact the upstream for the repository and get them to fix the problem.
#5 1.898
#5 1.898      2. Reconfigure the baseurl/etc. for the repository, to point to a working
#5 1.898         upstream. This is most often useful if you are using a newer
#5 1.898         distribution release than is supported by the repository (and the
#5 1.898         packages for the previous distribution release still work).
#5 1.898
#5 1.898      3. Run the command with the repository temporarily disabled
#5 1.898             yum --disablerepo=amzn2-core ...
#5 1.898
#5 1.898      4. Disable the repository permanently, so yum won't use it by default. Yum
#5 1.898         will then just ignore the repository until you permanently enable it
#5 1.898         again or use --enablerepo for temporary usage:
#5 1.898
#5 1.898             yum-config-manager --disable amzn2-core
#5 1.898         or
#5 1.898             subscription-manager repos --disable=amzn2-core
#5 1.898
#5 1.898      5. Configure the failing repository to be skipped, if it is unavailable.
#5 1.898         Note that yum will try to contact the repo. when it runs most commands,
#5 1.898         so will have to try and fail each time (and thus. yum will be be much
#5 1.898         slower). If it is a very temporary problem though, this is often a nice
#5 1.898         compromise:
#5 1.898
#5 1.898             yum-config-manager --save --setopt=amzn2-core.skip_if_unavailable=true
#5 1.898
#5 1.898 failure: repodata/repomd.xml from amzn2-core: [Errno 256] No more mirrors to try.
#5 1.898 https://cdn.amazonlinux.com/2/core/2.0/x86_64/0c4b5094bba8d46b07c60e3d85cd8baac5f75d07af6a33086b6d0cd9eb2e13f1/repodata/repomd.xml?instance_id=URLError&region=unknown: [Errno 14] curl#60 - "SSL certificate problem: unable to get local issuer certificate"
#5 ERROR: executor failed running [/bin/sh -c yum -y update && rm -rf /var/cache/yum/*]: exit code: 1
------
 > [build  2/11] RUN yum -y update && rm -rf /var/cache/yum/*:
------
executor failed running [/bin/sh -c yum -y update && rm -rf /var/cache/yum/*]: exit code: 1

Answer 1 · 2021-10-28T00:16:25.000Z

Hello, the error message indicates there is certification error SSL certificate problem: unable to get local issuer certificate when the build host tries to talk to https://cdn.amazonlinux.com. This is not something we can fix in this repo. Quick Googling indicates that curl is not able to find trust store, so maybe you need to setup certificate trust store on your build machine to trust certificates from cdn.amazonlinux.com?

I am going to close this issue for now, feel free to re-open if needed.