`make dev` fails when retrieving Mozilla's GPG key

[emkll]

Description

Initially reported by @creviera and @kushaldas , the container build fails due to an error when retrieving the Mozilla Firefox release key:

Step 9/19 : RUN curl -LO https://ftp.mozilla.org/pub/firefox/releases/${FF_ESR_VER}/linux-x86_64/en-US/firefox-${FF_ESR_VER}.tar.bz2 &&     curl -LO https://ftp.mozilla.org/pub/firefox/releases/${FF_ESR_VER}/linux-x86_64/en-US/firefox-${FF_ESR_VER}.tar.bz2.asc &&     gpg --recv-key --keyserver gpg.mozilla.org 0x61B7B526D98F0353 &&     gpg --verify firefox-${FF_ESR_VER}.tar.bz2.asc &&     tar xjf firefox-*.tar.bz2 &&     mv firefox /usr/bin &&     paxctl -cm /usr/bin/firefox/firefox
 ---> Running in a6c768eebb50
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0 66 51.0M   66 33.6M    0     0  27.1M      0  0:00:01  0:00:01 --:--:-- 27.1M100 51.0M  100 51.0M    0     0  36.1M      0  0:00:01  0:00:01 --:--:-- 36.1M
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100   836  100   836    0     0   2131      0 --:--:-- --:--:-- --:--:--  2132
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key D98F0353 from hkp server gpg.mozilla.org
gpgkeys: key 61B7B526D98F0353 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm
The command '/bin/sh -c curl -LO https://ftp.mozilla.org/pub/firefox/releases/${FF_ESR_VER}/linux-x86_64/en-US/firefox-${FF_ESR_VER}.tar.bz2 &&     curl -LO https://ftp.mozilla.org/pub/firefox/releases/${FF_ESR_VER}/linux-x86_64/en-US/firefox-${FF_ESR_VER}.tar.bz2.asc &&     gpg --recv-key --keyserver gpg.mozilla.org 0x61B7B526D98F0353 &&     gpg --verify firefox-${FF_ESR_VER}.tar.bz2.asc &&     tar xjf firefox-*.tar.bz2 &&     mv firefox /usr/bin &&     paxctl -cm /usr/bin/firefox/firefox' returned a non-zero code: 2

Exited with code exit status 2

Steps to Reproduce

• Delete local Docker cache
• make dev
• observe container build completes without error

Expected Behavior

The dev container build should complete without error

Actual Behavior

See nightly CI job, Build Docker images step https://app.circleci.com/pipelines/github/freedomofpress/securedrop/830/workflows/0c1dca1d-5646-41c7-9318-f3c750cebba0/jobs/43792

Comments

Replaces gpg.mozilla.org with keys.gnupg.net reslves locally

[conorsch]

Replaces gpg.mozilla.org with keys.gnupg.net resolves locally

Slight preference for hkps://keys.openpgp.org if it's there, otherwise fetching via HTTPS is fine too. During standup, @rmol offered to take a look at this.

In addition to #5471, we need to resolve this to unbreak CI.