Skip to content

add --no-tty option to gpg#669

Merged
OddBloke merged 6 commits into
canonical:masterfrom
riedel:gpg--no-tty
Nov 17, 2020
Merged

add --no-tty option to gpg#669
OddBloke merged 6 commits into
canonical:masterfrom
riedel:gpg--no-tty

Conversation

@riedel
Copy link
Copy Markdown
Contributor

@riedel riedel commented Nov 17, 2020
edited
Loading

Proposed Commit Message

Make sure the gpg works even if VM provides no /dev/tty (e.g. debian cloud init)

LP:#1813396

Additional Context

fixes https://bugs.launchpad.net/cloud-init/+bug/1813396

Test Steps

on a VM without a terminal mounted as /dev/tty define an external keyserver such used for docker

apt:
  sources:
   docker:
     source: 'deb [arch=amd64] https://download.docker.com/linux/debian stretch stable'
     keyserver: keyserver.ubuntu.com
     keyid: 0EBFCD88

Checklist:

  • My code follows the process laid out in the documentation
  • I have updated or added any unit tests accordingly
  • I have updated or added any documentation accordingly

OddBloke
OddBloke reviewed Nov 17, 2020
View reviewed changes
Copy link
Copy Markdown
Collaborator

@OddBloke OddBloke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @riedel, thanks for the submission! This is definitely a fix we want.

Do you know what messages go to /dev/tty by default? Are we losing anything on systems with /dev/tty by passing --no-tty?

@riedel
Copy link
Copy Markdown
Contributor Author

riedel commented Nov 17, 2020
edited
Loading

The tty is normally used for the interactive parts (like prompts). However, here only recv-keys is needed and even only for custom apt repos. From what I can see there are no side effects at all. In https://github.com/gpg/gnupg/blob/6a4443c8425fd548020553b22d5a16ffad98371f/g10/keyserver.c#L1081 I see only logging stuff, which actually need no tty, which is only part of the interactive stuff here: https://github.com/gpg/gnupg/blob/6a4443c8425fd548020553b22d5a16ffad98371f/g10/keyserver.c#L733.

All that verbose logging of gpg still seems to work fine.

>gpg --no-tty --keyserver keyserver.ubuntu.com --recv-keys 0EBFCD88

gpg: requesting key 0EBFCD88 from hkp server keyserver.ubuntu.com
gpg: key 0EBFCD88: public key "Docker Release (CE deb) <docker@docker.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

or an error case:

>gpg --no-tty --keyserver keyserver.ubuntu.com --recv-keys 0FBFCD88

gpg: requesting key 0FBFCD88 from hkp server keyserver.ubuntu.com
gpgkeys: key 0FBFCD88 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: key not found
gpg: keyserver communications error: bad public key
gpg: keyserver receive failed: bad public key

don't look any different.

OddBloke
OddBloke approved these changes Nov 17, 2020
View reviewed changes
Copy link
Copy Markdown
Collaborator

@OddBloke OddBloke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, thank you for the detailed explanation! I'm going to push a commit to your branch to alphabetise .github-cla-signers, then this can land.

@OddBloke OddBloke merged commit a925b5a into canonical:master Nov 17, 2020
@TheRealFalcon TheRealFalcon mentioned this pull request Dec 9, 2020
Merged
3 tasks
OddBloke pushed a commit that referenced this pull request Dec 10, 2020
@TheRealFalcon
Integration test for LP: #1813396 and #669 (#719)
97bfd21 
Ensure gpg is called with --no-tty flag.

Also, refactored the "ordered_items_in_text" to assert if the line
is missing and provide a more useful error message.
This was referenced May 12, 2023
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@OddBloke OddBloke OddBloke approved these changes

@igalic igalic igalic approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@riedel @OddBloke @igalic