Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update readme to fix instructions for gpg #126

Merged
merged 1 commit into from
Nov 14, 2018
Merged

update readme to fix instructions for gpg #126

merged 1 commit into from
Nov 14, 2018

Conversation

antonmos
Copy link
Contributor

Something changed in recent version of the libraries within openjdk:8-jdk-slim docker image and now the existing steps were failing with erro gpg: cannot open '/dev/tty': No such device or address.

tianon
tianon reviewed Nov 14, 2018
View reviewed changes
README.md Outdated
RUN gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
&& gpg --verify /tini.asc
RUN gpg --no-tty --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
&& gpg --no-tty --verify /tini.asc
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the discussion over in https://bugs.debian.org/913614: TLDR is that this should be --batch, not --no-tty.

@antonmos @krallin
update readme to fix instructions for gpg
6ece2eb 
Something changed in recent version of the libraries within
openjdk:8-jdk-slim docker image and now the existing steps were failing
with erro `gpg: cannot open '/dev/tty': No such device or address`.
@krallin
Copy link
Owner

krallin commented Nov 14, 2018

Thanks @antonmos for reporting the issue, and thanks @tianon for suggesting --batch!

@antonmos: I updated your PR to use --batch accordingly

@krallin krallin merged commit 09bb1fa into krallin:master Nov 14, 2018
@antonmos antonmos deleted the patch-1 branch November 16, 2018 16:18
@antonmos
Copy link
Contributor Author

I just tried it with --batch and it failed:

gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
key 9A84159D7001A4E5:
1 signature not checked due to a missing key
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 9A84159D7001A4E5: public key "Thomas Orozco <thomas@orozco.fr>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no signed data
gpg: can't hash datafile: No data
The command '/bin/sh -c apt-get update  && apt-get install gnupg -y  && gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7  && gpg --batch --verify /tini.asc' returned a non-zero code: 2

Per the last message in the debian bug it seems that --no-tty is the recommended solution

@antonmos antonmos mentioned this pull request Nov 16, 2018
Merged
@yosifkit
Copy link

yosifkit commented Nov 16, 2018
edited
Loading

@antonmos, it look like you forgot to download tini, since the error is: gpg: can't hash datafile: No data

@antonmos
Copy link
Contributor Author

antonmos commented Nov 16, 2018
edited
Loading

My Dockefile is unchanged other than changing from --batch to --no-tty. Please see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913614#40 for more info.

@yosifkit
Copy link

It looks like the problem is that /tini needs to be added to the verify line now that it is in batch mode. Plus it is a good idea to always do so. From the man page:

Note: If the option --batch is not used, gpg may assume that a single
argument is a file with a detached signature, and it will try to find a
matching data file by stripping certain suffixes. Using this historical
feature to verify a detached signature is strongly discouraged; you
should always specify the data file explicitly.

@antonmos
Copy link
Contributor Author

For the life of me, i cant find where the man page explains how to "specify the data file explicitly". @yosifkit any idea?

@antonmos
Copy link
Contributor Author

For the life of me, i cant find where the man page explains how to "specify the data file explicitly". @yosifkit any idea?

Never mind, figured it out. Updating the new PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tianon tianon tianon left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@antonmos @krallin @yosifkit @tianon