-
-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPG key verification failed #16
Comments
It's skipping because you probably have rvm already installed. Right now the task is only set to run when rvm has not been detected so it doesn't keep trying to verify the key on every run. For now you have 3 options:
|
Im having the same issue and none of the 3 options worked out. |
@IgnacioM try running on the box: curl -#LO https://rvm.io/mpapis.asc && gpg --import mpapis.asc |
+1 It made this recipe unusable for me. It fails to work after the initial run. |
@nickjj maybe remove the restrain to update keys only when installing? |
I have the same issue. Logging into the box and running the failed command manually works without problem: "/usr/local/lib/rvm/bin/rvm get stable && /usr/local/lib/rvm/bin/rvm reload" Checking with gpg, the key is where it should be. Trying to reproduce it more closely to what the output suggests but without ansible command python:
That works well, and after this the "Update rvm" works as well... Otherwise, the solution right now seems to be to set the option:
|
@mpapis If I remove that then it's going to run on every run hmm. Your recommendation should work but I really wonder what the root cause is. Is there anything patched into rvm itself that could cause a conflict? I'd be curious how you guys are removing rvm to let the role re-install rvm so the newest version is in place. It passes on Travis with a fresh install. @fiddur The exact situation happening here is:
I'm really really surprised that running |
it should be run when you install or update rvm, not just on first install |
Ok, that changes everything then. Since the code base was modified to run get && reload all the time then the gpg check needs to happen. I'll implement your suggestion and push a new build soon. I thought it only needed to happen once and then it was in your chain for the life of the machine. |
indeed I thought this way too, but if you have older RVM and try to rerun then your 1) do not have the key and 2) RVM needs the key to verify signatures |
If someone can verify it works for them that would be great, I'll close the ticket after we get 1 verification. Edit: |
v.1.3.2 failed with: I was able to fix this by changing line 32 of rvm.yml to: |
I am getting the same error as @wcleveland got. Downgrading to 1.3.1 helps. |
If you do It still fails tho. |
You may want to change line 32 of rvm.yml to: This will take care of both the undefined condition and the empty string. Since "and" short circuits on a false condition, the empty string conditional will not cause an exception. I tested the change by commenting out the initial value in default/main.yml to force an undefined condition and later set the key value to '' and empty (ie. "rvm1_gpg_keys: ") to test the defined but empty condition. |
@wcleveland Yeah that would be fine. I tend not to bother with What happens when you re-run the role? I noticed it was failing on travis when it does an idempotency check. I just haven't had a chance to really look into the cause yet. |
@wcleveland and I have both come to the same conclusion here: line 32 is wrong in the role downloaded from Ansible Galaxy, but the code base here is fine. You need to re-sync this repository with Ansible Galaxy to resolve this issue, @nickjj |
As a second comment to this, after some thought, you could (should?) be using default values here, such as: - name: Import GPG keys
command: 'gpg --keyserver {{ rvm1_gpg_key_server | default("hkp://keys.gnupg.net") }} --recv-keys {{ rvm1_gpg_keys | default("D39DC0E3") }}'
changed_when: False
when: rvm1_gpg_keys != '' This is instead of relaying on the defaults/main.yml file being in place. It also allows you to remove the 'when:' clause entirely. |
Hmm, what's on master now failed on Travis last week but I did finally get a chance to set it up locally and it's passing on Debian. I guess it was just a fluke fail because it only failed when re-running the role in hopes to get 0 changes. Maybe a new version of rvm was pushed in between test runs. It's all passing now, @mrcrilly The defaults/main.yml should always be in place unless you forked the role and decided to remove it. Part of the reason for that file existing is so that you don't have to spread default variables around in different areas of your role. Thanks for the feedback guys, this issue should be buried. |
I'm still having this issue on a clean box that doesn't have RVM installed or ruby installed at all. I manually pulled down the keys running the gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3 commands for both root and my other user. I get this:
This is on a clean server. Another server I already have this installed on works fine - I can rerun the role and it goes through and checks okay, I can also run the command and it gives the output above. |
I updated to version 1.3.1 of the playbook, but I am still receiving this error within Vagrant. Seems the "Import GPG keys" task is not running
The text was updated successfully, but these errors were encountered: