Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Releasing 7.3.10 fails with gpg: cannot open '/dev/tty': No such device or address #9726

Closed
wadells opened this issue Jan 11, 2022 · 2 comments
Closed

Releasing 7.3.10 fails with gpg: cannot open '/dev/tty': No such device or address #9726

wadells opened this issue Jan 11, 2022 · 2 comments
Assignees
@wadells
Labels
bug release-engineering

Comments

@wadells
Copy link
Contributor

wadells commented Jan 11, 2022

Description

What happened:
@r0mant tried to release 7.3.10 today, but the release automation failed during the publish package step withe the following signature:

# extract signing key\nmkdir -m0700 $GNUPGHOME\necho "$GPG_RPM_SIGNING_ARCHIVE" \| base64 -d \| tar -xzf - -C $GNUPGHOME\nchown -R root:root $GNUPGHOME\n
+ gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
gpg: cannot open '/dev/tty': No such device or address

As seen at https://drone.teleport.dev/gravitational/teleport/9816/1/14

This is the result of #9027 and ports.

What you expected to happen:
I expect releases to run to completion without any infrastructural issues.
@wadells wadells added the bug label Jan 11, 2022
@wadells wadells self-assigned this Jan 11, 2022
@wadells
Copy link
Contributor Author

wadells commented Jan 11, 2022

Somewhat frustratingly, this logic worked when I tested it 22 days ago:

+ # extract signing key\nmkdir -m0700 $GNUPGHOME\necho "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME\nchown -R root:root $GNUPGHOME\n
+ gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
+ rm -rf $GNUPGHOME

https://drone.teleport.dev/gravitational/teleport/9603/1/9

This was referenced Jan 11, 2022
Closed
Closed
Closed
@wadells
Copy link
Contributor Author

wadells commented Jan 11, 2022

Root cause: a preexisting repomd.xml will cause gpg to fail if there isn't a tty available to prompt

I didn't notice this in my testing because the test pass automation never actually pushed the repomd.xml to the live deb repo, and when testing locally, I had a tty available.

The fix is to add --batch --yes to the gpg command:

walt@work:/tmp/rpm$ cat Dockerfile                                                                                                                                                            
from centos:8                                                                                                                                                                                 
copy . /                                                                                                                                                                                      
entrypoint ["bash", "/sign.sh"]                                                                                                                                                               
walt@work:/tmp/rpm$ cat sign.sh                                                                                                                                                               
export GNUPGHOME=/tmp/gnupg                                                                                                                                                                   
mkdir -p -m0700 $GNUPGHOME                                                                                                                                                                    
cat gpg.tar.base64 | base64 -d | tar -xzf - -C $GNUPGHOME                                                                                                                                     
chown -R root:root $GNUPGHOME                                                                                                                                                                 
# rm -f /dev/tty                                                                                                                                                                              
gpg --detach-sign --armor --batch --yes /repomd.xml                                                                                                                                           
echo foo >> /repomd.xml.asc                                                                                                                                                                   
cat /repomd.xml.asc                                                                                                                                                                           
gpg --detach-sign --armor --batch --yes /repomd.xml
cat /repomd.xml.asc
walt@work:/tmp/rpm$ docker build . -t foo && docker run foo
Sending build context to Docker daemon  15.36kB
Step 1/3 : from centos:8
 ---> 300e315adb2f
Step 2/3 : copy . /
 ---> Using cache
 ---> a7b77f192ddb
Step 3/3 : entrypoint ["bash", "/sign.sh"]
 ---> Using cache
 ---> 34cf54673136
Successfully built 34cf54673136
Successfully tagged foo:latest
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEDF6LpWWOMg0bAxF5yH7VOmKCxBEFAmHc4I8ACgkQyH7VOmKC
xBGznBAAxDPfz1JJTzOJydLT6yM7AAYkIcUA49gMUfHs+riXrxmF3inHrsQZqads
Gc53hLPAko/T7vYJesxX3V2RIgIhCjUEmVj17gZMRxshb+675sU4ibUIWVDO+IBo
9G7EHkE7G4u9j/cdJoXxih29KSkulJWWTF6svsIvKIIWAVR4sk921x1lIvbEKYhW
jPxKUk6OI7/1Ckg6qAvjhw0jWcrAjGhXQts/UmqZ6h9SqqZORebXqnuZfCrdLNOi
7rFr9ferLMN8rP6NtcjLN8ihRdxDV/N5MoKkieczfOUckl/ekoc3GGeRvCM5494R
S8YWHqx8z3cmJn3kiVZDV8iZYs3uz4NfR36oCJNDkejYSeMYFRis08GJtEdEeUr8
qPOGHzjmC4uQbPazMY0PxuDB/RO6WDNEMA0oyj/8zPmGwgeSbN7TN5Y49u69wtNj
/rhY/W0r4JVv1aWNHc7TRIlnUsU0Df11kXs+hbsn/bFiApt+N73GWczdnFiZWDJh
cpebGqMpnRlTsxAHtPBBS+MHRA/6CLis3ANYaUQEjwhoycDoNUFcb+C5t/vIfUEZ
rdTexQu6EC5zbA9iKrd9KYdfkXRV4lbRBNVWOLIqxCJAN4LlmF4OGZxekeHBDtKk
u0pu7mjA3/PSrFNwSi41JgpQ4nGYDG4rCLgdn7x3OMpu75j4fbc=
=1k4B
-----END PGP SIGNATURE-----
foo
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEDF6LpWWOMg0bAxF5yH7VOmKCxBEFAmHc4I8ACgkQyH7VOmKC
xBGznBAAxDPfz1JJTzOJydLT6yM7AAYkIcUA49gMUfHs+riXrxmF3inHrsQZqads
Gc53hLPAko/T7vYJesxX3V2RIgIhCjUEmVj17gZMRxshb+675sU4ibUIWVDO+IBo
9G7EHkE7G4u9j/cdJoXxih29KSkulJWWTF6svsIvKIIWAVR4sk921x1lIvbEKYhW
jPxKUk6OI7/1Ckg6qAvjhw0jWcrAjGhXQts/UmqZ6h9SqqZORebXqnuZfCrdLNOi
7rFr9ferLMN8rP6NtcjLN8ihRdxDV/N5MoKkieczfOUckl/ekoc3GGeRvCM5494R
S8YWHqx8z3cmJn3kiVZDV8iZYs3uz4NfR36oCJNDkejYSeMYFRis08GJtEdEeUr8
qPOGHzjmC4uQbPazMY0PxuDB/RO6WDNEMA0oyj/8zPmGwgeSbN7TN5Y49u69wtNj
/rhY/W0r4JVv1aWNHc7TRIlnUsU0Df11kXs+hbsn/bFiApt+N73GWczdnFiZWDJh
cpebGqMpnRlTsxAHtPBBS+MHRA/6CLis3ANYaUQEjwhoycDoNUFcb+C5t/vIfUEZ
rdTexQu6EC5zbA9iKrd9KYdfkXRV4lbRBNVWOLIqxCJAN4LlmF4OGZxekeHBDtKk
u0pu7mjA3/PSrFNwSi41JgpQ4nGYDG4rCLgdn7x3OMpu75j4fbc=
=1k4B
-----END PGP SIGNATURE-----

wadells added a commit that referenced this issue Jan 11, 2022
@wadells
Run gpg in batch mode
eb13be1 
Do not prompt for any reason, especially not if a repomd.xml.asc already
exists when signing repomd.xml. Attempting to prompt (instead of
overwriting) results in publish failures like the following:

  + gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
  gpg: cannot open '/dev/tty': No such device or address

Contributes to #9726.

(cherry picked from commit 0fb71e9)
wadells added a commit that referenced this issue Jan 11, 2022
@wadells
Run gpg in batch mode
acc80ce 
Do not prompt for any reason, especially not if a repomd.xml.asc already
exists when signing repomd.xml. Attempting to prompt (instead of
overwriting) results in publish failures like the following:

  + gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
  gpg: cannot open '/dev/tty': No such device or address

Contributes to #9726.

(cherry picked from commit 0fb71e9)
wadells added a commit that referenced this issue Jan 11, 2022
@wadells
Run gpg in batch mode
4751c28 
Do not prompt for any reason, especially not if a repomd.xml.asc already
exists when signing repomd.xml. Attempting to prompt (instead of
overwriting) results in publish failures like the following:

  + gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
  gpg: cannot open '/dev/tty': No such device or address

Contributes to #9726.

(cherry picked from commit 0fb71e9)
wadells added a commit that referenced this issue Jan 11, 2022
@wadells
Run gpg in batch mode
0fb71e9 
Do not prompt for any reason, especially not if a repomd.xml.asc already
exists when signing repomd.xml. Attempting to prompt (instead of
overwriting) results in publish failures like the following:

  + gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
  gpg: cannot open '/dev/tty': No such device or address

Contributes to #9726.
This was referenced Jan 11, 2022
Merged
Merged
Merged
Merged
wadells added a commit that referenced this issue Jan 12, 2022
@wadells
Run gpg in batch mode (#9728)
e3c6446 
Do not prompt for any reason, especially not if a repomd.xml.asc already
exists when signing repomd.xml. Attempting to prompt (instead of
overwriting) results in publish failures like the following:

  + gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
  gpg: cannot open '/dev/tty': No such device or address

Contributes to #9726.
wadells added a commit that referenced this issue Jan 12, 2022
@wadells
Run gpg in batch mode (#9730)
54112b1 
Do not prompt for any reason, especially not if a repomd.xml.asc already
exists when signing repomd.xml. Attempting to prompt (instead of
overwriting) results in publish failures like the following:

  + gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
  gpg: cannot open '/dev/tty': No such device or address

Contributes to #9726.

(cherry picked from commit 0fb71e9)
wadells added a commit that referenced this issue Jan 12, 2022
@wadells
Run gpg in batch mode (#9731)
413d7ba 
Do not prompt for any reason, especially not if a repomd.xml.asc already
exists when signing repomd.xml. Attempting to prompt (instead of
overwriting) results in publish failures like the following:

  + gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
  gpg: cannot open '/dev/tty': No such device or address

Contributes to #9726.

(cherry picked from commit 0fb71e9)
wadells added a commit that referenced this issue Jan 12, 2022
@wadells
Run gpg in batch mode (#9732)
69a2539 
Do not prompt for any reason, especially not if a repomd.xml.asc already
exists when signing repomd.xml. Attempting to prompt (instead of
overwriting) results in publish failures like the following:

  + gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
  gpg: cannot open '/dev/tty': No such device or address

Contributes to #9726.

(cherry picked from commit 0fb71e9)
@wadells wadells closed this as completed Jan 13, 2022
@wadells wadells mentioned this issue Jan 13, 2022
Closed
3 tasks
@Abacn Abacn mentioned this issue Jul 11, 2023
Closed
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wadells wadells

Labels
bug release-engineering
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wadells