[lxc-devel] lxc-create using download template errors out in GPG validation on openSUSE MicroOS with read-only filesystem

Johannes Kastl kastl at b1-systems.de
Tue Jun 30 17:22:44 UTC 2020 

Hi guys,

I tried to use the latest LXC 4.0.x package from openSUSE on a machine with
openSUSE MicroOS.

Basically MicroOS is a openSUSE Tumbleweed installed with a read-only root file
system.

For some reason it errors out in the GPG validation step.

This one fails:
> lxc-create -n testcontainer -B btrfs -t download -- -d centos -r 7 -a x86_64

This one succeeds:
> lxc-create -n testcontainer -B btrfs -t download -- -d centos -r 7 -a x86_64 --no-validate

I traced it down to this command:
> https://github.com/lxc/lxc/blob/master/templates/lxc-download.in#L137

>   echo "Setting up the GPG keyring"
> 
>   mkdir -p "${DOWNLOAD_TEMP}/gpg"
>   chmod 700 "${DOWNLOAD_TEMP}/gpg"
>   export GNUPGHOME="${DOWNLOAD_TEMP}/gpg"
> 
>   success=
>   for _ in $(seq 3); do
>     if $(gpg --keyserver "${DOWNLOAD_KEYSERVER}" ${DOWNLOAD_GPG_PROXY:-} \
>       --recv-keys "${DOWNLOAD_KEYID}" >/dev/null 2>&1); then
>       success=1
>       break
>     fi
>     break
>   done
> 
>   if [ -z "${success}" ]; then
>     echo "ERROR: Unable to fetch GPG key from keyserver"
>     exit 1
>   fi

I created a PR to fix the (IMHO and on first glance) wrong if condition
(https://github.com/lxc/lxc/pull/3468), but the error still persists.

I have created another PR to use the "--receive-keys" options instead of
"--recv-keys":
> https://github.com/lxc/lxc/pull/3469

Otherwise I get the following error (I removed the /dev/null part for debugging):
> Setting up the GPG keyring
> gpg: Note: '--receive-keys' is not considered an option

I did the debugging on a normal Tumbleweed, so I have to still test this on the
MicroOS machine, I will report back. But at least a file containing both changes
worked on my Tumbleweed machine...

Kind Regards,
Johannes

-- 
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: kastl at b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200630/5e637ed1/attachment.sig>

More information about the lxc-devel mailing list