[lxc-devel] lxc-create using download template errors out in GPG validation on openSUSE MicroOS with read-only filesystem
Johannes Kastl
kastl at b1-systems.de
Tue Jun 30 17:22:44 UTC 2020
Hi guys,
I tried to use the latest LXC 4.0.x package from openSUSE on a machine with
openSUSE MicroOS.
Basically MicroOS is a openSUSE Tumbleweed installed with a read-only root file
system.
For some reason it errors out in the GPG validation step.
This one fails:
> lxc-create -n testcontainer -B btrfs -t download -- -d centos -r 7 -a x86_64
This one succeeds:
> lxc-create -n testcontainer -B btrfs -t download -- -d centos -r 7 -a x86_64 --no-validate
I traced it down to this command:
> https://github.com/lxc/lxc/blob/master/templates/lxc-download.in#L137
> echo "Setting up the GPG keyring"
>
> mkdir -p "${DOWNLOAD_TEMP}/gpg"
> chmod 700 "${DOWNLOAD_TEMP}/gpg"
> export GNUPGHOME="${DOWNLOAD_TEMP}/gpg"
>
> success=
> for _ in $(seq 3); do
> if $(gpg --keyserver "${DOWNLOAD_KEYSERVER}" ${DOWNLOAD_GPG_PROXY:-} \
> --recv-keys "${DOWNLOAD_KEYID}" >/dev/null 2>&1); then
> success=1
> break
> fi
> break
> done
>
> if [ -z "${success}" ]; then
> echo "ERROR: Unable to fetch GPG key from keyserver"
> exit 1
> fi
I created a PR to fix the (IMHO and on first glance) wrong if condition
(https://github.com/lxc/lxc/pull/3468), but the error still persists.
I have created another PR to use the "--receive-keys" options instead of
"--recv-keys":
> https://github.com/lxc/lxc/pull/3469
Otherwise I get the following error (I removed the /dev/null part for debugging):
> Setting up the GPG keyring
> gpg: Note: '--receive-keys' is not considered an option
I did the debugging on a normal Tumbleweed, so I have to still test this on the
MicroOS machine, I will report back. But at least a file containing both changes
worked on my Tumbleweed machine...
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: kastl at b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200630/5e637ed1/attachment.sig>
More information about the lxc-devel
mailing list