snapcraft validate (and possibly other operations requiring gpg passphrases) fail on remote/headless systems
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Snapcraft |
Triaged
|
Medium
|
Unassigned | ||
snapd |
Triaged
|
Medium
|
Samuele Pedroni |
Bug Description
A customer reported (and I was able to reproduce) getting an error when using snapcraft validate.
The key to reproducing (for me at least - still awaiting confirmation from customer) was doing this on a remote headless system. Sounds like gpg is trying to invoke something that isn't present on the system to get the passphrase and then fails. But it seems to happen only when gpg is invoked by snapcraft - so perhaps gpg is detecting something about its running environment or stdin/out redirection when running under snapcraft, and trying to ask for the password differently, and one thing to do would be forcing gpg to ask for the password a different way or something.
To reproduce:
1- ssh into a system that has snapcraft. I used a VM installed from an ubuntu server cloud image.
snapcraft validate allyoursnapareb
Getting details for allyoursnapareb
Signing validations assertion for allyoursnapareb
Error signing validations assertion for allyoursnapareb
The workaround is to first run the gpg command outside of snapcraft, so the key is unlocked:
echo "lalal" > a-file
/usr/bin/gpg --homedir=
then the snapcraft operation succeeds:
snapcraft validate allyoursnapareb
Getting details for allyoursnapareb
Signing validations assertion for allyoursnapareb
snapcraft version
snapcraft, version 4.5.4
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
snap version
snap 2.49
snapd 2.49
series 16
ubuntu 18.04
kernel 4.15.0-136-generic
This is likely related to:
https:/
and:
https:/
from the latter, "there is a known issue with gpg-agent not freeing the lock"
Changed in snapcraft: | |
status: | New → Triaged |
Changed in snapd: | |
assignee: | nobody → Samuele Pedroni (pedronis) |
Changed in snapcraft: | |
importance: | Undecided → Medium |
Changed in snapd: | |
importance: | Undecided → Medium |
status: | New → Triaged |
I have this issue myself when not on a desktop system. This is "snap sign", provided by snapd which probably needs to work without an agent or needs to know how to start one (an implementation detail inside snapd for snapcraft).