cannot install on ubuntu locally (GPG error)

[hadifarnoud]

I tried this many many times on fresh ubuntu 16.04

I try to install it locally on the server and followed instruction carefully. I used 20 profiles and enabled OpenConnect and Shadowsocks only. I also did add FQDN.

the installer stops at this error:

TASK [gpg : Ensure a GPG agent is running] *********************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["gpgconf", "--launch", "gpg-agent"], "delta": "0:00:08.361830", "end": "2019-08-08 22:44:43.606898", "msg": "non-zero return code", "rc": 1, "start": "2019-08-08 22:44:35.245068", "stderr": "gpgconf: error running '/usr/bin/gpg-connect-agent': exit status 1\ngpgconf: error running '/usr/bin/gpg-connect-agent NOP': General error", "stderr_lines": ["gpgconf: error running '/usr/bin/gpg-connect-agent': exit status 1", "gpgconf: error running '/usr/bin/gpg-connect-agent NOP': General error"], "stdout": "", "stdout_lines": []}

[qdzlug]

Hi,

I encountered this today when I was also installing locally on Ubuntu 16.04. I dug in a bit and the issue seemed to be related to where GNUPG was trying to write it's temporary files. I was doing this while logged in as ubuntu and sudo'd over to root via sudo -s.

The fix that worked for me was to - in this root sudo session - to export HOME=/root and then re-run the process. If this doesn't work (and it still has issues with GPG) I would recommend running the problematic command directly to see what errors are reported.

Cheers,

Jay

[hadifarnoud]

I've no idea how to fix this or what command I have to run before running ./streisand

[nopdotcom]

@qdzlug -- thanks for the HOME catch. I'll take a look at the GPG code a little more. Getting /root and $HOME mixed up doesn't matter for most installs.

If you're having problems with $HOME, try running the whole Streisand install as root. To get a root shell:

$ sudo -i
Password:
# pwd
/root
# git clone https://github.com/StreisandEffect/streisand.git
...

Looking at this situation, it's unclear to me how non-uid-0 localhost installs were ever reliable. Inside the Ansible run, sudo is being run for every stanza, right? The installer stops and prompts a few times. If you step away from the install for long enough, sudo's timer expires, and wants you to type your password again--but you can't, since Ansible's in a non-interactive mode, so the run bombs out. I think ./streisand needs to be modified to require --ask-become-pass for localhost installs, or we require ./streisand runs as uid 0.

"What's in the environment" is a separate issue.

Finally:

Hey, folks? We generate streisand-diagnostics.md for a reason. Please include it in bug reports.

[hadifarnoud]

### Ansible Information

* Ansible version: 2.8.0
* Ansible system: Linux
* Host OS: Ubuntu
* Host OS version:  16.04
* Python interpreter: /usr/bin/python
* Python version: 2.7.12

### Streisand Information

* Streisand Git revision: 9da427d917e811410952335fe82f822646a506ec
* Streisand Git clone has untracked changes: no
* Genesis role: localhost
* Custom SSH key: False

### Enabled Roles

* Shadowsocks enabled:  True
* Wireguard enabled: False
* OpenVPN enabled: False
* stunnel enabled: False
* Tor enabled: False
* Openconnect enabled: True
* TinyProxy enabled: False
* SSH forward user enabled: True
* Configured number of VPN clients: 5

[hadifarnoud]

running sudo -i and then the rest of commands but:

./util/venv-dependencies.sh ./venv

....
Collecting wrapt>=1.7.0 (from debtcollector>=1.2.0->oslo.utils>=2.0.0->python-novaclient==2.27.0->pyrax->-r requirements.txt (line 34))
Collecting os-service-types>=1.2.0 (from keystoneauth1>=3.4.0->python-keystoneclient>=1.6.0->python-novaclient==2.27.0->pyrax->-r requirements.txt (line 34))
  Using cached https://files.pythonhosted.org/packages/10/2d/318b2b631f68e0fc221ba8f45d163bf810cdb795cf242fe85ad3e5d45639/os_service_types-1.7.0-py2.py3-none-any.whl
Collecting rfc3986>=1.2.0 (from oslo.config>=5.2.0->python-keystoneclient>=1.6.0->python-novaclient==2.27.0->pyrax->-r requirements.txt (line 34))
  Using cached https://files.pythonhosted.org/packages/00/8d/9d56bfe43997f1864fe0891be69bc239ded98e69c9f56eb9eaa5b1789660/rfc3986-1.3.2-py2.py3-none-any.whl
ERROR: os-service-types 1.7.0 has requirement pbr!=2.1.0,>=2.0.0, but you'll have pbr 1.10.0 which is incompatible.
ERROR: python-keystoneclient 3.20.0 has requirement pbr!=2.1.0,>=2.0.0, but you'll have pbr 1.10.0 which is incompatible.
ERROR: oslo-i18n 3.23.1 has requirement pbr!=2.1.0,>=2.0.0, but you'll have pbr 1.10.0 which is incompatible.
ERROR: oslo-utils 3.41.0 has requirement pbr!=2.1.0,>=2.0.0, but you'll have pbr 1.10.0 which is incompatible.
ERROR: stevedore 1.30.1 has requirement pbr!=2.1.0,>=2.0.0, but you'll have pbr 1.10.0 which is incompatible.
ERROR: oslo-serialization 2.29.1 has requirement pbr!=2.1.0,>=2.0.0, but you'll have pbr 1.10.0 which is incompatible.
ERROR: debtcollector 1.21.0 has requirement pbr!=2.1.0,>=2.0.0, but you'll have pbr 1.10.0 which is incompatible.
ERROR: keystoneauth1 3.16.0 has requirement pbr!=2.1.0,>=2.0.0, but you'll have pbr 1.10.0 which is incompatible.
Installing collected packages: enum34, pycparser, cffi, six, asn1crypto, ipaddress, cryptography, MarkupSafe, jinja2, P
....

and then later in setup I got this error:

TASK [streisand-gateway : Ensure that all of the files in the Gateway have the proper permissions] *************************************************************************************************************
changed: [localhost]
 [WARNING]: flush_handlers task does not support when conditional

RUNNING HANDLER [dnsmasq : Restart dnsmasq] ********************************************************************************************************************************************************************
changed: [localhost]

TASK [streisand-gateway : Success!] ****************************************************************************************************************************************************************************
[streisand-gateway : Success!]
Server setup is complete. The `s1-2-uk1.html` instructions file in the generated-docs folder is ready to give to friends, family members, and fellow activists. Press Enter to continue.:
ok: [localhost]

TASK [streisand-gateway : Attempt to open the instructions on Linux (if applicable). Errors in this task are ignored because the `xdg-open` command is not always available.] **********************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["xdg-open", "../generated-docs/s1-2-uk1.html"], "delta": "0:00:00.148014", "end": "2019-08-15 19:07:28.421202", "msg": "non-zero return code", "rc": 3, "start": "2019-08-15 19:07:28.273188", "stderr": "Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/%{ <-- HERE (.*?)}/ at /usr/bin/run-mailcap line 528.\nCouldn't find a suitable web browser!\nSet the BROWSER environment variable to your desired browser.\nWarning: program returned non-zero exit code #1\n/usr/bin/xdg-open: 778: /usr/bin/xdg-open: www-browser: not found\n/usr/bin/xdg-open: 778: /usr/bin/xdg-open: links2: not found\n/usr/bin/xdg-open: 778: /usr/bin/xdg-open: elinks: not found\n/usr/bin/xdg-open: 778: /usr/bin/xdg-open: links: not found\n/usr/bin/xdg-open: 778: /usr/bin/xdg-open: lynx: not found\n/usr/bin/xdg-open: 778: /usr/bin/xdg-open: w3m: not found\nxdg-open: no method available for opening '../generated-docs/s1-2-uk1.html'", "stderr_lines": ["Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/%{ <-- HERE (.*?)}/ at /usr/bin/run-mailcap line 528.", "Couldn't find a suitable web browser!", "Set the BROWSER environment variable to your desired browser.", "Warning: program returned non-zero exit code #1", "/usr/bin/xdg-open: 778: /usr/bin/xdg-open: www-browser: not found", "/usr/bin/xdg-open: 778: /usr/bin/xdg-open: links2: not found", "/usr/bin/xdg-open: 778: /usr/bin/xdg-open: elinks: not found", "/usr/bin/xdg-open: 778: /usr/bin/xdg-open: links: not found", "/usr/bin/xdg-open: 778: /usr/bin/xdg-open: lynx: not found", "/usr/bin/xdg-open: 778: /usr/bin/xdg-open: w3m: not found", "xdg-open: no method available for opening '../generated-docs/s1-2-uk1.html'"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [streisand-gateway : Open the instructions on macOS (if applicable)] **************************************************************************************************************************************
skipping: [localhost]
PLAY RECAP *****************************************************************************************************************************************************************************************************
localhost                  : ok=225  changed=76   unreachable=0    failed=0    skipped=167  rescued=1    ignored=1

Ansible Information

• Ansible version: 2.8.0
• Ansible system: Linux
• Host OS: Ubuntu
• Host OS version: 16.04
• Python interpreter: /usr/bin/python
• Python version: 2.7.12

Streisand Information

• Streisand Git revision: 15bbbccfbb4b5af83a68a56b959fc2211443189d
• Streisand Git clone has untracked changes: no
• Genesis role: localhost
• Custom SSH key: False

Enabled Roles

• Shadowsocks enabled: True
• Wireguard enabled: False
• OpenVPN enabled: False
• stunnel enabled: False
• Tor enabled: False
• Openconnect enabled: True
• TinyProxy enabled: False
• SSH forward user enabled: False
• Configured number of VPN clients: 20

[astromasoud]

I'm having issues with GPG refresh timeouts, too, on CentOS and Ubuntu both on local test VM and on my VPS. I first tried a week ago Installing Streisand on a local VM running CentOS 7 but the GPG failed after 10 retries; tho the first times it worked but failed at later steps!

So I decided to try it on Ubuntu so a few days ago I tried installing it on a local VM running Ubuntu 18.04, but again it failed after 10 retries to get GPG keys! Then I said maybe my Internet provider has an issue so I did a fresh install of Ubuntu 18.04 on my VPS and installed all the dependencies as the installation instructions... Again it times out during the GPG steps but this time at "Wait for the GPG agent and dirmngr control sockets"!

I've even tried changing "hkps://gpg.mozilla.org" to hkp://gpg.mozilla.org or other GPG servers but nothing changed. I've also removed Streisand and cloned it again numerous times with no success and I sure am running it as the root user inside a location with complete root access. Any idea?

gpg (GnuPG) 2.2.4
libgcrypt 1.8.1

TASK [gpg : Install GnuPG 2, dirmngr and gpgv2] *********************************************************************
ok: [localhost]

TASK [gpg : Create the GPG directory] *******************************************************************************
ok: [localhost]

TASK [gpg : Create the Streisand GPG directory] *********************************************************************
ok: [localhost]

TASK [gpg : Create the Streisand GPG keys directory] ****************************************************************
ok: [localhost]

TASK [gpg : Write the Streisand GPG dirmngr config] *****************************************************************
ok: [localhost]

TASK [gpg : Ensure a GPG agent is running] **************************************************************************
changed: [localhost]

TASK [gpg : Reload gpg-agent to pick up configuration changes] ******************************************************
changed: [localhost]

TASK [gpg : Kill any existing dirmngr] ******************************************************************************
changed: [localhost]

TASK [gpg : Start a new dirmngr with our config changes] ************************************************************
changed: [localhost]

TASK [gpg : Wait for the GPG agent and dirmngr control sockets] *****************************************************
failed: [localhost] (item=S.dirmngr) => {"ansible_loop_var": "item", "changed": false, "elapsed": 60, "item": "S.dirmngr", "msg": "Timeout when waiting for file /root/.gnupg/S.dirmngr"}
failed: [localhost] (item=S.gpg-agent) => {"ansible_loop_var": "item", "changed": false, "elapsed": 60, "item": "S.gpg-agent", "msg": "Timeout when waiting for file /root/.gnupg/S.gpg-agent"}

PLAY RECAP **********************************************************************************************************
localhost                  : ok=42   changed=9    unreachable=0    failed=1    skipped=14   rescued=0    ignored=0

streisand_ssh_private_key: "~/.ssh/id_rsa"
vpn_clients: 5
streisand_openconnect_enabled: yes
streisand_openvpn_enabled: yes
streisand_shadowsocks_enabled: yes
streisand_shadowsocks_v2ray_enabled: yes
streisand_ssh_forward_enabled: no
streisand_sshuttle_enabled: no
streisand_stunnel_enabled: no
streisand_tinyproxy_enabled: no
streisand_tor_enabled: no
streisand_wireguard_enabled: yes
streisand_cloudflared_enabled: yes

[mfat]

I have the same issue.

[viktortsarevskiy]

Well, I think I found how fix it:

1. connect to your server as root
2. Create 2 directory in /root/.gnupg/:

   cd /root/.gnupg/
   mkdir S.dirmngr
   mkdir S.gpg-agent