Error importing keys, related to `gpg` commands

[mmolinac]

Hi all,

Lately, when running rvm.ruby in one of our playbooks, we got these messages:

TASK [rvm.ruby : Import GPG keys] ***************************************************************************************
FAILED - RETRYING: Import GPG keys (5 retries left).
FAILED - RETRYING: Import GPG keys (4 retries left).
FAILED - RETRYING: Import GPG keys (3 retries left).
FAILED - RETRYING: Import GPG keys (2 retries left).
FAILED - RETRYING: Import GPG keys (1 retries left).
fatal: [staging03]: FAILED! => {"attempts": 5, "changed": false, "cmd": ["gpg", "--keyserver", "hkp://keys.gnupg.net", "--recv-keys", "409B6B1796C275462A1703113804BB82D39DC0E3", "7D2BAF1CF37B13E2069D6956105BD0E739499BDB"], "delta": "0:00:00.467510", "end": "2018-12-14 11:11:19.042576", "msg": "non-zero return code", "rc": 2, "start": "2018-12-14 11:11:18.575066", "stderr": "gpg: cannot open '/dev/tty': No such device or address", "stderr_lines": ["gpg: cannot open '/dev/tty': No such device or address"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [rvm.ruby : Import GPG keys the other way] *************************************************************************
 [WARNING]: Consider using the get_url or uri module rather than running curl.  If you need to use command because
get_url or uri is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg
to get rid of this message.

fatal: [staging03]: FAILED! => {"changed": true, "cmd": "curl -sSL https://rvm.io/mpapis.asc | gpg --import -", "delta": "0:00:00.133496", "end": "2018-12-14 11:11:19.375475", "msg": "non-zero return code", "rc": 2, "start": "2018-12-14 11:11:19.241979", "stderr": "gpg: cannot open '/dev/tty': No such device or address", "stderr_lines": ["gpg: cannot open '/dev/tty': No such device or address"], "stdout": "", "stdout_lines": []}

The message: "gpg: cannot open '/dev/tty': No such device or address"

I'll give you details about our installation:

Ansible version:

ansible 2.7.5
  config file = None
  configured module search path = ['/Users/mmolinac/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/2.7.5/libexec/lib/python3.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.7.1 (default, Nov  6 2018, 18:46:03) [Clang 10.0.0 (clang-1000.11.45.5)]

Server versions:

$ cat /etc/debian_version 
9.6

vagrant@staging03:~$ uname -a
Linux staging03 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux

vagrant@staging03:~$ gpg --version
gpg (GnuPG) 2.1.18
libgcrypt 1.7.6-beta
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/vagrant/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

[xacaxulu]

+1

[zz9pzza]

As I said on #186 "Doing gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB as the user that is rvm is being installed as allows the ansible run to complete. "

Head of master currently doesn't work for me on debian 9 installing rvm as a non root user. ( Without doing that command as the approriate user )

( Thank you for the work you are doing btw )

[NuckChorris]

@pkuczynski Any chance we could get a release of this fix onto Ansible Galaxy?

Also I think #185 missed a necessary fix here:

https://github.com/rvm/rvm1-ansible/blob/master/tasks/rvm.yml#L35-L37

Thankfully I think this step is generally skipped in favor of the gpg2-builtin download, but this should probably be changed to reference your key too nonetheless

[pkuczynski]

I just added #189, but I am not a heavy ansible user. Can anyone confirm it's correct syntax?

[pkuczynski]

@NuckChorris I do not control Ansible account. Trying to reach @lpaulmp but have not succeded so far :(

[lpaulmp]

Hey sorry guy I lost over the weekend, I haven't installed slack in my phone :(

[pkuczynski]

I just approached a release of the new version 2.1.0 following @lpaulmp suggestions. Let's see if that works...

[ghost]

I still have the issue on 2.1.1

[zz9pzza]

fatal: [localhost]: FAILED! => {"changed": true, "cmd": "/tmp/rvm-installer.sh stable --path ~/.rvm --auto-dotfiles --user-install", "delta": "0:00:01.079891", "end": "2018-12-18 22:08:40.585726", "msg": "non-zero return code", "rc": 2, "start": "2018-12-18 22:08:39.505835", "stderr": "gpg: Signature made Thu 13 Dec 2018 03:09:53 PM UTC\ngpg: using RSA key 7D2BAF1CF37B13E2069D6956105BD0E739499BDB\ngpg: Can't check signature: No public key", "stderr_lines": ["gpg: Signature made Thu 13 Dec 2018 03:09:53 PM UTC", "gpg: using RSA key 7D2BAF1CF37B13E2069D6956105BD0E739499BDB", "gpg: Can't check signature: No public key"], "stdout": "Turning on auto dotfiles mode.\nTurning on user install mode.\nDownloading https://github.com/rvm/rvm/archive/1.29.6.tar.gz\nDownloading https://github.com/rvm/rvm/releases/download/1.29.6/1.29.6.tar.gz.asc\nWarning, RVM 1.26.0 introduces signed releases and automated check of signatures when GPG software found. Assuming you trust Michal Papis import the mpapis public key (downloading the signatures).\n\nGPG signature verification failed for '/home/ao3app/.rvm/archives/rvm-1.29.6.tgz' - 'https://github.com/rvm/rvm/releases/download/1.29.6/1.29.6.tar.gz.asc'! Try to install GPG v2 and then fetch the public key:\n\n sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB\n\nor if it fails:\n\n command curl -sSL https://rvm.io/mpapis.asc | sudo gpg --import -\n command curl -sSL https://rvm.io/pkuczynski.asc | sudo gpg --import -\n\nthe key can be compared with:\n\n https://rvm.io/mpapis.asc or https://keybase.io/mpapis\n https://rvm.io/pkuczynski.asc\n\nNOTE: GPG version 2.1.17 have a bug which cause failures during fetching keys from remote server. Please downgrade or upgrade to newer version (if available) or use the second method described above.", "stdout_lines": ["Turning on auto dotfiles mode.", "Turning on user install mode.", "Downloading https://github.com/rvm/rvm/archive/1.29.6.tar.gz", "Downloading https://github.com/rvm/rvm/releases/download/1.29.6/1.29.6.tar.gz.asc", "Warning, RVM 1.26.0 introduces signed releases and automated check of signatures when GPG software found. Assuming you trust Michal Papis import the mpapis public key (downloading the signatures).", "", "GPG signature verification failed for '/home/ao3app/.rvm/archives/rvm-1.29.6.tgz' - 'https://github.com/rvm/rvm/releases/download/1.29.6/1.29.6.tar.gz.asc'! Try to install GPG v2 and then fetch the public key:", "", " sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB", "", "or if it fails:", "", " command curl -sSL https://rvm.io/mpapis.asc | sudo gpg --import -", " command curl -sSL https://rvm.io/pkuczynski.asc | sudo gpg --import -", "", "the key can be compared with:", "", " https://rvm.io/mpapis.asc or https://keybase.io/mpapis", " https://rvm.io/pkuczynski.asc", "", "NOTE: GPG version 2.1.17 have a bug which cause failures during fetching keys from remote server. Please downgrade or upgrade to newer version (if available) or use the second method described above."]}

[tanist-johnlewis]

I have the exact same issue as above, which has not been answered, but has been closed. Fingers in ears not listening or is there actually a solution? Getting expensive now...

[ghost]

@tanist-johnlewis this workaround is still the way to go.