RVM not installed automatically due to signed releases

rvm / rvm1-capistrano3

RVM 1.x Capistrano 3.x integration gem

73 stars 34 forks source link

RVM not installed automatically due to signed releases #49

Open rhomeister opened 9 years ago

rhomeister commented 9 years ago

Installation fails due to missing key. See screenshot below:

mpapis commented 9 years ago

it should be as easy as:

namespace :app do
  task :update_rvm_key do
    execute :gpg, "--keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3"
  end
end
before "rvm1:install:rvm", "app:update_rvm_key"

replace :gpg with :gpg2 depending on the output from RVM, will have to add this to readme

rhomeister commented 9 years ago

Wouldn't it be a better idea to add this to this gem itself? It is meant to install RVM automatically, but this step currently fails because of this failed check. Alternatively, can RVM be installed without verifying the GPG signature?

mpapis commented 9 years ago

I had a look into adding the key installation automatically, it would be best to run it on server from the RVM installation script, but this would bloat the script, I'm thinking on writing extra tool to allow the key installation and signature verification, maybe something that will wrap gpg detection, downloading keys / packages / signatrues, verify everything and eventually run it.

rhomeister commented 9 years ago

Would it be possible to force installation without checking verifying the key? We would basically return to the previous (working) situation .

— Sent from Mailbox

On Mon, Nov 17, 2014 at 3:08 PM, Michal Papis notifications@github.com wrote:

I had a look into adding the key installation automatically, it would be best to run it on server from the RVM installation script, but this would bloat the script, I'm thinking on writing extra tool to allow the key installation and signature verification, maybe something that will wrap gpg detection, downloading keys / packages / signatrues, verify everything and eventually run it.

Reply to this email directly or view it on GitHub: https://github.com/rvm/rvm1-capistrano3/issues/49#issuecomment-63308849

mpapis commented 9 years ago

no there is no flag to skip checking the signatures when GPG software is available, I will be working on the tool to download and run everything in one command ... it might take some time for now use the single addition, I will update README to contain it

rhomeister commented 9 years ago

Thanks. I've added a task to my provisioning scripts to add the gpg key to apt. That'll work for now.

ingolfured commented 9 years ago

Hmm.. I get NoMethodError: undefined methodexecute' for main:Object` and according to this we need to add an on statement like so:

namespace :app do
  task :update_rvm_key do
    on roles :all do 
      execute :gpg, "--keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3"
    end
  end 
end
before "rvm1:install:rvm", "app:update_rvm_key"

and then it works!

mpapis commented 9 years ago

could you open a pull request with your fix (btw. we are looking for contributors / maintainers if you have time & will for it - drop me an email)