Details
-
Bug
-
Resolution: Done
-
Critical
-
None
-
2.4
-
False
-
-
False
-
Important
Description
Description
When using a key with passphrase for enabling the `signing service` on HUB side, you will see the following error regarding the pinentry ( full traceback will be attached to the issue):
Traceback (most recent call last): ... ... ... File "/usr/lib/python3.9/site-packages/pulpcore/app/models/content.py", line 807, in sign raise RuntimeError(str(completed_process.stderr)) RuntimeError: b'gpg: signing failed: No pinentry\ngpg: signing failed: No pinentry\n'
Traceback (most recent call last): ... ... ... File "/usr/lib/python3.9/site-packages/pulpcore/app/models/content.py", line 807, in sign raise RuntimeError(str(completed_process.stderr)) RuntimeError: b'time="2023-06-29T16:26:58Z" level=fatal msg="Error creating signature: No pinentry"\n'
Key Dependency Versions
{ "versions": [ { "component": "core", "version": "3.23.2", "package": "pulpcore", "domain_compatible": true }, { "component": "container", "version": "2.14.5", "package": "pulp-container", "domain_compatible": false }, { "component": "ansible", "version": "0.17.0", "package": "pulp-ansible", "domain_compatible": false }, { "component": "galaxy", "version": "4.7.1", "package": "galaxy-ng", "domain_compatible": false } ],
Steps to Reproduce
- Create the secret with the keys: https://github.com/pulp/pulp-operator/blob/main/.ci/assets/kubernetes/galaxy_sign.secret.yaml
- Create the configmap with the script: https://github.com/pulp/pulp-operator/blob/main/.ci/assets/kubernetes/signing_scripts.configmap.yaml
- Set both secret and script names on Hub CR: https://github.com/pulp/pulp-operator/blob/main/config/samples/galaxy.yaml#L13-L14
- Set both signing service names:
galaxy_collection_signing_service: ansible-default galaxy_container_signing_service: container-default
Actual Behavior
Signing service is not enabled due to not being able to decrypt the key with passphrase.
Expected Behavior
Signing service should be able to be enabled.
Ps.. I've the assumption that adding the pinentry package into the EE would fix the issue.
https://unix.stackexchange.com/questions/671284/gpg-cant-decrypt-no-pinentry-program
Attachments
Issue Links
- mentioned on