Uploaded image for project: 'Automation Hub'
  1. Automation Hub
  2. AAH-2445

Issue when decrypting key with passphrase for enabling signing service ( AoC Azure)

    XMLWordPrintable

Details

    • False
    • Hide

      None

      Show
      None
    • False
    • Important

    Description

      Description

      When using a key with passphrase for enabling the `signing service` on HUB side, you will see the following error regarding the pinentry ( full traceback will be attached to the issue):

      Traceback (most recent call last):
...
...
...
File "/usr/lib/python3.9/site-packages/pulpcore/app/models/content.py", line 807, in sign
    raise RuntimeError(str(completed_process.stderr))
RuntimeError: b'gpg: signing failed: No pinentry\ngpg: signing failed: No pinentry\n'
      Traceback (most recent call last):
...
...
...
File "/usr/lib/python3.9/site-packages/pulpcore/app/models/content.py", line 807, in sign
raise RuntimeError(str(completed_process.stderr))
RuntimeError: b'time="2023-06-29T16:26:58Z" level=fatal msg="Error creating signature: No pinentry"\n'

      Key Dependency Versions

      {
    "versions": [
        {
            "component": "core",
            "version": "3.23.2",
            "package": "pulpcore",
            "domain_compatible": true
        },
        {
            "component": "container",
            "version": "2.14.5",
            "package": "pulp-container",
            "domain_compatible": false
        },
        {
            "component": "ansible",
            "version": "0.17.0",
            "package": "pulp-ansible",
            "domain_compatible": false
        },
        {
            "component": "galaxy",
            "version": "4.7.1",
            "package": "galaxy-ng",
            "domain_compatible": false
        }
    ],

      Steps to Reproduce

      1. Create the secret with the keys: https://github.com/pulp/pulp-operator/blob/main/.ci/assets/kubernetes/galaxy_sign.secret.yaml
      2. Create the configmap with the script: https://github.com/pulp/pulp-operator/blob/main/.ci/assets/kubernetes/signing_scripts.configmap.yaml
      3. Set both secret and script names on Hub CR: https://github.com/pulp/pulp-operator/blob/main/config/samples/galaxy.yaml#L13-L14
      4. Set both signing service names:
      galaxy_collection_signing_service: ansible-default
galaxy_container_signing_service: container-default

      Actual Behavior

      Signing service is not enabled due to not being able to decrypt the key with passphrase.

      Expected Behavior

      Signing service should be able to be enabled.

      Ps.. I've the assumption that adding the pinentry package into the EE would fix the issue.

      https://unix.stackexchange.com/questions/671284/gpg-cant-decrypt-no-pinentry-program

      Attachments

        Activity

          People

            chadams@redhat.com Christian Adams
            rhn-support-brsanche Bruno Sanchez
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: