23.3: when apt keyids provided in #cloud-config, implicit dependency on gpgconf breaks Ubuntu minimal images
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init (Ubuntu) |
Fix Released
|
Critical
|
Chad Smith |
Bug Description
cloud-init version: 23.3
ubuntu 23.10 (Mantic) minimal images do not contain gpg, gnupg or gpgconf packages by default
Upstream commit https:/
Although cloud-init debian/control has a Recommends: gnupg, Recommends packages are not installed in Ubuntu minimal images, which leaves images without gpg or gpgconf. This leaves cloud-init.log with tracebacks like the following[1].
cloud-init package calling the utility gpgconf for any apt:sources configuration breaks daily Ubuntu minimal builds on Mantic builds and should be seen as an SRU blocker for cloud-init of 23.3.
This bug is only triggered in ubuntu minimal images (without gpgconf) are launched with apt:sources config. Any ubuntu-minimal image launches without "apt: sources:" in #cloud-config user-data will not trigger this issue.
Short-term solution:
- To avoid pulling in unnecessary package dependencies and bloating images, cloud-init should approach this daemon cleanup using common system utilities (kill) or python modules (os.kill) if dirmgr/gpg-agent are present and active. In absence of said services/utilities, cloud-init should not attempt to kill any dirmngr/gpg-agent services.
Long-term solution:
- cloud-init to install necessary gpg dependencies during first boot if the image doesn't have recommended utilities, and optional user-data requires gpg keyid interaction
- Adapt mwhudson's suggestion to use systemd-run during gpg utility interaction to provide scoped references to any background services launched by gpg. Then cloud-init will clean up the known cgroup when APT gpg key interaction is complete.
References:
[1] Traceback calling gpgconf:
16:53:35 AssertionError: ['(\'apt_
16:53:35 Traceback (most recent call last):
16:53:35 File "/home/
16:53:35 self.assertFalse(
16:53:35 AssertionError: ['(\'apt_
16:53:35\', \'--kill\', \'all\']\\nExit code: -\\nReason: [Errno 2] No such file or directory: b\'gpgconf\
16:53:35
Changed in cloud-init (Ubuntu): | |
status: | New → Triaged |
assignee: | nobody → Chad Smith (chad.smith) |
importance: | Undecided → Critical |
tags: | added: regression-proposed |
description: | updated |
description: | updated |
summary: |
- 23.3: implicit dependency on gpgconf breaks Ubuntu minimal images + 23.3: implicit dependency on gpgconf breaks Ubuntu minimal images when + apt keyids provided in user-data |
summary: |
- 23.3: implicit dependency on gpgconf breaks Ubuntu minimal images when - apt keyids provided in user-data + 23.3: when apt keyids provided in #cloud-config, implicit dependency on + gpgconf breaks Ubuntu minimal images |
description: | updated |
description: | updated |
A bug-fix release was uploaded to Ubuntu mantic containing a fix to avoid calling gpgconfig CLI directly.
Fix released as cloud-init version 23.3.1-0ubuntu1. If this is still a problem, please re-open this bug.