gpg called without no-tty

Bug #1813396 reported by Till Riedel
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

I am running cloud-init on a libvirt/virsh with this image:

the relevant lines are:
     source: 'deb [arch=amd64] stretch stable'
     keyid: 0EBFCD88

sorry for not attaching any bugs, but the triggered command just does not find "/dev/tty")

The gpg wrapper should have the "no-tty" argument for receiving key at least on debian systems.
Otherwise cloudinit fails when specifying key-ids on debian cloudimages (with manually added dirmngr and apt-transport-https, it is quite a mess on the openstack debian images...)

I would naively propose the following patch:

diff --git a/cloudinit/ b/cloudinit/
index 7fe17a2..21d598e 100644
--- a/cloudinit/
+++ b/cloudinit/
@@ -42,7 +42,7 @@ def recv_key(key, keyserver, retries=(1, 1)):
     @param retries: an iterable of sleep lengths for retries.
                     Use None to indicate no retries."""
     LOG.debug("Importing key '%s' from keyserver '%s'", key, keyserver)
- cmd = ["gpg", "--keyserver=%s" % keyserver, "--recv-keys", key]
+ cmd = ["gpg", "--no-tty", "--keyserver=%s" % keyserver, "--recv-keys", key]
     if retries is None:
         retries = []
     trynum = 0



summary: - no-tty
+ gpg called without no-tty
Revision history for this message
Ryan Harper (raharper) wrote :

Hi, thanks for reporting the bug. I suspect cloud-init can check if there's a tty and if not append the --no-tty flag.

Changed in cloud-init:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Chad Smith (chad.smith) wrote : Fixed in cloud-init version 20.4.

This bug is believed to be fixed in cloud-init in version 20.4. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Confirmed → Fix Released
Revision history for this message
James Falcon (falcojr) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.