curtin does not retry when gpg fails to recv key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
curtin |
Fix Released
|
Low
|
Unassigned | ||
curtin (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Unassigned | ||
Yakkety |
Fix Released
|
Medium
|
Unassigned |
Bug Description
==== Begin SRU Template ========
[Impact]
Curtin installation can be configured to install additional apt
repositories and import gpg keys from a remote keyserver by fingerprint.
'gpg --recv' can transiently fail, causing installation failure.
The fix is to just retry
gpg --keyserver keyserver.
[Test Case]
Run curtin vmtest on XenialTestAptSr
./tools/
The named test pushes curtin through use of gpg --keyserver.
It does not guarantee failure and re-try, but does test the
happy path. Even if the gpg server was available on the first
time, we at very least then verify that there is no regression.
[Regression Potential]
Low risk of regression. The code change is just to sleep and retry
a command if it failed.
[Other Info]
When looking further into some failures in add-apt-repository that were
not fixed by re-trying, we found bug 1532855 . It is not explicitly
related to this bug, but is a similar failure path.
==== End SRU Template ========
In some cases we have transient network failure while attempting to recv gpg keys when configuring apt.
[ 40.161264] cloud-init[1528]: Command: ['gpg', '--keyserver', 'keyserver.
[ 40.162213] cloud-init[1528]: Exit code: 2
[ 40.163711] cloud-init[1528]: Reason: -
[ 40.164256] cloud-init[1528]: Stdout: "gpgkeys: key 0E7290610D2F6DC
[ 40.174200] cloud-init[1528]: Stderr: 'gpg: requesting key F470A0AC from hkp server keyserver.
[ 40.180654] cloud-init[1528]: During handling of the above exception, another exception occurred:
[ 40.182056] cloud-init[1528]: Traceback (most recent call last):
[ 40.183644] cloud-init[1528]: File "/curtin/
[ 40.185067] cloud-init[1528]: recv_key(keyid, keyserver=
[ 40.186653] cloud-init[1528]: File "/curtin/
[ 40.187895] cloud-init[1528]: (key, keyserver, error))
Curtin should retry this command.
Related branches
- Server Team CI bot: Approve (continuous-integration)
- Scott Moser (community): Approve
-
Diff: 249 lines (+172/-7)5 files modifiedcurtin/commands/apt_config.py (+2/-1)
curtin/gpg.py (+4/-4)
curtin/util.py (+3/-0)
tests/unittests/test_apt_source.py (+4/-2)
tests/unittests/test_gpg.py (+159/-0)
Changed in curtin: | |
status: | Confirmed → Fix Committed |
Changed in curtin (Ubuntu): | |
status: | New → Fix Released |
Changed in curtin (Ubuntu Xenial): | |
status: | New → Confirmed |
description: | updated |
description: | updated |
Changed in curtin (Ubuntu Yakkety): | |
status: | New → Confirmed |
Changed in curtin (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in curtin (Ubuntu Yakkety): | |
importance: | Undecided → Medium |
Changed in curtin (Ubuntu): | |
importance: | Undecided → Medium |
tags: |
added: verification-needed-xenial verification-needed-yakkety removed: verification-needed |
description: | updated |
Suggested fix:
=== modified file 'curtin/gpg.py' debug(' Receive gpg key "%s"', key)
util. subp([" gpg", "--keyserver", keyserver, "--recv", key], cutionError as error:
' from server "%s" - error %s') %
--- curtin/gpg.py 2016-06-23 15:04:21 +0000
+++ curtin/gpg.py 2017-02-02 17:28:22 +0000
@@ -41,7 +41,7 @@
LOG.
try:
- capture=True)
+ capture=True, retries=(1, 2, 5, 10))
except util.ProcessExe
raise ValueError(('Failed to import key "%s" '