Ubuntu
software-properties package

should retry reading key from keyserver (in _recv_key)

Bug #1779302 reported by Scott Moser
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
software-properties (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Some recent events have made keyservers less reliable than they were
previously:
      https://bitbucket.org/skskeyserver/sks-keyserver/issues/57
      https://bitbucket.org/skskeyserver/sks-keyserver/issues/60

We have seen a greatly increased failure rate of retreiving keys
from the key servers, both in cloud-init and with using apt-add-repository.

Here is an example failure:
  https://jenkins.ubuntu.com/server/view/cloud-init,%20curtin,%20streams/job/cloud-init-integration-nocloud-kvm-x/191/console

The stdout/stderr that is a result of running:
$ add-apt-repository --yes ppa:cloud-init-devel/daily

gpg: keyring `/tmp/tmp4s88x_yf/secring.gpg' created
gpg: keyring `/tmp/tmp4s88x_yf/pubring.gpg' created
gpg: requesting key E4D304DF from hkp server keyserver.ubuntu.com
gpgkeys: key 1FF0D8535EF7E719E5C81B9C083D06FBE4D304DF can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm
Failed to add key.

Retries on reading the key make sense here to be more resilient to
transient network or remote service resources. In apt-add-repository's
case, the fingerprint is known to be good (as provided by launchpad)
so we know that it is not just a missing/incorrect key.

ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: software-properties-common 0.96.24.33
ProcVersionSignature: Ubuntu 4.15.0-23.25-generic 4.15.18
Uname: Linux 4.15.0-23-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.10-0ubuntu3
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Thu Jun 28 22:28:53 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-07-23 (1072 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20150722.1)
PackageArchitecture: all
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: software-properties
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Related branches

lp:~smoser/software-properties/trunk.lp-1779302-retry-recv-keys
Brian Murray: Needs Information
Diff: 171 lines (+92/-42)
1 file modified
softwareproperties/ppa.py (+92/-42)
lp:software-properties
No reviews requested
Revision history for this message
Scott Moser (smoser) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in software-properties (Ubuntu):
status: New → Confirmed
Revision history for this message
Valentin Boucher (boucherv29) wrote :

Same issue on Ubuntu 16.04:

sudo add-apt-repository -y ppa:maas/stable

gpg: keyring `/tmp/tmp6wy_3tp8/secring.gpg' created
gpg: keyring `/tmp/tmp6wy_3tp8/pubring.gpg' created
gpg: requesting key 684D4A1C from hkp server keyserver.ubuntu.com
gpgkeys: key 3AB6DCF1F234E78DAA9C104204E7FDC5684D4A1C can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper general error
gpg: keyserver communications error: unknown pubkey algorithm
gpg: keyserver receive failed: unknown pubkey algorithm
Failed to add key.

Brian Murray (brian-murray)
tags: added: rls-cc-incoming
Revision history for this message
Scott Moser (smoser) wrote :

I saw this "in the wild" with /var/log/cloud-init.log showing:

2018-07-09 15:20:22,666 - util.py[DEBUG]: Running command ['add-apt-repository', 'cloud-archive:ocata'] with allowed return codes [0] (shell=False, capture=True)
2018-07-09 15:20:24,907 - cc_apt_configure.py[ERROR]: add-apt-repository failed.
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cloudinit/config/cc_apt_configure.py", line 615, in add_apt_sources
    util.subp(["add-apt-repository", source], target=target)
  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1957, in subp
    cmd=args)
cloudinit.util.ProcessExecutionError: Unexpected error while running command.
Command: ['add-apt-repository', 'cloud-archive:ocata']
Exit code: 1
Reason: -
Stdout: Ubuntu Cloud Archive for OpenStack Ocata
         More info: https://wiki.ubuntu.com/ServerTeam/CloudArchive
        Reading package lists...
        Building dependency tree...
        Reading state information...
        Failed to add key.
Stderr: E: Unable to locate package ubuntu-cloud-keyring

description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-properties - 0.96.24.35

---------------
software-properties (0.96.24.35) cosmic; urgency=medium

  * Retry on failed lookups of gpg keys (LP: #1779302)

 -- Scott Moser <email address hidden> Tue, 17 Jul 2018 10:55:34 -0400

Changed in software-properties (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.