The following command seems to work when running it in a shell
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
but fails when executed in a Dockerfile as follows:
Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.1CIuj3LUOP/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
gpg: cannot open '/dev/tty': No such device or address
The specific Dockerfile RUN commands executes on a openjdk:8 image which in turn draws from buildpack-deps:stretch-scm
Solved by adding --no-tty on the apt-key adv command also;
Any idea however why this was happening?
Related
This is a snippet of a Dockerfile that is exhibiting an error that I don't understand:
FROM dorowu/ubuntu-desktop-lxde-vnc
LABEL maintainer "bpinaya#wpi.edu"
# Adding keys for ROS
RUN sh -c 'echo "deb http://packages.ros.org/ros/ubuntu $(lsb_release -sc) main" > /etc/apt/sources.list.d/ros-latest.list'
RUN apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
Gives this result
RUN apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
---> Running in 7bb30729ec87
Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.HkofyyhjvI/gpg.1.sh --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.HkofyyhjvI/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr
The command '/bin/sh -c apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116' returned a non-zero code: 2
According to this post here, you need to install dirmngr. I also needed to install gnupg in order to get this to work on my local docker container when testing.
I updated your Dockerfile code below with my changes:
FROM dorowu/ubuntu-desktop-lxde-vnc
LABEL maintainer "bpinaya#wpi.edu"
# Update
RUN apt-get update && \
apt-get upgrade -y
# Install required packages
RUN apt-get install -y \
dirmngr \
gnupg
# Adding keys for ROS
RUN sh -c 'echo "deb http://packages.ros.org/ros/ubuntu $(lsb_release -sc) main" > /etc/apt/sources.list.d/ros-latest.list'
RUN apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
This gave me the following output on the last step:
Step 6/6 : RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
---> Running in a0cfb3588173
Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.USze27holj/gpg.1.sh --keyserver hkp://pgp.mit.edu:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
gpg: key 5523BAEEB01FA116: public key "ROS Builder <rosbuild#ros.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
Occasionally this reports back with the following error:
gpg: keyserver receive failed: Cannot assign requested address
That error doesn't seem consistent though, so it could be something with my own network connection.
I wanted to comment but don't have enough reputation to. Please consider my answer as an appendix to #brian-elliott 's answer. Dirmngr seems to have some strange default setup to use tor or some non-standard DNS. So make sure you have something like this:
standard-resolver
keyserver keyserver.ubuntu.com
keyserver keys.gnupg.net
in your ~/.gnupg/dirmngr.conf
This question already has answers here:
How to circumvent "apt-key output should not be parsed"?
(4 answers)
Closed 4 years ago.
Lately, I'm getting this error when building Ubuntu/Debian based containers:
Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.jZsMrv3GZH/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
mgpg: cannot open '/dev/tty': No such device or address
When I'm calling the apt-key commands such as these:
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
I could use apt with an untrusted option so I wouldn't need the key at all, but that sounds as a dirty solution.
When using gpg directly I probably could use the --no-tty or --batch options to fix it, but what is the somewhat clean way to do it with apt-key command which is a wrapper for the pgp?
I think I got it, at least until the GPG or APT-KEY will be fixed I could use this workaround which does modify the apt-key script in place.
For the more fancier apt-key this will work, quickly tested on debian:
sed -i "s%{GPG_EXE}\")' --%{GPG_EXE}\")' --batch --%g" /usr/bin/apt-key
While for the basic apt-key this could work (untested as I can't recall exactly where I seen this simpler variant):
sed -i 's%GPG_CMD="gpg %GPG_CMD="gpg --batch %g' /usr/bin/apt-key
You need privileges to write to the the /usr/bin/apt-key so ither run as root or use sudo
I am trying the command docker-compose up to start the Validator Node in my Hyperledger Sawtooth setup on my Ubuntu machine.
I am running this command behind my company's proxy.
When I use the command docker-compose up, I get the following output:
Building validator
Step 1/15 : FROM ubuntu:xenial
---> 4a689991aa24
Step 2/15 : RUN echo "deb http://repo.sawtooth.me/ubuntu/ci xenial universe" >> /etc/apt/sources.list && (apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8AA7AF1F1091A5FD || apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 8AA7AF1F1091A5FD) && apt-get update
---> Using cache
---> 59b3dd0413ec
Step 3/15 : RUN apt-get install -y -q --allow-downgrades git python3 python3-stdeb
---> Using cache
---> fa792ef3800a
Step 4/15 : RUN apt-get install -y -q --allow-downgrades python3-grpcio python3-grpcio-tools python3-protobuf
---> Using cache
---> b21e9522d61d
Step 5/15 : RUN apt-get install -y -q --allow-downgrades python3-cbor python3-colorlog python3-cryptography>=1.7.1 python3-dev python3-lmdb python3-netifaces=0.10.4-0.1build2 python3-pyformance python3-secp256k1 python3-toml python3-yaml python3-zmq unzip
---> Using cache
---> bff0f3b39a0a
Step 6/15 : RUN curl -OLsS https://github.com/google/protobuf/releases/download/v3.5.1/protoc-3.5.1-linux-x86_64.zip && unzip protoc-3.5.1-linux-x86_64.zip -d protoc3 && rm protoc-3.5.1-linux-x86_64.zip
---> Running in 37e4dd702373
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
ERROR: Service 'validator' failed to build: The command '/bin/sh -c curl -OLsS https://github.com/google/protobuf/releases/download/v3.5.1/protoc-3.5.1-linux-x86_64.zip && unzip protoc-3.5.1-linux-x86_64.zip -d protoc3 && rm protoc-3.5.1-linux-x86_64.zip' returned a non-zero code: 60
It says that the server verification failed and stops at step(6/15).
How do I fix this?
You need to install the key for the repository.
For the stable repository, use:
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8AA7AF1F1091A5FD
$ sudo add-apt-repository 'deb [arch=amd64] http://repo.sawtooth.me/ubuntu/bumper/stable xenial universe'
For the nightly, development repository use:
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 44FC67F19B2466EA
$ sudo apt-add-repository 'deb [arch=amd64] http://repo.sawtooth.me/ubuntu/nightly xenial universe'
I am following the instructions for installing Yarn on CircleCI, but CircleCI is showing these errors when trying to check the key server:
sudo apt-key adv --keyserver pgp.mit.edu --recv D101F7899D41F3C3
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.j5q2IRFiKK --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d//apt.postgresql.org.gpg --keyserver pgp.mit.edu --recv D101F7899D41F3C3
gpg: requesting key 9D41F3C3 from hkp server pgp.mit.edu
gpgkeys: key D101F7899D41F3C3 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
sudo apt-key adv --keyserver pgp.mit.edu --recv D101F7899D41F3C3 returned exit code 2
Action failed: sudo apt-key adv --keyserver pgp.mit.edu --recv D101F7899D41F3C3
The error message means that GPG couldn't load the public GPG key used to verify the package signatures. Try doing this instead:
sudo apt-key adv --fetch-keys http://dl.yarnpkg.com/debian/pubkey.gpg
The issue is that the pgp.mit.edu keyserver sometimes has outages, which results in the error message you're seeing. Loading the GPG key via URL should be more reliable.
I have trying to install rvm and I found the following message in the terminal after I typed this: curl -L https://get.rvm.io | bash -s stable
GPG signature verification failed for '/home/ephraim/.rvm/archives/rvm-1.26.3.tgz' - 'https://github.com/wayneeseguin/rvm/releases/download/1.26.3/1.26.3.tar.gz.asc'!
try downloading the signatures:
gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3
or if it fails:
command curl -sSL https://rvm.io/mpapis.asc | gpg --import -
the key can be compared with:
https://rvm.io/mpapis.asc
https://keybase.io/mpapis
How can I get rid of these problems?
Follow the instructions in the error and run,
gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3
You can download the signature and import manually.
Get the signature:
curl -#LO https://rvm.io/mpapis.asc
Import signature:
gpg --import mpapis.asc
This will resolve your problem.
Depending on your needs you may need to run:
gpg2 --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3
Note gpg2, not gpg as mentioned in instruction. Here more details as found. This should be helpful. Make sure you run gpg command while logged in as the same OS user who makes rvm installation.