General discussion about Chef

[chef] Re: Chef bootstrap installation -->gpg key not found on keyserver


Chronological Thread 
  • From: Peter Norton < >
  • To:
  • Subject: [chef] Re: Chef bootstrap installation -->gpg key not found on keyserver
  • Date: Mon, 9 Jan 2012 11:02:49 -0500
I haven't reproduced this, but I can see that this key appears to be
in the keyserver:

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2940ABA983EF826A

And the same command worked from an amazon ec2 instance:

:~$
 sudo gpg --ignore-time-conflict --no-options
--no-default-keyring --secret-keyring /etc/apt/secring.gpg
--trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg
--primary-keyring /etc/apt/trusted.gpg --keyring
/etc/apt/trusted.gpg.d//opscode-keyring.gpg --keyserver
pgpkeys.mit.edu --recv 2940ABA983EF826A
gpg: keyblock resource `/etc/apt/trusted.gpg.d//opscode-keyring.gpg':
file open error
gpg: requesting key 83EF826A from hkp server pgpkeys.mit.edu
gpg: key 83EF826A: public key "Opscode Packages 
< >"
 imported
gpg: Total number processed: 1
gpg:               imported: 1

sort of:

:~$
 echo $?
2

So, touching the file first works:

:~$
 sudo touch /etc/apt/trusted.gpg.d/opscode-keyring.gpg
:~$
 sudo gpg --ignore-time-conflict --no-options
--no-default-keyring --secret-keyring /etc/apt/secring.gpg
--trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg
--primary-keyring /etc/apt/trusted.gpg --keyring
/etc/apt/trusted.gpg.d/opscode-keyring.gpg --keyserver pgpkeys.mit.edu
--recv 2940ABA983EF826A
gpg: requesting key 83EF826A from hkp server pgpkeys.mit.edu
gpg: key 83EF826A: "Opscode Packages 
< >"
 not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
:~$


It looks like gpg is broken WRT how apt-key expects it to work, maybe
not opening with O_CREAT set in the open flags?  Anyway, it's not
creating a new keyring file, so this command may need a "touch
/path/to/keyring/file" for now or the apt cookbook could be fixed to
use the default keyring.

I don't know what the right way to handle this is, but you've got a
couple of options, the easier/more visible of which is to have chef
touch the file to be created.

-Peter

On Mon, Jan 9, 2012 at 10:10 AM, Till Brinkmann
< >
 wrote:
> hi all,
>
> I´m trying to install chef by using chef-solo bootstrap installation. I face
> a problem while importing gpg key from cookbook
>
> log debug.....
> _______________________________________________________________________________________________________________________________________
> [Mon, 09 Jan 2012 13:50:50 +0000] INFO: Processing execute[install-key
> 2940ABA983EF826A] action run
> (/var/chef/cookbooks/apt/providers/repository.rb line 25)
> [Mon, 09 Jan 2012 13:50:50 +0000] INFO: execute[install-key
> 2940ABA983EF826A] sh(apt-key adv --keyserver pgpkeys.mit.edu --recv
> 2940ABA983EF826A)
> Executing: gpg --ignore-time-conflict --no-options --no-default-keyring
> --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg
> --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg
> --keyring /etc/apt/trusted.gpg.d//opscode-keyring.gpg --keyserver
> pgpkeys.mit.edu --recv 2940ABA983EF826A
> gpgkeys: key 2940ABA983EF826A not found on keyserver
> [Mon, 09 Jan 2012 13:50:50 +0000] ERROR: execute[install-key
> 2940ABA983EF826A] (/var/chef/cookbooks/apt/providers/repository.rb line 25)
> has had an error
> [Mon, 09 Jan 2012 13:50:50 +0000] ERROR: apt_repository[opscode]
> (gecode::default line 33) has had an error
> [Mon, 09 Jan 2012 13:50:50 +0000] ERROR: apt_repository[opscode]
> (/var/chef/cookbooks/gecode/recipes/default.rb:33:in `from_file') had an
> error:
> _______________________________________________________________________________________________________________________________________
>
> I´m not in touch with gpg keys so my question: could be I made a mistake on
> installing basic system ?
>
> thanks a lot
> Till

Archive powered by MHonArc 2.6.16.

§