Package: simple-cdd Version: 0.6.6 Hello Debian community, when I try to build a custom Debian installer ISO with simple-cdd and the latest openssl libs installed, the following (truncated) error occurs:
$ build-simple-cdd --conf detox.conf --logfile detox_mirror.log --verbose
--debug --mirror-only
...
...
2019-01-03 10:21:52,957 INFO detox.conf: new var keyboard=en_US
2019-01-03 10:21:52,957 INFO detox.conf: new var locale=en_US.UTF-8
gpg: directory '/home/bob/.gnupg' created
gpg: /home/bob/.gnupg/trustdb.gpg: trustdb created
2019-01-03 10:21:53,048 DEBUG Checking configuration...
2019-01-03 10:21:53,185 DEBUG Creating build environment in
/builds/pd-de/systec/detox/CI/make_iso/simple_cdd...
2019-01-03 10:21:53,195 ERROR GPG standard error: gpg: cannot open '/dev/tty':
No such device or address
2019-01-03 10:21:53,196 ERROR GPG standard error:
2019-01-03 10:21:53,196 ERROR Importing
/usr/share/keyrings/debian-archive-keyring.gpg into
/builds/pd-de/systec/detox/CI/make_iso/simple_cdd/tmp/gpg-keyring failed, gpg
error code 2
The build environment is a NON-interactive Debian stretch container with NO tty
available.
The container has the latest ssl related packages installed:
$ apt list libssl1.1 openssl gnupg2
gnupg2/now 2.1.18-8~deb9u3 all [installed,local]
libssl1.1/now 1.1.0j-1~deb9u1 amd64 [installed,local]
openssl/now 1.1.0j-1~deb9u1 amd64 [installed,local]
$ uname -a
Linux 21be976d7d1f 4.9.0-7-amd64 #1 SMP Debian 4.9.110-1 (2018-07-05) x86_64
GNU/Linux
$ cat /etc/debian_version
9.6
Before the upgrade from openssl 1.1.0f-3+deb9u2 to the current version this was
not an issue.
The following (attached) patch adds a '--batch' parameter to the gpg calls in
the file simple_cdd/gnupg.py
This prevents the error message complaining about no tty available. With this
change I am able to build Debian ISOs inside a Docker container again.
However, it makes sense to use the batch parameter in non-interactive
environments anyway.
$ git format-patch master
>From e0ee289a03835dd563c13df7fe555fd15c3a04a8 Mon Sep 17 00:00:00 2001
From: Dirk Mayer <dirk.ma...@siemens.com>
Date: Thu, 3 Jan 2019 10:14:41 +0100
Subject: [PATCH] added --batch param to gpg calls
Signed-off-by: Dirk Mayer <dirk.ma...@siemens.com>
---
simple_cdd/gnupg.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/simple_cdd/gnupg.py b/simple_cdd/gnupg.py
index 78ffe7e..628b924 100644
--- a/simple_cdd/gnupg.py
+++ b/simple_cdd/gnupg.py
@@ -30,7 +30,7 @@ class Gnupg:
def common_gpg_args(self):
- args = ["gpg", "--no-default-keyring"]
+ args = ["gpg", "--batch", "--no-default-keyring"]
for k in self.env.get("keyring"):
args.extend(("--keyring", k))
return args
@@ -66,7 +66,7 @@ class Gnupg:
"""
env = dict(os.environ)
env["GNUPGHOME"] = self.env.get("GNUPGHOME")
- proc = subprocess.Popen(["gpg", "--import", keyring_file],
stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env)
+ proc = subprocess.Popen(["gpg", "--batch", "--import", keyring_file],
stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env)
stdout, stderr = proc.communicate()
retval = proc.wait()
if retval != 0:
@@ -80,6 +80,7 @@ class Gnupg:
keyring file
"""
keys_raw = subprocess.check_output(["gpg",
+ "--batch",
"--no-default-keyring",
"--keyring", keyring_file,
"--list-keys",
--
2.17.1
0001-added-batch-param-to-gpg-calls.patch
Description: 0001-added-batch-param-to-gpg-calls.patch
