[Bug 1577926] Re: apt-key works fine, yet apt fails with "Could not execute 'apt-key'"

Tue, 28 Feb 2017 07:46:47 -0800 

This still seems to exist in the current release of Xenial; setting the
sandbox user to root bypasses the problem, leaving it at the default
means any cron job that calls 'apt-get update' breaks, because gpgv
exits with error 2 (unexpected error), which leads to a failure of the
'apt-key' action being executed.

The difference, as far as I can tell thus far, seems to be in that the
'_apt' user cannot read the 'pubring.gpg' file that is being created in
a temporary directory, which means that gpgv cannot access it when it
runs;

==
[pid 10149] stat("/etc/apt/trusted.gpg", {st_mode=S_IFREG|0644, st_size=12255, 
...}) = 0
[pid 10149] faccessat(AT_FDCWD, "/etc/apt/trusted.gpg", R_OK) = 0
[pid 10149] open("/tmp/tmp.OcaWlGuT32/pubring.gpg", O_WRONLY|O_CREAT|O_APPEND, 
0666) = -1 EACCES (Permission denied)
[pid 10149] write(2, "/usr/bin/apt-key: 309: /usr/bin/"..., 41) = 41
[pid 10149] write(2, "cannot create /tmp/tmp.OcaWlGuT3"..., 64) = 64
==

This problem does not occur when root is the sandbox user, set via
'APT::Sandbox::User "root";' in '/etc/apt/apt.conf'. It's the only
setting present. Disable that setting and the problem returns, while
running the same thing interactively works without any issues.

I'm a bit stumped, at this point, pausing my investigation for now, but
logging it here in case someone else runs into this.

The warning we're seeing looks as follows;

==
W: An error occurred during the signature verification. The repository is not 
updated and the previous index files will be used. GPG error: 
https://apt-cache.domain.example/cache/us-east-1.ec2.archive.ubuntu.com/ubuntu 
xenial InRelease: Unknown error executing apt-key
==

Using the HTTPS transport to a local cache, fresh Xenial install based
on the official AMI, on AWS.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1577926

Title:
  apt-key works fine, yet apt fails with "Could not execute 'apt-key'"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1577926/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to