SecureDrop GUI updater fails due to keyserver timeout #4100
Milestone
Comments
|
For 0.12.0, we will need to
Adding rotation of keyservers or other mitigation is a stretch goal for the release. |
|
Too late to make changes like this for 0.12.0, moving into 0.12.1 milestone |
|
I wanted to create an issue because of this. However, a close read of the logs revealed that gpg couldn't open a /dev/tty during the recv-keys event. When starting the GUI updater from a terminal is a workaround. Please pass --no-tty or --batch as an option as well, and test if this still happens. |
KwadroNaut
pushed a commit
to KwadroNaut/securedrop
that referenced
this issue
Mar 6, 2019
2 tasks
KwadroNaut
pushed a commit
to KwadroNaut/securedrop
that referenced
this issue
Mar 9, 2019
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.
--no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
GnuPG sometimes prints warnings to the TTY if if --batch is used.
--batch
Use batch mode. Never ask, do not allow interactive commands.
KwadroNaut
pushed a commit
to KwadroNaut/securedrop
that referenced
this issue
Mar 9, 2019
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.
--no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
GnuPG sometimes prints warnings to the TTY if if --batch is used.
--batch
Use batch mode. Never ask, do not allow interactive commands.
The test, which uses a subshell, is looking for errors on the cli, this
should be changed.
conorsch
pushed a commit
to KwadroNaut/securedrop
that referenced
this issue
Mar 13, 2019
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.
--no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
GnuPG sometimes prints warnings to the TTY if if --batch is used.
--batch
Use batch mode. Never ask, do not allow interactive commands.
The test, which uses a subshell, is looking for errors on the cli, this
should be changed.
heartsucker
pushed a commit
that referenced
this issue
Mar 14, 2019
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.
--no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
GnuPG sometimes prints warnings to the TTY if if --batch is used.
--batch
Use batch mode. Never ask, do not allow interactive commands.
The test, which uses a subshell, is looking for errors on the cli, this
should be changed.
heartsucker
pushed a commit
that referenced
this issue
Mar 14, 2019
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.
--no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
GnuPG sometimes prints warnings to the TTY if if --batch is used.
--batch
Use batch mode. Never ask, do not allow interactive commands.
The test, which uses a subshell, is looking for errors on the cli, this
should be changed.
(cherry picked from commit 6143a17)
emkll
pushed a commit
that referenced
this issue
Mar 14, 2019
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.
--no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
GnuPG sometimes prints warnings to the TTY if if --batch is used.
--batch
Use batch mode. Never ask, do not allow interactive commands.
The test, which uses a subshell, is looking for errors on the cli, this
should be changed.
(cherry picked from commit 6143a17)
emkll
pushed a commit
that referenced
this issue
Mar 14, 2019
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.
--no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
GnuPG sometimes prints warnings to the TTY if if --batch is used.
--batch
Use batch mode. Never ask, do not allow interactive commands.
The test, which uses a subshell, is looking for errors on the cli, this
should be changed.
(cherry picked from commit 6143a17)
kushaldas
pushed a commit
that referenced
this issue
Sep 25, 2019
you don't have an interactive prompt in the gui-updater, so you
shouldn't use a tty and --batch or --no-tty is meant for such tings.
--no-tty
Make sure that the TTY (terminal) is never used for any output.
This option is needed in some cases because
GnuPG sometimes prints warnings to the TTY if if --batch is used.
--batch
Use batch mode. Never ask, do not allow interactive commands.
The test, which uses a subshell, is looking for errors on the cli, this
should be changed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The SecureDrop GUI updater is failing with the "Update failed. Please contact your SecureDrop administrator" message. Checking the detailed log, the failure is due to the call to retrieve the release signing key from the keyserver at hkps://hkps.pool.sks-keyservers.net timing out.
Steps to Reproduce
On a Tails 3.12 Admin or Journalist stick:
Expected Behavior
Update completes without error, user prompted for local admin password, tailsconfig phase completes without error.
Actual Behavior
Update fails as described above
Please provide screenshots where appropriate.
Comments
The
./securedrop-admin updatecommand works fine. Maybe pull the key in the same way in the GUI updater?The text was updated successfully, but these errors were encountered: