Pass in --no-tty to apt-key

On modern Debian(-based) distros this is needed for gpg to function when no TTY is available. Since Puppet often runs from cron or a daemon, this is often the case.
puppetlabs · Nov 14, 2018 · c84e842 · c84e842
1 parent ca864b3
commit c84e842
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 8 deletions.
diff --git a/lib/puppet/provider/apt_key/apt_key.rb b/lib/puppet/provider/apt_key/apt_key.rb
@@ -19,7 +19,7 @@
   commands   gpg: '/usr/bin/gpg'
 
   def self.instances
-    cli_args = ['adv', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode']
+    cli_args = ['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode']
 
     key_output = apt_key(cli_args).encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
 
@@ -160,7 +160,7 @@ def tempfile(content)
     # confirm that the fingerprint from the file, matches the long key that is in the manifest
     if name.size == 40
       if File.executable? command(:gpg)
-        extracted_key = execute(["#{command(:gpg)} --with-fingerprint --with-colons #{file.path} | awk -F: '/^fpr:/ { print $10 }'"], failonfail: false)
+        extracted_key = execute(["#{command(:gpg)} --no-tty --with-fingerprint --with-colons #{file.path} | awk -F: '/^fpr:/ { print $10 }'"], failonfail: false)
         extracted_key = extracted_key.chomp
 
         found_match = false
@@ -193,7 +193,7 @@ def update_expired_key
 
     # Breaking up the command like this is needed because it blows up
     # if --recv-keys isn't the last argument.
-    command.push('adv', '--keyserver', resource[:server])
+    command.push('adv', '--no-tty', '--keyserver', resource[:server])
     unless resource[:options].nil?
       command.push('--keyserver-options', resource[:options])
     end
@@ -211,7 +211,7 @@ def create
     if resource[:source].nil? && resource[:content].nil?
       # Breaking up the command like this is needed because it blows up
       # if --recv-keys isn't the last argument.
-      command.push('adv', '--keyserver', resource[:server])
+      command.push('adv', '--no-tty', '--keyserver', resource[:server])
       unless resource[:options].nil?
         command.push('--keyserver-options', resource[:options])
       end

diff --git a/spec/acceptance/apt_key_provider_spec.rb b/spec/acceptance/apt_key_provider_spec.rb
@@ -13,7 +13,7 @@
 PUPPETLABS_EXP_KEY_LONG_ID          = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'.freeze
 PUPPETLABS_EXP_KEY_DATES            = 'pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key'.freeze
 SHOULD_NEVER_EXIST_ID               = 'EF8D349F'.freeze
-KEY_CHECK_COMMAND                   = 'apt-key adv --list-keys --with-colons --fingerprint | grep '.freeze
+KEY_CHECK_COMMAND                   = 'apt-key adv --no-tty --list-keys --with-colons --fingerprint | grep '.freeze
 PUPPETLABS_KEY_CHECK_COMMAND        = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}".freeze
 CENTOS_KEY_CHECK_COMMAND            = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}".freeze
 PUPPETLABS_EXP_CHECK_COMMAND        = "#{KEY_CHECK_COMMAND} '#{PUPPETLABS_EXP_KEY_DATES}'".freeze
@@ -31,7 +31,7 @@ def populate_default_options_pp(value)
 
 def install_key(key)
   retry_on_error_matching do
-    shell("apt-key adv --keyserver pgp.mit.edu --recv-keys #{key}")
+    shell("apt-key adv --no-tty --keyserver pgp.mit.edu --recv-keys #{key}")
   end
 end
 
@@ -980,8 +980,6 @@ def apply_manifest_twice(manifest_pp)
       if fact('lsbdistcodename') == 'stretch' || fact('lsbdistcodename') == 'bionic'
         # Ensure dirmngr package is installed
         apply_manifest(refresh_check_for_dirmngr_pp, acceptable_exit_codes: [0, 2])
-        # Export environment variable to disable apt-key warning when using grep
-        shell('export APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1')
       end
       # Delete the Puppet Labs Release Key and install an expired version of the key
       apply_manifest(refresh_del_key_pp)