system-image fails to sign images if more than one key is available

Bug #1457617 reported by Steve Langasek
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu system image
Triaged
High
Unassigned

Bug Description

We are in the process of rotating signing keys for system-image.ubuntu.com. Installing the new signing key results in a keyring containing only the new private key, but both old and new public keys.

This causes a backtrace in the importer:

2015-05-21 18:28:21,633 INFO Processing channel: ubuntu-touch/devel-proposed/ubuntu
2015-05-21 18:28:21,635 INFO Processing device: mako
2015-05-21 18:28:21,647 INFO Calling 'cdimage-ubuntu' generator for a new file
Traceback (most recent call last):
  File "/srv/system-image.ubuntu.com/bin/import-images", line 188, in <module>
    environment)
  File "/srv/system-image.ubuntu.com/bin/../lib/systemimage/generators.py", line 158, in generate_file
    path = generate_file_cdimage_ubuntu(conf, arguments, environment)
  File "/srv/system-image.ubuntu.com/bin/../lib/systemimage/generators.py", line 572, in generate_file_cdimage_ubuntu
    gpg.sign_file(conf, "image-signing", path)
  File "/srv/system-image.ubuntu.com/bin/../lib/systemimage/gpg.py", line 92, in sign_file
    [key] = ctx.keylist()
ValueError: too many values to unpack

This is a bug; the code should not be reading the list of *public* keys to determine which key to sign with, it should look at the available *private* keys.

Tags: server
Barry Warsaw (barry)
tags: added: server
Changed in ubuntu-system-image:
status: New → Triaged
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.