launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad-buildd:fix-add-trusted-keys into launchpad-buildd:master

To: mp+434513@xxxxxxxxxxxxxxxxxx
From: Colin Watson <mp+434513@xxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Dec 2022 17:50:20 -0000
Reply-to: mp+434513@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad-buildd:fix-add-trusted-keys into launchpad-buildd:master.

Commit message:
Fix add-trusted-keys regression due to Backend.open

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #1999420 in launchpad-buildd: "Snap builds failing with `gpg: no valid OpenPGP data found.`"
  https://bugs.launchpad.net/launchpad-buildd/+bug/1999420

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad-buildd/+git/launchpad-buildd/+merge/434513

`Backend.open` calls `lxc exec`, which apparently drains its standard input, breaking `add-trusted-keys`.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad-buildd:fix-add-trusted-keys into launchpad-buildd:master.

diff --git a/debian/changelog b/debian/changelog
index fe9e8c3..b8452a0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+launchpad-buildd (225) UNRELEASED; urgency=medium
+
+  * Fix add-trusted-keys regression due to Backend.open calling "lxc exec"
+    and draining stdin (LP: #1999420).
+
+ -- Colin Watson <cjwatson@xxxxxxxxxx>  Mon, 12 Dec 2022 17:46:40 +0000
+
 launchpad-buildd (224) focal; urgency=medium
 
   [ Colin Watson ]
diff --git a/lpbuildd/target/apt.py b/lpbuildd/target/apt.py
index a411806..c1d30a7 100644
--- a/lpbuildd/target/apt.py
+++ b/lpbuildd/target/apt.py
@@ -82,14 +82,18 @@ class AddTrustedKeys(Operation):
     def run(self):
         """Add trusted keys from an input file."""
         logger.info("Adding trusted keys to build-%s", self.args.build_id)
+        # We must read the input data before calling `backend.open`, since
+        # it may call `lxc exec` and that apparently drains stdin.
+        input_data = self.input_file.read()
         gpg_cmd = [
             "gpg", "--ignore-time-conflict", "--no-options", "--no-keyring",
             ]
         with self.backend.open(
             "/etc/apt/trusted.gpg.d/launchpad-buildd.gpg", mode="wb+"
         ) as keyring:
-            subprocess.check_call(
-                gpg_cmd + ["--dearmor"], stdin=self.input_file, stdout=keyring)
+            subprocess.run(
+                gpg_cmd + ["--dearmor"], input=input_data, stdout=keyring,
+                check=True)
             keyring.seek(0)
             subprocess.check_call(
                 gpg_cmd +