scalyr/scalyr-agent-2

rpm: postinstall script fails to import GPG key

JanneKataja-TomTom opened this issue · 1 comments

rpm packagescalyr-repo-bootstrap postinstall script attempts to import GPG public key. For this it runs rpm recursively. This causes rpm to return with an error from the postinstall script. Proposed fix is to add the GPG key outside of the packaging.

When running on CentOS 8:

[root@d75520e45555 /]#  yum install --nogpgcheck scalyr-repo-bootstrap-1.2.2-1.noarch.rpm
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:00:17 ago on Fri Sep 18 10:55:40 2020.
Dependencies resolved.
================================================================================
 Package                    Arch        Version         Repository         Size
================================================================================
Installing:
 scalyr-repo-bootstrap      noarch      1.2.2-1         @commandline      4.4 k

Transaction Summary
================================================================================
Install  1 Package

Total size: 4.4 k
Installed size: 2.0 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1
  Installing       : scalyr-repo-bootstrap-1.2.2-1.noarch                   1/1
  Running scriptlet: scalyr-repo-bootstrap-1.2.2-1.noarch                   1/1
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Resource temporarily unavailable)
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-scalyr-1: key 1 import failed.
warning: %post(scalyr-repo-bootstrap-1.2.2-1.noarch) scriptlet failed, exit status 1

Error in POSTIN scriptlet in rpm package scalyr-repo-bootstrap
  Verifying        : scalyr-repo-bootstrap-1.2.2-1.noarch                   1/1

Installed:
  scalyr-repo-bootstrap-1.2.2-1.noarch

Failing postinstall script:

#!/bin/bash

set -e;
# If we are installing or updating, be sure to add the key to the rpm's
# key ring.  We only add it if the key isn't already installed, otherwise
# we will get duplicates.  We could remove this if we could remove the
# key in the preuninstall script, but we can't.
if ! rpm -q gpg-pubkey-f70ceedb4ad7b6c6 > /dev/null 2>&1 ; then
  rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-scalyr-1 > /dev/null;
fi

exit 0;

Reproduction steps:

$ docker run -it centos:8 /bin/bash
# yum install wget --assumeyes
# wget -q https://www.scalyr.com/scalyr-repo/stable/latest/scalyr-repo-bootstrap-1.2.2-1.noarch.rpm
# yum install --nogpgcheck scalyr-repo-bootstrap-1.2.2-1.noarch.rpm

@JanneKataja-TomTom, We have updated the manual installation process and now there is no need to install the scalyr-repo-bootstrap or scalyr-repo packages. Now the Scalyr's yum repository should be added by using a scalyr.repo Please check updated instructions how to install the agent without install script in our documentation.

At the moment, the instructions on the website may still not be updated, so here is a copy of the instruction:

=================================================================================

Execute these instructions:

  sudo yum remove scalyr-repo scalyr-repo-bootstrap  # Remove legacy repository definitions if any.
  sudo yum install yum-utils  # Install this package in order to add the Scalyr repo.
  sudo yum-config-manager --add-repo https://scalyr-repo.s3.amazonaws.com/stable/latest/scalyr.repo
  sudo yum install scalyr-agent-2 

Note: During the installation, it may prompt to accept the Scalyr's GPG public key. Please verify that the fingerprint
matches 84AC 559B 5FB5 4638 85CE 0841 F70C EEDB 4AD7 B6C6, and if so, accept it.

=================================================================================

Hope that will help :)

I also apologize for such a big delay in fixing that issue and feel free to give any feedback.