Related

can you help me insert my public key into authorized_keys? Question Question
Resize droplet, CPU & RAM only Question Question

Question

clout-init apt-key "invalid armor header"

Posted May 26, 2018 1.9k views
DebianInitial Server Setup

I am using cloud-init to provision my droplet with custom apt repositories, and I have the public keys inline using this form:

apt:
  primary:
    - arches: [default]
      search_dns: true
  security:
    - arches: [default]
      search_dns: true
  sources:
    nodejs:
      source: "deb http://deb.nodesource.com/node_8.x stretch main"
      key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: GnuPG v1
        mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+
        <snip>
        -----END PGP PUBLIC KEY BLOCK-----

And I get this error in /var/log/cloud-init-output.log

2018-05-26 11:05:19,807 - cc_apt_configure.py[ERROR]: failed to add apt GPG Key to apt keyring
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cloudinit/config/cc_apt_configure.py", line 530, in add_apt_key_raw
    util.subp(['apt-key', 'add', '-'], data=key.encode(), target=target)
  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1850, in subp
    cmd=args)
cloudinit.util.ProcessExecutionError: Unexpected error while running command.
Command: ['apt-key', 'add', '-']
Exit code: 2
Reason: -
Stdout: -
Stderr: Warning: apt-key output should not be parsed (stdout is not a terminal)
        gpg: invalid armor header: mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+\n
2018-05-26 11:05:19,811 - util.py[WARNING]: Running module apt-configure (<module 'cloudinit.config.cc_apt_configure' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_apt_configure.py'>) failed

This seems to be a bug in cloud-init, but I can’t even figure out a workaround. I’ve tried putting the key in the YAML as a flow scalar instead of a block scalar, but that gave the same error (at a different point in the key input).

Add a comment
aidalgol
By:
aidalgol
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
trigeek February 6, 2019

I ran into this exact same issue, and this is literally the only google result for this specific cloud-init error. The problem is the lack of a space after the “—–BEGIN PGP PUBLIC KEY BLOCK—–” line. It should look like this instead:

      key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----

        Version: GnuPG v1
        mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+
        <snip>
        -----END PGP PUBLIC KEY BLOCK-----

The docs actually show it without the extra newline, but it’s definitely necessary for it to function correctly.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help