FS#49946 - makepkg does signing inside fakeroot which doesn't work (well) with gpg 2.1.13+
Attached to Project:
Pacman
Opened by Tomas Volf (gray_-_wolf) - Monday, 04 July 2016, 19:57 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 13 December 2017, 20:50 GMT
Opened by Tomas Volf (gray_-_wolf) - Monday, 04 July 2016, 19:57 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 13 December 2017, 20:50 GMT
|
Details
Description: makepkg does signing the package inside
fakeroot, which doesn't work very well with gpg 2.1.13.
Every odd invocation succeeds (but still prompts for
password), ever even fails.
I can try to put together a patch if there is interested and chance to get it merged. Originally discussed here: https://bbs.archlinux.org/viewtopic.php?id=214338 It is cause by changes in gnupg, see the link for details. Additional info: * package version(s): pacman 5.0.1-4, gnupg 2.1.13-1 Steps to reproduce: 1) launch gpg-agent: gpg-agent --daemon 2) makepkg --sign -f ---> will ask for password 3) makepkg --sing -f ---> will fail without asking Logs: [ paladin@ts ] :: ~/archrepo/laptop-mode-tools Load: 0.25 0.37 0.25 , Memory: 25.78 %, Disk: 5.45 % $ makepkg --sign ==> Making package: laptop-mode-tools 1.69.2-1 (Mon Jul 4 21:51:46 CEST 2016) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Found laptop-mode-tools-1.69.2-1.tar.gz ==> Validating source files with sha256sums... laptop-mode-tools-1.69.2-1.tar.gz ... Passed ==> Extracting sources... -> Extracting laptop-mode-tools-1.69.2-1.tar.gz with bsdtar ==> Entering fakeroot environment... ==> Starting package()... ./install.sh which: no invoke-rc.d in (/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/home/paladin/bin:/home/paladin/bin) which: no service in (/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/home/paladin/bin:/home/paladin/bin) Installed ACPI support. Installed APM support. Installed PMU (pmud/pbbuttonsd) support. Reloading acpid daemon acpid(424): Operation not permitted acpid: no process found Installation complete. ==> Tidying install... -> Removing libtool files... -> Purging unwanted files... -> Removing static library files... -> Stripping unneeded symbols from binaries and libraries... -> Compressing man and info pages... ==> Checking for packaging issue... ==> Creating package "laptop-mode-tools"... -> Generating .PKGINFO file... -> Generating .BUILDINFO file... -> Generating .MTREE file... -> Compressing package... ==> Signing package... -> Created signature file /home/paladin/archrepo/packages/laptop-mode-tools-1.69.2-1-any.pkg.tar.xz.sig. ==> Leaving fakeroot environment. ==> Finished making: laptop-mode-tools 1.69.2-1 (Mon Jul 4 21:52:01 CEST 2016) [ paladin@ts ] :: ~/archrepo/laptop-mode-tools Load: 0.23 0.36 0.25 , Memory: 25.82 %, Disk: 5.45 % :( $ makepkg --sign -f ==> Making package: laptop-mode-tools 1.69.2-1 (Mon Jul 4 21:52:07 CEST 2016) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Found laptop-mode-tools-1.69.2-1.tar.gz ==> Validating source files with sha256sums... laptop-mode-tools-1.69.2-1.tar.gz ... Passed ==> Extracting sources... -> Extracting laptop-mode-tools-1.69.2-1.tar.gz with bsdtar ==> Removing existing $pkgdir/ directory... ==> Entering fakeroot environment... ==> Starting package()... ./install.sh which: no invoke-rc.d in (/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/home/paladin/bin:/home/paladin/bin) which: no service in (/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/home/paladin/bin:/home/paladin/bin) Installed ACPI support. Installed APM support. Installed PMU (pmud/pbbuttonsd) support. Reloading acpid daemon acpid(424): Operation not permitted acpid: no process found Installation complete. ==> Tidying install... -> Removing libtool files... -> Purging unwanted files... -> Removing static library files... -> Stripping unneeded symbols from binaries and libraries... -> Compressing man and info pages... ==> Checking for packaging issue... ==> Creating package "laptop-mode-tools"... -> Generating .PKGINFO file... -> Generating .BUILDINFO file... -> Generating .MTREE file... -> Compressing package... ==> Signing package... ==> WARNING: Failed to sign package file. ==> Leaving fakeroot environment. ==> Finished making: laptop-mode-tools 1.69.2-1 (Mon Jul 4 21:52:14 CEST 2016) |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Wednesday, 13 December 2017, 20:50 GMT
Reason for closing: Fixed
Additional comments about closing: https://git.archlinux.org/pacman.git/com mit/?id=c6b04c04653ba9933fe978829148312e 412a9ea7
Wednesday, 13 December 2017, 20:50 GMT
Reason for closing: Fixed
Additional comments about closing: https://git.archlinux.org/pacman.git/com mit/?id=c6b04c04653ba9933fe978829148312e 412a9ea7
I added LD_PRELOAD= to makepkg line 1306:
LD_PRELOAD= gpg --detach-sign --use-agent ${SIGNWITHKEY} --no-armor "$filename" &>/dev/null || ret=$?
and now the signature works as expected.
Where I can find the proposed patch so I could test/use it?
https://git.archlinux.org/pacman.git/commit/?id=c6b04c04653ba9933fe978829148312e412a9ea7
@allan, it is slightly awkward that even with !sign we now get the message "Signing package(s)..." as we check $SIGNPKG each time in create_signature() but the message is now generated one step up. It would probably be more accurate to do that check in makepkg.sh even if it does have to be done twice, for regular and source packages.