Project

General

Profile

Bug #2103

[linux-libre] cannot build due to missing gpg key

Added by GNUtoo 19 days ago. Updated 17 days ago.

Status:
open
Priority:
bug
Category:
-
Assignee:
-
% Done:

0%


Description

Hi,

I was trying to improve the linux-libre PKGBUILD by trying to fix the bug #2103, however I cannot build it:

$ sudo libremakepkg -n parabola-armv7h
[...]
 |  ==> Verifying source file signatures with gpg...
 |      linux-libre-4.19-gnu.tar.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
 |      patch-4.19-gnu-4.19.2-gnu.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
 |      logo_linux_clut224.ppm ... FAILED (unknown public key 227CA7C556B2BA78)
 |      logo_linux_mono.pbm ... FAILED (unknown public key 227CA7C556B2BA78)
 |      logo_linux_vga16.ppm ... FAILED (unknown public key 227CA7C556B2BA78)
 |      rcn-libre-4.19.2-armv7-x5.patch ... FAILED (unknown public key 227CA7C556B2BA78)
 |  ==> ERROR: One or more PGP signatures could not be verified!
 |  ==> ERROR: Could not download sources.

History

#1 Updated by GNUtoo 19 days ago

  • Description updated (diff)

#2 Updated by ovruni 18 days ago

  • Status changed from open to invalid

gpg --recv-keys 227CA7C556B2BA78

#3 Updated by GNUtoo 17 days ago

  • Status changed from invalid to info needed

I don't understand why running

gpg --recv-keys 227CA7C556B2BA78
would fix the issue.

I'm using libremakepkg so I would instead need to do:

$ sudo librechroot -n parabola-armv7h enter
# pacman-key --recv-keys 227CA7C556B2BA78

But this is not what I should be supposed to do: this should work automatically either after:
  • $ sudo librechroot -n parabola-armv7h update

    and/or:
  • $ sudo librechroot -A armv7h -n parabola-armv7h create

Maybe some of the keyrings need to be updated for armv7 (and maybe also for i686)?h

#4 Updated by GNUtoo 17 days ago

  • Status changed from info needed to open

#5 Updated by ovruni 17 days ago

Did you try the command that I wrote above?

#6 Updated by ovruni 17 days ago

  • Project changed from Packages to libretools

#7 Updated by GNUtoo 17 days ago

I didn't before because it didn't made sense for me at the time.

Here's the result:

[parabola@apu1 ~]$ gpg --recv-keys 227CA7C556B2BA78
gpg: key 227CA7C556B2BA78: 2 duplicate signatures removed
gpg: key 227CA7C556B2BA78: 28 signatures not checked due to missing keys
gpg: key 227CA7C556B2BA78: 2 signatures reordered
gpg: key 227CA7C556B2BA78: public key "David P. (Main email address) <megver83@megver83.ga>" imported
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2020-10-31
gpg: Total number processed: 1
gpg:               imported: 1

Then I retried and it failed again:
$ sudo libremakepkg -n parabola-armv7h
| ==> Verifying source file signatures with gpg... | linux-libre-4.18-gnu.tar.xz ... FAILED (unknown public key BCB7CF877E7D47A7) | patch-4.18-gnu-4.18.11-gnu.xz ... FAILED (unknown public key BCB7CF877E7D47A7)

I then tried to do it in the chroot:

$ sudo librechroot -n parabola-armv7h enter
[root@parabola /]# gpg --recv-keys 227CA7C556B2BA78

but it wound't change anything.
 |  ==> Verifying source file signatures with gpg...
 |      linux-libre-4.18-gnu.tar.xz ... FAILED (unknown public key BCB7CF877E7D47A7)
 |      patch-4.18-gnu-4.18.11-gnu.xz ... FAILED (unknown public key BCB7CF877E7D47A7)

What keyring does makepkg uses?

It wound't make sense if it had to use the build user keyring:
  • It would be up to the user to maintain the keyring for building packages. It's way better if the keyring is maintained collectively by developers.
  • It would collude with the user's personal keyring

However it would make sense if it used a temporary keyring for building packages as the keys hashes are in the packages.
This is maybe what it's supposed to do and maybe it fails for me for some reasons.
This might be the reason why you asked me to run that command and that It didn't make sense for me at first.

Denis.

#8 Updated by ovruni 17 days ago

gpg --recv-keys BCB7CF877E7D47A7

#9 Updated by GNUtoo 17 days ago

Sorry, somehow I missed that there was multiple keys and signatures.
It now works after adding both keys outside of the librechroot:

 |  ==> Verifying source file signatures with gpg...
 |      linux-libre-4.19-gnu.tar.xz ... Passed
 |      patch-4.19-gnu-4.19.2-gnu.xz ... Passed

I'm still unsure how this is supposed to be handled. I'll ask around if there is some documentation or convention on what the user building packages is expected to do, and how libremakepkg is supposed to deal with gpg keys storage and retrieval.

Thanks a lot for your help.

Denis.

Also available in: Atom PDF