Hi, all:
I came across an interesting gpg failure while trying to build
git-2.24.1 RPM for Fedora COPR. As part of RPM build, the prep stage
attempts to verify the tarball signature using Junio's PGP key:
%prep
# Verify GPG signatures
gpghome="$(mktemp -qd)" # Ensure we don't use any existing gpg keyrings
# Convert the ascii-armored key to binary
# (use --yes to ensure an existing dearmored key is overwritten)
gpg2 --homedir "$gpghome" --dearmor --quiet --yes %{SOURCE9}
xz -dc %{SOURCE0} | # Upstream signs the uncompressed tarballs
gpgv2 --homedir "$gpghome" --quiet --keyring %{SOURCE9}.gpg %{SOURCE1} -
rm -rf "$gpghome" # Cleanup tmp gpg home dir
On x86_64 this succeeds, but when I tried building on aarch64, that step
returned the following error:
Building for target aarch64
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.FYxOmt
+ umask 022
+ cd /builddir/build/BUILD
++ mktemp -qd
+ gpghome=/tmp/tmp.dndOuot6S2
+ gpg2 --homedir /tmp/tmp.dndOuot6S2 --dearmor --quiet --yes /builddir/build/SOURCES/gpgkey-junio.asc
gpg: Fatal: can't disable core dumps: Operation not permitted
error: Bad exit status from /var/tmp/rpm-tmp.FYxOmt (%prep)
Here's the same step on x86_64:
Building for target x86_64
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.eDX1Cv
+ umask 022
+ cd /builddir/build/BUILD
++ mktemp -qd
+ gpghome=/tmp/tmp.ON2CbIaFXg
+ gpg2 --homedir /tmp/tmp.ON2CbIaFXg --dearmor --quiet --yes /builddir/build/SOURCES/gpgkey-junio.asc
+ xz -dc /builddir/build/SOURCES/git-2.24.1.tar.xz
+ gpgv2 --homedir /tmp/tmp.ON2CbIaFXg --quiet --keyring /builddir/build/SOURCES/gpgkey-junio.asc.gpg /builddir/build/SOURCES/git-2.24.1.tar.sign -
gpgv: Signature made Tue Dec 10 13:43:57 2019 UTC using RSA key ID 96AFE6CB
gpgv: Signature made Tue Dec 10 13:43:57 2019 UTC using RSA key ID 96AFE6CB
gpgv: Good signature from "Junio C Hamano <gitster@pobox.com>"
gpgv: Good signature from "Junio C Hamano <gitster@pobox.com>"
gpgv: aka "Junio C Hamano <junio@pobox.com>"
gpgv: aka "Junio C Hamano <junio@pobox.com>"
gpgv: aka "Junio C Hamano <jch@google.com>"
gpgv: aka "Junio C Hamano <jch@google.com>"
I'm curious what exactly is at fault here -- is there something in the
COPR build environment that causes this error, or is there something
that gnupg is not checking correctly?
-K
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I came across an interesting gpg failure while trying to build
git-2.24.1 RPM for Fedora COPR. As part of RPM build, the prep stage
attempts to verify the tarball signature using Junio's PGP key:
%prep
# Verify GPG signatures
gpghome="$(mktemp -qd)" # Ensure we don't use any existing gpg keyrings
# Convert the ascii-armored key to binary
# (use --yes to ensure an existing dearmored key is overwritten)
gpg2 --homedir "$gpghome" --dearmor --quiet --yes %{SOURCE9}
xz -dc %{SOURCE0} | # Upstream signs the uncompressed tarballs
gpgv2 --homedir "$gpghome" --quiet --keyring %{SOURCE9}.gpg %{SOURCE1} -
rm -rf "$gpghome" # Cleanup tmp gpg home dir
On x86_64 this succeeds, but when I tried building on aarch64, that step
returned the following error:
Building for target aarch64
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.FYxOmt
+ umask 022
+ cd /builddir/build/BUILD
++ mktemp -qd
+ gpghome=/tmp/tmp.dndOuot6S2
+ gpg2 --homedir /tmp/tmp.dndOuot6S2 --dearmor --quiet --yes /builddir/build/SOURCES/gpgkey-junio.asc
gpg: Fatal: can't disable core dumps: Operation not permitted
error: Bad exit status from /var/tmp/rpm-tmp.FYxOmt (%prep)
Here's the same step on x86_64:
Building for target x86_64
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.eDX1Cv
+ umask 022
+ cd /builddir/build/BUILD
++ mktemp -qd
+ gpghome=/tmp/tmp.ON2CbIaFXg
+ gpg2 --homedir /tmp/tmp.ON2CbIaFXg --dearmor --quiet --yes /builddir/build/SOURCES/gpgkey-junio.asc
+ xz -dc /builddir/build/SOURCES/git-2.24.1.tar.xz
+ gpgv2 --homedir /tmp/tmp.ON2CbIaFXg --quiet --keyring /builddir/build/SOURCES/gpgkey-junio.asc.gpg /builddir/build/SOURCES/git-2.24.1.tar.sign -
gpgv: Signature made Tue Dec 10 13:43:57 2019 UTC using RSA key ID 96AFE6CB
gpgv: Signature made Tue Dec 10 13:43:57 2019 UTC using RSA key ID 96AFE6CB
gpgv: Good signature from "Junio C Hamano <gitster@pobox.com>"
gpgv: Good signature from "Junio C Hamano <gitster@pobox.com>"
gpgv: aka "Junio C Hamano <junio@pobox.com>"
gpgv: aka "Junio C Hamano <junio@pobox.com>"
gpgv: aka "Junio C Hamano <jch@google.com>"
gpgv: aka "Junio C Hamano <jch@google.com>"
I'm curious what exactly is at fault here -- is there something in the
COPR build environment that causes this error, or is there something
that gnupg is not checking correctly?
-K
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
