On Mon, Nov 16, 2015 at 12:50:55PM -0500, Daniel Kahn Gillmor wrote:
> hey folks--
> I find that git-buildpackage seems to clear the environment in some
> cases where dpkg-buildpackage does not.
> This results in a problem for some workflows that include the use of
> GnuPG when a gpg-agent is running with a different environment than the
> build process.
> the spot where i've noticed it is:
> * have a gpg-agent set up with no DBUS_SESSION_BUS_ADDRESS environment
> variable of its own
> * use pinentry-gnome3 as the default pinentry
> * build a package with "gbp buildpackage"
> * have gnupg2 2.1.x instealled
I'm sorry for being ignorant here but how exactly does this work? gpg
looks for a running agent to see if the key is already unlocked, if not
gpg-agent calls out for the pinentry, which then needs a D-Bus session
bus? Which environment variables are needed for that?
> When it comes to the step to sign the .dsc and .changes files, i get a
> signature failure with no prompts.
This is during the "normal" build process? What builder are you using,
gbp config buildpackage.builder
gbp config buildpackage.pbuilder
show? I assume s.th. like:
$ gbp config buildpackage.builder
$ gbp config buildpackage.pbuilder
If so, can you try to set the builder to a command that just dumps the
environment into a file like:
gbp buildpackage --git-builder='printenv > /tmp/foo' --git-no-pbuilder
and check if it has all the needed environment variables? If I do this I
do find DBUS_SESSION_BUS_ADDRESS in there as well as several gpg related
ones (like GPG_AGENT_INFO) and looking at the code we don't clear the
env, we either extend it or leave it untouched (by passing None).
So are we sure it's environment variable related or maybe something else?
Another possibility would be to use
strace -f -o /tmp/bla.log -s2048 dpkg-buildpackage
as builder so we can maybe figure what's going wrong (i.e. if it's not
possible to open the dbus socket)?
> If i use "dpkg-buildpackage" instead, i get a gnome3-based pinentry
> prompt and the files get signed.
> And if i kill the gpg-agent and restart it with the same socket and a
> default dbus environment variable that works with the current session
>  then even "gpb buildpackage" will work and have signing happen.
> So this makes me think that gpb is stripping the environment before
> invoking gpg, but i havne't been able to track it down.
> any pointers?
See above though I'm not sure this is really helping.
git-buildpackage mailing list