Bug#834329: gpg key handling with sbuild 0.70 broken
Hi Marc, On So, 2016-08-14 at 16:07 +0200, Marc Haber wrote: > Source: mini-buildd > Version: 1.0.14 > Severity: normal (...) > I am not sure whether this is a bug in mini-buildd or in sbuild. > Hence, the "normal" severity. > > Building packages fails starting with the second build of an > installation when sbuild 0.70 is used. This is caused by the code > starting in line 1217 of /usr/share/perl5/Sbuild/ResolverBase.pm > where > gpg keys are imported into the sbuild keyring. This fails, because > the > key is already there, causing an "Failed to import public key" and an > aborted build. afaiu, 'sbuild-update --gen-key' was broken since GPG 2.1 became GPG; also 0.70 changed to ASCII keyrings in an attempt to fix breakage for builds in chroots with GPG being GPG 2.1 (>= stretch). Fortunately, the latter has been reverted in 0.71, and everything seems fine again. mini-buildd will now depend on that sbuild version to get stretch/sid builds going again, and also nothing needs to be changed in mini-buildd's "sbuild keys workaround" at this point. As mini-buildd must be supporting squeeze still for quite some time, just going w/o the sbuild keys is unfortunately not yet an option. Added as wishlist for 1.2.x though ;). Thx! S
Bug#834329: gpg key handling with sbuild 0.70 broken
Here is a comment from #834330 that might be helpful: Also, do you require signing of the internal dummy repository in the first place? If not, you can just delete /var/lib/sbuild/apt-keys and then sbuild will stop trying to sign the internal repository. Having it signed is only necessary for apt versions in squeeze or older. Since wheezy, apt supports the [trusted=yes] option in its sources.list. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#834329: gpg key handling with sbuild 0.70 broken
Source: mini-buildd Version: 1.0.14 Severity: normal Hi, I am not sure whether this is a bug in mini-buildd or in sbuild. Hence, the "normal" severity. Building packages fails starting with the second build of an installation when sbuild 0.70 is used. This is caused by the code starting in line 1217 of /usr/share/perl5/Sbuild/ResolverBase.pm where gpg keys are imported into the sbuild keyring. This fails, because the key is already there, causing an "Failed to import public key" and an aborted build. Either, mini-buildd tries to save the sbuild key ring for some reason and moves it in before invoking sbuild. In this case, this is a bug in mini-buildd. Or, sbuild saves its keyring and just tries to import the key a second time, which renders sbuild completely useless in this situation. If this is the case, the bug should be reassigned to sbuild. Greetings Marc
