Bug#972525: buildd: sbuild randomly fails to sign changes file despite valid signature keys

2020-10-21 Thread NIIBE Yutaka 
Hello,

IIUC, it is likely a bug of GnuPG.

When a server with higher load, it takes time for a process of gpg-agent
to start listen(2)ing the connection than the value of
SECS_TO_WAIT_FOR_AGENT.  It's five seconds, hard-coded.

Last year, I pushed a change to remove possible race condition around
the initial connect to gpg-agent.

I don't know if this patch fixes the particular problem of sbuild, but,
it should improve the situation, hopefully, much.

-- 

commit b1c56cf9e2bb51abfd47747128bd2a6285ed1623
Author: NIIBE Yutaka 
Date:   Wed Jul 24 15:15:32 2019 +0900

common: Use gnupg_spawn_process_fd to invoke gpg-agent/dirmngr.

* common/asshelp.c (start_new_gpg_agent): Call gnupg_spawn_process_fd
and gnupg_wait_process.
(start_new_dirmngr): Likewise.

--

With --daemon option, gpg-agent/dirmngr detaches by itself.

Signed-off-by: NIIBE Yutaka 

diff --git a/common/asshelp.c b/common/asshelp.c
index 5209ea6cf..600774330 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -492,8 +492,13 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
   if (!(err = lock_spawning (, gnupg_homedir (), "agent", verbose))
   && assuan_socket_connect (ctx, sockname, 0, 0))
 {
-  err = gnupg_spawn_process_detached (program? program : agent_program,
-  argv, NULL);
+  pid_t pid;
+
+  err = gnupg_spawn_process_fd (program? program : agent_program,
+argv, -1, -1, -1, );
+  if (!err)
+err = gnupg_wait_process (program? program : agent_program,
+  pid, 1, NULL);
   if (err)
 log_error ("failed to start agent '%s': %s\n",
agent_program, gpg_strerror (err));
@@ -627,7 +632,12 @@ start_new_dirmngr (assuan_context_t *r_ctx,
   if (!(err = lock_spawning (, gnupg_homedir (), "dirmngr", verbose))
   && assuan_socket_connect (ctx, sockname, 0, 0))
 {
-  err = gnupg_spawn_process_detached (dirmngr_program, argv, NULL);
+  pid_t pid;
+
+  err = gnupg_spawn_process_fd (dirmngr_program, argv,
+-1, -1, -1, );
+  if (!err)
+err = gnupg_wait_process (dirmngr_program, pid, 1, NULL);
   if (err)
 log_error ("failed to start the dirmngr '%s': %s\n",
dirmngr_program, gpg_strerror (err));

Bug#972525: buildd: sbuild randomly fails to sign changes file despite valid signature keys

2020-10-19 Thread John Paul Adrian Glaubitz 
Source: sbuild
Version: 0.80.0
Severity: normal
User: debian-sp...@lists.debian.org
Usertags: sparc64

Hi!

I'm observing random failures of sbuild signing the changes file after build
on some buildds, especially on sparc64 and most often on the machine sompek.

I'm not sure yet what the problem is but it looks like a GPG problem [1]:

gpg: can't connect to the agent: IPC connect call failed
gpg: keydb_search failed: No agent running
gpg: skipped "F1EA40F487003E5047A04D0A62D1430FE7E0DE86": No agent running
gpg: /tmp/debsign.oB0Milcr/rust-kstring_1.0.0-1_sparc64.changes: clear-sign 
failed: No agent running
debsign: gpg error occurred!  Aborting

I'm filing this issue here to get some attention and maybe some ideas where
the problem could be. Maybe sbuild should wait a little longer before attempting
to sign? Or maybe the GPG daemon is crashing often?

In case it's safe not to be an issue with buildd/sbuild, feel free to reassign.

Thanks,
Adrian

> [1] 
> https://buildd.debian.org/status/fetch.php?pkg=rust-kstring=sparc64=1.0.0-1=1603142545=0

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaub...@debian.org
`. `'   Freie Universitaet Berlin - glaub...@physik.fu-berlin.de
  `-GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913