Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arch Linux failing while importing keys (due to use of GnuPG 2.0.22?) #82

Open
merginator opened this issue Jan 4, 2020 · 3 comments
Open

Arch Linux failing while importing keys (due to use of GnuPG 2.0.22?) #82

merginator opened this issue Jan 4, 2020 · 3 comments
Labels
Arch

Comments

@merginator
Copy link

I'm getting the following output when trying to bootstrap arch linux. I'm on the latest rev of image-bootstrap and a recently updated CentOS host:

# git rev-parse HEAD
ef959787f77fb248b3a428f3ad2597b2e7b5760e
# cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
# gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
# ./image-bootstrap --verbose --debug --scripts-chroot chroot_scripts/ --hostname testvm arch /dev/centos_host/testvol
     _                          __             __      __
    (_)_ _  ___ ____ ____  ___ / /  ___  ___  / /____ / /________ ____
   / /  ' \/ _ `/ _ `/ -_)/__// _ \/ _ \/ _ \/ __(_-</ __/ __/ _ `/ _ \
  /_/_/_/_/\_,_/\_, /\__/    /_.__/\___/\___/\__/___/\__/_/  \_,_/ .__/
               /___/                    v0.9.2.1 :: 2017-01-10  /_/

Software libre licensed under AGPL v3 or later.
Brought to you by Sebastian Pipping <[email protected]>.
Please report bugs at https://github.com/hartwork/image-bootstrap.  Thank you!

Selected approach "chroot-grub2-drive" for bootloader installation.
Checking for blkid... /sbin/blkid
Checking for blockdev... /sbin/blockdev
Checking for chmod... /bin/chmod
Checking for chroot... /sbin/chroot
Checking for cp... /bin/cp
Checking for find... /bin/find
Checking for gpg... /bin/gpg
Checking for kpartx... /sbin/kpartx
Checking for mkdir... /bin/mkdir
Checking for mkfs.ext4... /sbin/mkfs.ext4
Checking for mount... /bin/mount
Checking for parted... /sbin/parted
Checking for partprobe... /sbin/partprobe
Checking for rm... /bin/rm
Checking for rmdir... /bin/rmdir
Checking for sed... /bin/sed
Checking for tar... /bin/tar
Checking for tune2fs... /sbin/tune2fs
Checking for umount... /bin/umount
Checking for wget... /bin/wget

Checking for known unsupported architecture/machine combination...
Checking if "/dev/centos_host/testvol" is a block device...
Checking chroot scripts directory permissions...
Checking chroot scripts for executability...

Unsharing Linux namespaces (mount, UTS/hostname)...
Checking size of "/dev/centos_host/testvol"...
# blockdev --getsize64 /dev/centos_host/testvol
Partitioning "/dev/centos_host/testvol"...
# parted --script /dev/centos_host/testvol mklabel msdos
# partprobe /dev/centos_host/testvol
# parted --script --align optimal /dev/centos_host/testvol mkpart primary ext4 1 100%
# parted --script /dev/centos_host/testvol set 1 boot on
Activating partition devices...
# kpartx -l /dev/centos_host/testvol
# kpartx -u /dev/centos_host/testvol
Creating file system on "/dev/mapper/centos_host-testvol1"...
# mkfs.ext4 -F /dev/mapper/centos_host-testvol1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
1310720 inodes, 5242624 blocks
262131 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2153775104
160 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
	4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

# blkid -o value -s UUID /dev/mapper/centos_host-testvol1
Creating directory "/mnt/tmp1xZWZj"...
Mounting partitions...
# mount /dev/mapper/centos_host-testvol1 /mnt/tmp1xZWZj
Creating directory "/mnt/tmp1xZWZj/etc"...
Writing file "/mnt/tmp1xZWZj/etc/hostname"...
Writing file "/mnt/tmp1xZWZj/etc/resolv.conf" (based on file "/etc/resolv.conf")...
Bootstrapping Arch into "/mnt/tmp1xZWZj"...
Checking access to "/var/cache/directory-bootstrap"...
Checking access to "/mnt/tmp1xZWZj"...
Downloading image listing...
Downloading keyring listing...
Downloading "https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz.sig"...
# wget -O/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz.sig https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz.sig
--2020-01-03 17:05:26--  https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz.sig
Resolving sources.archlinux.org (sources.archlinux.org)... 88.198.91.70, 2a01:4f8:160:6087::1
Connecting to sources.archlinux.org (sources.archlinux.org)|88.198.91.70|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 566 [application/pgp-signature]
Saving to: ‘/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz.sig’

100%[======================================================================================================================================================================================================================================>] 566         --.-K/s   in 0s

2020-01-03 17:05:26 (64.8 MB/s) - ‘/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz.sig’ saved [566/566]

Downloading "https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz"...
# wget -O/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz
--2020-01-03 17:05:26--  https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz
Resolving sources.archlinux.org (sources.archlinux.org)... 88.198.91.70, 2a01:4f8:160:6087::1
Connecting to sources.archlinux.org (sources.archlinux.org)|88.198.91.70|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 963887 (941K) [application/gzip]
Saving to: ‘/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz’

100%[======================================================================================================================================================================================================================================>] 963,887     1015KB/s   in 0.9s

2020-01-03 17:05:28 (1015 KB/s) - ‘/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz’ saved [963887/963887]

Initializing temporary GnuPG home at "/tmp/tmpNzUpD1/gpg_home"...
Downloading "https://raw.githubusercontent.com/gpg/gnupg/master/dirmngr/sks-keyservers.netCA.pem"...
# wget -O/tmp/tmpNzUpD1/gpg_home/sks-keyservers.netCA.pem https://raw.githubusercontent.com/gpg/gnupg/master/dirmngr/sks-keyservers.netCA.pem
--2020-01-03 17:05:28--  https://raw.githubusercontent.com/gpg/gnupg/master/dirmngr/sks-keyservers.netCA.pem
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1984 (1.9K) [text/plain]
Saving to: ‘/tmp/tmpNzUpD1/gpg_home/sks-keyservers.netCA.pem’

100%[======================================================================================================================================================================================================================================>] 1,984       --.-K/s   in 0s

2020-01-03 17:05:28 (15.5 MB/s) - ‘/tmp/tmpNzUpD1/gpg_home/sks-keyservers.netCA.pem’ saved [1984/1984]

Importing GPG keys whitelisted to sign archlinux-keyring...
Keys found allowed to sign archlinux-keyring tarball:
  - Bartlomiej Piotrowski <[email protected]> (F3691687D867B81B51CE07D9BBE43771487328A9)
  - Christian Hesse <[email protected]> (BD84DE71F493DF6814B0167254EDC91609BC9183)
  - Evangelos Foutras <[email protected]> (86CFFCA918CF3AF47147588051E8B148A9999C34)
  - Florian Pritz <[email protected]> (CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E)
  - Jelle van der Waa <[email protected]> (E499C79F53C96A54E572FEE1C06086337C50773E)
  - Pierre Schmitz <[email protected]> (4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC)
  - Thomas Bächler <[email protected]> (A314827C4E4250A204CE6E13284FC34C8E4B1A25)
Importing GPG keys from the internet...
Importing GPG keys from disk...
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/86CFFCA918CF3AF47147588051E8B148A9999C34.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/86CFFCA918CF3AF47147588051E8B148A9999C34.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/F3691687D867B81B51CE07D9BBE43771487328A9.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/F3691687D867B81B51CE07D9BBE43771487328A9.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/A314827C4E4250A204CE6E13284FC34C8E4B1A25.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/A314827C4E4250A204CE6E13284FC34C8E4B1A25.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/BD84DE71F493DF6814B0167254EDC91609BC9183.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/BD84DE71F493DF6814B0167254EDC91609BC9183.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/E499C79F53C96A54E572FEE1C06086337C50773E.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/E499C79F53C96A54E572FEE1C06086337C50773E.asc
Verifying integrity of file "/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --verify /var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz.sig /var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz
gpg: Signature made Thu 19 Dec 2019 08:01:43 AM PST
gpg:                using RSA key 0x54EDC91609BC9183
gpg: Good signature from "Christian Hesse <[email protected]>"
gpg:                 aka "Christian Hesse <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: BD84 DE71 F493 DF68 14B0  1672 54ED C916 09BC 9183
Importing GPG key from file "/tmp/tmpNzUpD1/archlinux-keyring-20191219/archlinux.gpg"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /tmp/tmpNzUpD1/archlinux-keyring-20191219/archlinux.gpg
gpg: key 0xA06B49470F8E620A: no valid user IDs
gpg: key 0x6BC26A17B9B7018A: no valid user IDs
gpg: key 0xEEEEE2EEEE2EEEEE: no valid user IDs
gpg: key 0x7258734B41C31549: no valid user IDs
Cleaning up "/tmp/tmpNzUpD1"...
Unmounting partitions...
# umount /mnt/tmp1xZWZj
Removing directory "/mnt/tmp1xZWZj"...
Deactivating partition devices...
# kpartx -d /dev/centos_host/testvol
Traceback (most recent call last):
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/shared/output_control.py", line 40, in run_handle_errors
    main_function(messenger, options)
  File "/root/libvirt_stuff/image-bootstrap/image_bootstrap/__main__.py", line 97, in _main__level_three
    bootstrap.run()
  File "/root/libvirt_stuff/image-bootstrap/image_bootstrap/engine.py", line 929, in run
    self.run_directory_bootstrap()
  File "/root/libvirt_stuff/image-bootstrap/image_bootstrap/engine.py", line 422, in run_directory_bootstrap
    self._config.bootloader_approach,
  File "/root/libvirt_stuff/image-bootstrap/image_bootstrap/distros/arch.py", line 76, in run_directory_bootstrap
    bootstrap.run()
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/distros/arch.py", line 284, in run
    self._import_gpg_keyring(abs_temp_dir, abs_gpg_home_dir, package_filename, package_yyyymmdd)
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/distros/arch.py", line 99, in _import_gpg_keyring
    self._import_gpg_key_file(abs_gpg_home_dir, abs_archlinux_gpg_path)
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/distros/base.py", line 197, in _import_gpg_key_file
    self._executor.check_call(cmd)
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/shared/executor.py", line 116, in check_call
    cwd=cwd,
  File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call
    raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '['unshare', '--fork', '--pid', 'gpg', '--home', '/tmp/tmpNzUpD1/gpg_home', '--keyid-format', '0xlong', '--batch', '--quiet', '--import', '/tmp/tmpNzUpD1/archlinux-keyring-20191219/archlinux.gpg']' returned non-zero exit status 2
Error: Command "unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /tmp/tmpNzUpD1/archlinux-keyring-20191219/archlinux.gpg" returned non-zero exit status 2
If this looks like a bug to you, please file a report at https://github.com/hartwork/image-bootstrap.  Thank you!```
@hartwork
Copy link
Owner

hartwork commented Jan 4, 2020

Hi Dan,

I cannot reproduce the issue with GnuPG 2.2.19 on another distro so it might be a GnuPG problem.

I would ask if using another build host is an option to you but bug #64 will hit you after. I have pinned that bug just now to make it easier to see. It's unfortunate that Arch OpenStack images cannot be built right now but please note that Arch is a moving target so having Arch support work every day of the year would be a full time job...

@merginator
Copy link
Author

I was able to test with CentOS 8, which comes with GnuPG version 2.2.9 and everything worked. I didn't run into issue #64 as it seems to be tied to the openstack flag, which I am not using. I'm not sure what minimum GnuPG version is needed, but maybe a version check is in order once someone's able to narrow it down.

@hartwork
Copy link
Owner

hartwork commented Jan 7, 2020

Make sense! Thanks for the update!

@hartwork hartwork removed the OpenStack label Jan 9, 2020
@hartwork hartwork changed the title Arch Linux failing while importing keys Arch Linux failing while importing keys (due to use of GnuPG 2.0.22?) Feb 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Arch
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hartwork @merginator