[elbe-devel] [PATCH v2 1/1] repomanager: add fallback, when reprepro fails to add dsc

Holger Dengler dengler at linutronix.de
Wed Nov 28 16:34:27 CET 2018 

There is a typo in the comment (see below). Can you also log an additional warning- or info-message? Something like "Unable to verify package %s (unsupported signature algo)"?

On 11/28/18 4:10 PM, Torben Hohn wrote:
> When a dsc is inserted into a repository the signature is verified.
> The recently added gnupg2_2.1.18-8~deb9u3.dsc has a signature made
> with EdDSA instead of RSA. This Algorithm is not supported by the
> gnupg version used in jessie. This yields an error.
> 
> running cmd +reprepro --keepunreferencedfiles --export=never --basedir "/var/cache/elbe/7591259d-7f60-4318-867f-12cd4a6d164f/srcrepo" -C main -P normal -S misc includedsc stretch /var/cache/elbe/7591259d-7f60-4318-867f-12cd4a6d164f/chroot/var/cache/elbe/sources/gnupg2_2.1.18-8~deb9u3.dsc+
> ------------------------------------------------------------------------------
> gpgme returned an general error verifing signature with '6C1F1EDECC50FA53' in '/var/cache/elbe/7591259d-7f60-4318-867f-12cd4a6d164f/chroot/var/cache/elbe/sources/gnupg2_2.1.18-8~deb9u3.dsc'!
> Try running gpg --verify '/var/cache/elbe/7591259d-7f60-4318-867f-12cd4a6d164f/chroot/var/cache/elbe/sources/gnupg2_2.1.18-8~deb9u3.dsc' manually for hints what is happening.
> If this does not print any errors, retry the command causing this message.
> There have been errors!
> ------------------------------------------------------------------------------
> 
> Command failed with errorcode 251
> Build failed
> Traceback (most recent call last):
>   File "/var/cache/elbe/devel/elbepack/asyncworker.py", line 158, in execute
>     skip_pbuild=self.skip_pbuilder)
>   File "/var/cache/elbe/devel/elbepack/elbeproject.py", line 572, in build
>     self.build_cdroms(build_bin, build_sources, cdrom_size)
>   File "/var/cache/elbe/devel/elbepack/elbeproject.py", line 406, in build_cdroms
>     xml=self.xml)
>   File "/var/cache/elbe/devel/elbepack/cdroms.py", line 72, in mk_source_cdrom
>     repo.includedsc(dsc, force=True)
>   File "/var/cache/elbe/devel/elbepack/repomanager.py", line 282, in includedsc
>     self._includedsc(path, self.repo_attr.codename, component)
>   File "/var/cache/elbe/devel/elbepack/repomanager.py", line 269, in _includedsc
>     path)
>   File "/var/cache/elbe/devel/elbepack/asciidoclog.py", line 62, in do
>     raise CommandError(cmd, ret)
> CommandError
> 
> This error results in a failure to build src-cdrom.iso.
> 
> Add fallback code, that at least copies the dsc file onto the cdrom.
> Note that we check for the returncode 251 which is RET_ERROR_GPGME
> in reprepro source.
> 
> This patch needs to be dropped again, once the initvm is upgraded
> to stretch (or buster).
> 
> Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>

Acked-by: Holger Dengler <dengler at linutronix.de>

> ---
>  elbepack/repomanager.py | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/elbepack/repomanager.py b/elbepack/repomanager.py
> index 635d23a7..e061c2e0 100644
> --- a/elbepack/repomanager.py
> +++ b/elbepack/repomanager.py
> @@ -224,7 +224,17 @@ class RepoBase(object):
>          try:
>              self._includedsc (path, self.repo_attr.codename, component)
>          except CommandError as ce:
> -            if force:
> +            if ce.returncode == 251:
> +                # 251 is -5 (RET_ERROR_GPGME in reprepro source)
> +                #
> +                # gnupg2_2.1.18-8~deb9u3.dsc is signed using EdDSA
> +                # jessies gpg version does not support this.
> +                # expect more packages signed with EdDSA soon.
> +                #
> +                # copy the dsc onto the into the cdrom root,

typo: "copy the dsc into the cdrom root,..."

> +                # when reprepro fails to insert it.
> +                self.log.do('cp -av "%s" "%s"' % (path, self.fs.path))
> +            elif force:
>                  # Including dsc did not work.
>                  # Maybe we have the same Version with a
>                  # different md5 already.
> 

-- 
Gruß,
Holger Dengler
--
phone: +49 7556 25 999 14; fax: +49 7556 25 999 99

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linutronix.de/pipermail/elbe-devel/attachments/20181128/d794c331/attachment-0001.sig>

More information about the elbe-devel mailing list