search

SynologyOpenSource / pkgscripts-ng

Synology DSM6.0 package toolkit framework
162 stars 56 forks source link

6.2 packages no longer build #44

Closed alucryd closed 1 year ago

alucryd commented 1 year ago

As of a few days ago, we are no longer able to build packages for DSM 6.2. Building for either 7.0 or 7.2 still works though.

It seems to fail at the signing step, has anything changed on your side?

============================================================
                   Parse argument result                    
------------------------------------------------------------
env_section  : default
env_version  : None
dep_level    : 1
branch       : master
suffix       : 
collect      : True
update       : True
link         : True
build        : True
install      : True
only_install : False
sign         : True
build_opt    : 
install_opt  : 
print_log    : False
sdk_ver      : 6.0
package      : EmbyServer-4.8.0.36-604080036
Processing [6.2-25301]: alpine
============================================================
              Start to run "Traverse project"               
------------------------------------------------------------
[INFO] Branch projects: EmbyServer-4.8.0.36-604080036
[INFO] Tag projects: 
[INFO] Reference projects: 
[INFO] Reference tag projects: 
============================================================
                Start to run "Link Project"                 
------------------------------------------------------------
Link /home/embybuilder/Buildbot/synology/pkgscripts -> /home/embybuilder/Buildbot/synology/build_env/ds.alpine-6.2/pkgscripts
Link /home/embybuilder/Buildbot/synology/source/EmbyServer-4.8.0.36-604080036 -> /home/embybuilder/Buildbot/synology/build_env/ds.alpine-6.2/source/EmbyServer-4.8.0.36-604080036
============================================================
                Start to run "Build Package"                
------------------------------------------------------------
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
[alpine] set -o pipefail; env PackageName=EmbyServer-4.8.0.36-604080036 /pkgscripts-ng/SynoBuild --alpine -c --min-sdk 6.0 EmbyServer-4.8.0.36-604080036 2>&1 | tee logs.build
============================================================
               Start to run "Install Package"               
------------------------------------------------------------
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
[alpine] set -o pipefail; env PackageName=EmbyServer-4.8.0.36-604080036 /pkgscripts-ng/SynoInstall  --with-debug EmbyServer-4.8.0.36-604080036 2>&1 | tee logs.install
============================================================
               Start to run "Install Package"               
------------------------------------------------------------
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
[alpine] set -o pipefail; env PackageName=EmbyServer-4.8.0.36-604080036 /pkgscripts-ng/SynoInstall  EmbyServer-4.8.0.36-604080036 2>&1 | tee logs.install
============================================================
             Start to run "Generate code sign"              
------------------------------------------------------------
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
curl_exec() failed.
Make token failed.
sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
[alpine] Sign package:  php /pkgscripts-ng/CodeSign.php --sign=/image/packages/EmbyServer-alpine-4.8.0.36-604080036_debug.spk
Traceback (most recent call last):
  File "/home/embybuilder/Buildbot/synology/pkgscripts/PkgCreate.py", line 279, in _code_sign
    check_call(cmd, shell=True, executable="/bin/bash")
  File "/usr/lib/python3.10/subprocess.py", line 369, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command ' php /pkgscripts-ng/CodeSign.php --sign=/image/packages/EmbyServer-alpine-4.8.0.36-604080036_debug.spk' returned non-zero exit status 1.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/home/embybuilder/Buildbot/synology/pkgscripts/include/python/parallel.py", line 12, in __call__
    result = self.__callable(*args, **kwargs)
  File "/home/embybuilder/Buildbot/synology/pkgscripts/PkgCreate.py", line 281, in _code_sign
    raise SignPackageError('Failed to create signature: ' + spk)
SignPackageError: Failed to create signature: /home/embybuilder/Buildbot/synology/build_env/ds.alpine-6.2/image/packages/EmbyServer-alpine-4.8.0.36-604080036_debug.spk
SignPackageError:
Failed to create signature: /home/embybuilder/Buildbot/synology/build_env/ds.alpine-6.2/image/packages/EmbyServer-alpine-4.8.0.36-604080036_debug.spk
[ERROR] /home/embybuilder/Buildbot/synology/pkgscripts/PkgCreate.py -p alpine -c EmbyServer-4.8.0.36-604080036 failed!
lns-ross commented 1 year ago

@SynologyOpenSource this is kind of an issue for providing things like security updates, etc. Some folks are actually restricted (voluntary or otherwise) to DSM6.2.

I figure this may not actually be yours to control but do you have any sort of indication for a timeline to resolve this?

TIA

MrSaiDing commented 1 year ago

@SynologyOpenSource Hi, can you fix soon? We are still at 6.2.3 but can not use lastest Emby version

SynologyOpenSource commented 1 year ago

Please refer to this document to check for any missing steps: https://help.synology.com/developer-guide/toolkit/sign_package.html In DSM 6.2, it recognizes "secring.kbx", so please ensure that your version of GPG is compatible. You can check this link for more information: https://superuser.com/questions/1037401/pubring-gpg-and-secring-gpg-are-missing-after-key-generation

alucryd commented 1 year ago

That particular GPG update happened a long time ago, our build environments haven't changed since 2020, we've had no secring.kbx for 3 years and we've been able to build and sign DSM 6.2 packages just fine all this time:

[root@embybuilder build_env]# ls -lah ds.alpine-6.2/root/.gnupg/
total 32K
drwx------ 3 root root 4.0K May 31 22:02 .
drwxr-xr-x 4 root root 4.0K Mar 30  2020 ..
-rw------- 1 root root 7.6K Mar 30  2020 gpg.conf
drwx------ 2 root root 4.0K Mar 30  2020 private-keys-v1.d
-rw-r--r-- 1 root root 3.7K Mar 30  2020 pubring.kbx
-rw-r--r-- 1 root root 2.4K Mar 30  2020 pubring.kbx~
srwxr-xr-x 1 root root    0 May 31 20:15 S.gpg-agent
-rw------- 1 root root 1.2K Mar 30  2020 trustdb.gpg

The key is perfectly recognized:

[root@embybuilder ds.alpine-6.2]# chroot .
Mounting /proc ....[Done]
CHROOT@ds.alpine[/]# gpg -K
/root/.gnupg/pubring.kbx
------------------------
sec   rsa4096/15F0080A 2020-03-23
uid       [ unknown] Emby LLC <apps@emby.media>
ssb   rsa4096/307CC03F 2020-03-23
SynologyOpenSource commented 1 year ago

Can you provide the output and return code (echo $?) for the following commands in build env:

  1. php /pkgscripts-ng/CodeSign.php --sign=/image/packages/{pakcage_name}.spk
  2. /usr/bin/gpg --yes --batch --homedir /root/.gnupg --list-secret-keys
alucryd commented 1 year ago

There you go:

CHROOT@ds.evansport[/]# php /pkgscripts-ng/CodeSign.php --sign=emby-server-synology_4.7.10.0_x86_64.spk 
curl_exec() failed.
Make token failed.
CHROOT@ds.evansport[/]# echo $?
1
CHROOT@ds.evansport[/]# /usr/bin/gpg --yes --batch --homedir /root/.gnupg --list-secret-keys
/root/.gnupg/pubring.kbx
------------------------
sec   rsa4096/15F0080A 2020-03-23
uid       [ultimate] Emby LLC <apps@emby.media>
ssb   rsa4096/307CC03F 2020-03-23

CHROOT@ds.evansport[/]# echo $?
0
andyj682 commented 1 year ago

@SynologyOpenSource Have you had a chance to look into what might be going on here? As others have said, this is a pretty big issue re: security fixes, etc. (and DSM 6.2 isn't EOL yet, right?).

koberulz commented 1 year ago

So...anything happening here?

EkkoG commented 1 year ago

Any update?

andyj682 commented 1 year ago

@SynologyOpenSource Is the answer here that people just need to be on 7.0+ now or...?

alucryd commented 1 year ago

Finally got it working, manually setting the new timestamp server IP in each chroot's hosts file did the trick, we can once again build packages for DSM 6! Thanks for the help.