Closed alucryd closed 1 year ago
@SynologyOpenSource this is kind of an issue for providing things like security updates, etc. Some folks are actually restricted (voluntary or otherwise) to DSM6.2.
I figure this may not actually be yours to control but do you have any sort of indication for a timeline to resolve this?
TIA
@SynologyOpenSource Hi, can you fix soon? We are still at 6.2.3 but can not use lastest Emby version
Please refer to this document to check for any missing steps: https://help.synology.com/developer-guide/toolkit/sign_package.html In DSM 6.2, it recognizes "secring.kbx", so please ensure that your version of GPG is compatible. You can check this link for more information: https://superuser.com/questions/1037401/pubring-gpg-and-secring-gpg-are-missing-after-key-generation
That particular GPG update happened a long time ago, our build environments haven't changed since 2020, we've had no secring.kbx
for 3 years and we've been able to build and sign DSM 6.2 packages just fine all this time:
[root@embybuilder build_env]# ls -lah ds.alpine-6.2/root/.gnupg/
total 32K
drwx------ 3 root root 4.0K May 31 22:02 .
drwxr-xr-x 4 root root 4.0K Mar 30 2020 ..
-rw------- 1 root root 7.6K Mar 30 2020 gpg.conf
drwx------ 2 root root 4.0K Mar 30 2020 private-keys-v1.d
-rw-r--r-- 1 root root 3.7K Mar 30 2020 pubring.kbx
-rw-r--r-- 1 root root 2.4K Mar 30 2020 pubring.kbx~
srwxr-xr-x 1 root root 0 May 31 20:15 S.gpg-agent
-rw------- 1 root root 1.2K Mar 30 2020 trustdb.gpg
The key is perfectly recognized:
[root@embybuilder ds.alpine-6.2]# chroot .
Mounting /proc ....[Done]
CHROOT@ds.alpine[/]# gpg -K
/root/.gnupg/pubring.kbx
------------------------
sec rsa4096/15F0080A 2020-03-23
uid [ unknown] Emby LLC <apps@emby.media>
ssb rsa4096/307CC03F 2020-03-23
Can you provide the output and return code (echo $?) for the following commands in build env:
php /pkgscripts-ng/CodeSign.php --sign=/image/packages/{pakcage_name}.spk
/usr/bin/gpg --yes --batch --homedir /root/.gnupg --list-secret-keys
There you go:
CHROOT@ds.evansport[/]# php /pkgscripts-ng/CodeSign.php --sign=emby-server-synology_4.7.10.0_x86_64.spk
curl_exec() failed.
Make token failed.
CHROOT@ds.evansport[/]# echo $?
1
CHROOT@ds.evansport[/]# /usr/bin/gpg --yes --batch --homedir /root/.gnupg --list-secret-keys
/root/.gnupg/pubring.kbx
------------------------
sec rsa4096/15F0080A 2020-03-23
uid [ultimate] Emby LLC <apps@emby.media>
ssb rsa4096/307CC03F 2020-03-23
CHROOT@ds.evansport[/]# echo $?
0
@SynologyOpenSource Have you had a chance to look into what might be going on here? As others have said, this is a pretty big issue re: security fixes, etc. (and DSM 6.2 isn't EOL yet, right?).
So...anything happening here?
Any update?
@SynologyOpenSource Is the answer here that people just need to be on 7.0+ now or...?
Finally got it working, manually setting the new timestamp server IP in each chroot's hosts file did the trick, we can once again build packages for DSM 6! Thanks for the help.
As of a few days ago, we are no longer able to build packages for DSM 6.2. Building for either 7.0 or 7.2 still works though.
It seems to fail at the signing step, has anything changed on your side?