search

dd010101 / vyos-jenkins

Instructions on how to build your own vyos package mirror for stable branches (1.3 equuleus/1.4 sagitta) with Jenkins (for ISO build)
53 stars 15 forks source link

Empty APT repository - no Release / InRelease file, no .deb packages in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories #21

Closed ashimov closed 1 month ago

ashimov commented 1 month ago

I did all steps in guide but have problem that my repo is clean

image

What i do wrong?

dd010101 commented 1 month ago

Did you resolve the issue? Is it something we should address in the instructions?

Neboer commented 1 month ago

+1 same issue here, after the build, there is no InRelease Release and Release.gpg under /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/sagitta/dists/sagitta/. A few days ago I've built the package and it is just fine, the files are there, but they are missing when I trying to build vyos-jenkins on a new machine today on another server.

Neboer commented 1 month ago

I just don't know in what process the folder /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/ was created and becoming an apt repo. Could you please explain it for me?

dd010101 commented 1 month ago

The basic flow is following:

1) Jenkins launches build run. 2) The build run pulls vyos-build docker container. 3) The build run fetches source code for given package. 4) The build run launches vyos-build docker container and gives ti command to build the source code inside the container. 5) The vyos-build docker container does the build and returns to the build run. 6) The build run collects packages that the vyos-build docker container did produce and stores them in Jenkins in the given build run as Artifacts. 7) The build run then calls reprepro commands via uncron - this pushes given .deb artifacts to the /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/

What could be wrong?

1) Jenkins doesn't run the build runs. Do you see any runs? See Something is wrong to identify those. 2) The build runs fail. Check the Console Output as described in Something is wrong. 3) The reprepro commands via uncron fail. Do you see Artifacts in the build run? What does the uncron log says? For uncron log see Something is wrong.

If you aren't sure then please report those mentioned logs from Something is wrong so I can see what is the issue.

Neboer commented 1 month ago

Thank you for your fast reply. Jenkins builds are all successful except [wide-dhcpv6 » equuleus] gave an error, which I will mention in another issue later. Or you can get the log here .

I've follow your guide and see there is something wrong in unicron. here is the log file.

dd010101 commented 1 month ago

The reason there are no .deb files is that every reprepro call fails with gpgme gave error Pinentry:32870: Inappropriate ioctl for device. The reprepro needs to sign every package that's added by your singing key - this is done via the gpg package.

Are you sure that your gpg singing key doesn't have passphrase?

What happens if your run sudo -u jenkins bash -c "echo test | gpg -v -as -" as root. Does it give you output with -----BEGIN PGP MESSAGE----- or does it fail or does it ask for passphrase? It should just return the -----BEGIN PGP MESSAGE-----...

Neboer commented 1 month ago

The output is

root@UntilJenkins2:~# sudo -u jenkins bash -c "echo test | gpg --local-user vyos -as -"
gpg: skipped "vyos": No secret key
gpg: signing failed: No secret key
dd010101 commented 1 month ago

Maybe your key is named differently. Try without the name sudo -u jenkins bash -c "echo test | gpg -v -as -"

Neboer commented 1 month ago 
jenkins@UntilJenkins2:/home/neboer$ echo test | gpg -as -
gpg: signing failed: Inappropriate ioctl for device
-----BEGIN PGP MESSAGE-----

gpg: signing failed: Inappropriate ioctl for device
Neboer commented 1 month ago

I'm in a virtual machine running debian bookworm under ArchLinux using QEMU with virt-manager.

dd010101 commented 1 month ago

This seem like generic gpg challenge. People say running export GPG_TTY=$(tty) in your shell before your run the gpg command fixes this issue, does it help you too? For me it just works. I'm also on Debian Bookworm.

What does sudo -u jenkins gpg --list-keys do, does it report your key?

Neboer commented 1 month ago 
jenkins@UntilJenkins2:/home/neboer$ export GPG_TTY=$(tty)
jenkins@UntilJenkins2:/home/neboer$ echo test | gpg -as -
gpg: signing failed: Permission denied
-----BEGIN PGP MESSAGE-----

gpg: signing failed: Permission denied
jenkins@UntilJenkins2:/home/neboer$ echo test | gpg -v -as -
gpg: using pgp trust model
gpg: key CC78990F9366550C: accepted as trusted key
gpg: writing to stdout
gpg: pinentry launched (2437343 curses 1.2.1 /dev/pts/1 xterm-256color - 20620/0/5 1006/1006 -)
gpg: signing failed: Permission denied
-----BEGIN PGP MESSAGE-----

gpg: signing failed: Permission denied

It seems that gpg is trying to write to something into /dev/pts/1 but failed with permission denied. After some digging on this, I strace it and here is the log.

Emmm, maybe it is asking for password input but due to lack of permission to write the pts for unknown reason, it cannot write to the terminal for "please input password" things so it just failed.

Can I just delete the password of my jenkins default gpg key or something similar? How to do this or something elase cause this?

dd010101 commented 1 month ago

The pinentry launched is for passphrase so your key has one and can't have one. So indeed the setup of the key is the problem.

Normal output looks like this:

jenkins@vyos-build~$ echo test | gpg -v -as -
gpg: using pgp trust model
gpg: writing to stdout
gpg: RSA/SHA512 signature from: "DCCD96EF6D37064B  (vyos)"
-----BEGIN PGP MESSAGE-----

You can remove passphrase.

You can as well just delete the key gpg --yes --delete-secret-and-public-key <NAME-OR-ID> (use gpg --list-keys to find name or ID) and generate new one by the instructions, then you need to update and replace the key ID in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/equuleus/conf/distributions and /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/sagitta/conf/distributions with the new one.

Then you need to rebuild everything again, start with single small package like dropbear first, after you see .deb in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/ then rebuild everything.

Neboer commented 1 month ago

Okey it seems that I wrongly generate a gpg key with password... So stupid am I! Thank you for helping me with this.

dd010101 commented 1 month ago

I did add more suggestive note about the passphrase, now it should be impossible to be missed. The gpg nudges you to set the passphrase but you can't give in!

Perhaps this was also the issue for @ashimov as well. This explains why would you see successful builds in Jenkins and nothing in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories since the reprepro fails in background later. Such behavior requires the reprepro to fail in some way and gpg is the most likely cause.

Let me know if this indeed fixes your "no .deb in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories" issue.

Neboer commented 1 month ago

It works! Thank you!

Neboer commented 1 month ago

Please update the title to a more meaningful one so that other people can take it as a reference if they have wrongly set the password like me 🤣

Neboer commented 1 month ago

It works! Everything works fine and I have just built the release iso. THAT IS AMAZING!

ashimov commented 1 month ago

Did you resolve the issue? Is it something we should address in the instructions?

Hi!Resolved issue,just wait for build all packages