Closed ashimov closed 1 month ago
Did you resolve the issue? Is it something we should address in the instructions?
+1 same issue here, after the build, there is no InRelease
Release
and Release.gpg
under /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/sagitta/dists/sagitta/
.
A few days ago I've built the package and it is just fine, the files are there, but they are missing when I trying to build vyos-jenkins on a new machine today on another server.
I just don't know in what process the folder /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/ was created and becoming an apt repo. Could you please explain it for me?
The basic flow is following:
1) Jenkins launches build run.
2) The build run pulls vyos-build docker container.
3) The build run fetches source code for given package.
4) The build run launches vyos-build docker container and gives ti command to build the source code inside the container.
5) The vyos-build docker container does the build and returns to the build run.
6) The build run collects packages that the vyos-build docker container did produce and stores them in Jenkins in the given build run as Artifacts.
7) The build run then calls reprepro commands via uncron - this pushes given .deb artifacts to the /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/
What could be wrong?
1) Jenkins doesn't run the build runs. Do you see any runs? See Something is wrong to identify those. 2) The build runs fail. Check the Console Output as described in Something is wrong. 3) The reprepro commands via uncron fail. Do you see Artifacts in the build run? What does the uncron log says? For uncron log see Something is wrong.
If you aren't sure then please report those mentioned logs from Something is wrong so I can see what is the issue.
The reason there are no .deb files is that every reprepro call fails with gpgme gave error Pinentry:32870: Inappropriate ioctl for device
. The reprepro needs to sign every package that's added by your singing key - this is done via the gpg
package.
Are you sure that your gpg singing key doesn't have passphrase?
What happens if your run sudo -u jenkins bash -c "echo test | gpg -v -as -"
as root. Does it give you output with -----BEGIN PGP MESSAGE-----
or does it fail or does it ask for passphrase? It should just return the -----BEGIN PGP MESSAGE-----
...
The output is
root@UntilJenkins2:~# sudo -u jenkins bash -c "echo test | gpg --local-user vyos -as -"
gpg: skipped "vyos": No secret key
gpg: signing failed: No secret key
Maybe your key is named differently. Try without the name sudo -u jenkins bash -c "echo test | gpg -v -as -"
jenkins@UntilJenkins2:/home/neboer$ echo test | gpg -as -
gpg: signing failed: Inappropriate ioctl for device
-----BEGIN PGP MESSAGE-----
gpg: signing failed: Inappropriate ioctl for device
I'm in a virtual machine running debian bookworm under ArchLinux using QEMU with virt-manager.
This seem like generic gpg
challenge. People say running export GPG_TTY=$(tty)
in your shell before your run the gpg command fixes this issue, does it help you too? For me it just works. I'm also on Debian Bookworm.
What does sudo -u jenkins gpg --list-keys
do, does it report your key?
jenkins@UntilJenkins2:/home/neboer$ export GPG_TTY=$(tty)
jenkins@UntilJenkins2:/home/neboer$ echo test | gpg -as -
gpg: signing failed: Permission denied
-----BEGIN PGP MESSAGE-----
gpg: signing failed: Permission denied
jenkins@UntilJenkins2:/home/neboer$ echo test | gpg -v -as -
gpg: using pgp trust model
gpg: key CC78990F9366550C: accepted as trusted key
gpg: writing to stdout
gpg: pinentry launched (2437343 curses 1.2.1 /dev/pts/1 xterm-256color - 20620/0/5 1006/1006 -)
gpg: signing failed: Permission denied
-----BEGIN PGP MESSAGE-----
gpg: signing failed: Permission denied
It seems that gpg
is trying to write to something into /dev/pts/1 but failed with permission denied.
After some digging on this, I strace it and here is the log.
Emmm, maybe it is asking for password input but due to lack of permission to write the pts for unknown reason, it cannot write to the terminal for "please input password" things so it just failed.
Can I just delete the password of my jenkins default gpg key or something similar? How to do this or something elase cause this?
The pinentry launched
is for passphrase so your key has one and can't have one. So indeed the setup of the key is the problem.
Normal output looks like this:
jenkins@vyos-build~$ echo test | gpg -v -as -
gpg: using pgp trust model
gpg: writing to stdout
gpg: RSA/SHA512 signature from: "DCCD96EF6D37064B (vyos)"
-----BEGIN PGP MESSAGE-----
You can remove passphrase.
You can as well just delete the key gpg --yes --delete-secret-and-public-key <NAME-OR-ID>
(use gpg --list-keys
to find name or ID) and generate new one by the instructions, then you need to update and replace the key ID in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/equuleus/conf/distributions
and /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/sagitta/conf/distributions
with the new one.
Then you need to rebuild everything again, start with single small package like dropbear first, after you see .deb in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories/
then rebuild everything.
Okey it seems that I wrongly generate a gpg key with password... So stupid am I! Thank you for helping me with this.
I did add more suggestive note about the passphrase, now it should be impossible to be missed. The gpg nudges you to set the passphrase but you can't give in!
Perhaps this was also the issue for @ashimov as well. This explains why would you see successful builds in Jenkins and nothing in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories
since the reprepro fails in background later. Such behavior requires the reprepro to fail in some way and gpg is the most likely cause.
Let me know if this indeed fixes your "no .deb in /home/sentrium/web/dev.packages.vyos.net/public_html/repositories
" issue.
It works! Thank you!
Please update the title to a more meaningful one so that other people can take it as a reference if they have wrongly set the password like me 🤣
It works! Everything works fine and I have just built the release iso. THAT IS AMAZING!
Did you resolve the issue? Is it something we should address in the instructions?
Hi!Resolved issue,just wait for build all packages
I did all steps in guide but have problem that my repo is clean
What i do wrong?