search

freight-team / freight

A modern take on the Debian archive.
Other
107 stars 37 forks source link

gpg2 incompatibilities #46

Closed ziirish closed 7 years ago

ziirish commented 8 years ago

Hi,

I'm currently facing an issue while trying to sign a repository on Debian Stretch. The error looks like:

$ freight cache apt/zi-stable
# [freight] adding burp-client_2.0.52-3_amd64.deb to pool
# [freight] adding burp-core_2.0.52-3_amd64.deb to pool
# [freight] adding burp-server_2.0.52-3_amd64.deb to pool
chmod: cannot access '/somewhere/repos/debian/stretch/cache/work.6178.8nLuU5zPkb/gpg/pubring.gpg': No such file or directory

I suppose the problematic code lies in lib/freight/apt.sh:233

    # Generate `pubkey.gpg` containing the plaintext public key and
    # `keyring.gpg` containing a complete GPG keyring containing only
    # the appropriate public keys.  `keyring.gpg` is appropriate for
    # copying directly to `/etc/apt/trusted.gpg.d`.
    mkdir -m700 -p "$TMP/gpg"
    # shellcheck disable=SC2086
    gpg -q --export -a $GPG |
    tee "$VARCACHE/pubkey.gpg" |
    gpg -q --homedir "$TMP/gpg" --import
    chmod 644 "$TMP/gpg/pubring.gpg"
    mv "$TMP/gpg/pubring.gpg" "$VARCACHE/keyring.gpg"

gpg --version returns gpg (GnuPG) 2.1.16 and indeed, the doc says:

gpg used to keep the public key pairs in two files: pubring.gpg and secring.gpg. The only difference is that secring stored in addition to the public part also the private part of the key pair. The secret keyring thus contained only the keys for which a private key is available, that is the user’s key. It required a lot of code to keep both versions of the key in sync and led to sometimes surprising inconsistencies.

source

And indeed, running some tests show there is no more pubring.gpg file:

$ mkdir -m700 /tmp/gpg2
$ gpg -q --export <mykey> | gpg -q --homedir /tmp/gpg2/ --import
$ ls /tmp/gpg2/
S.gpg-agent  S.gpg-agent.browser  S.gpg-agent.extra  S.gpg-agent.ssh  private-keys-v1.d  pubring.kbx  pubring.kbx~  trustdb.gpg
mmoll commented 7 years ago

@ziirish could you please test if #47 fixes this problem for you?

MPursche commented 7 years ago

Hello,

I had the same problem on Ubuntu 16.04. The fix in pull request #47 solved the problem for me.

mmoll commented 7 years ago

@MPursche thanks for letting us know!