Arch Linux failing while importing keys (due to use of GnuPG 2.0.22?)

[merginator]

I'm getting the following output when trying to bootstrap arch linux. I'm on the latest rev of image-bootstrap and a recently updated CentOS host:

# git rev-parse HEAD
ef959787f77fb248b3a428f3ad2597b2e7b5760e
# cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
# gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
# ./image-bootstrap --verbose --debug --scripts-chroot chroot_scripts/ --hostname testvm arch /dev/centos_host/testvol
     _                          __             __      __
    (_)_ _  ___ ____ ____  ___ / /  ___  ___  / /____ / /________ ____
   / /  ' \/ _ `/ _ `/ -_)/__// _ \/ _ \/ _ \/ __(_-</ __/ __/ _ `/ _ \
  /_/_/_/_/\_,_/\_, /\__/    /_.__/\___/\___/\__/___/\__/_/  \_,_/ .__/
               /___/                    v0.9.2.1 :: 2017-01-10  /_/

Software libre licensed under AGPL v3 or later.
Brought to you by Sebastian Pipping <sebastian@pipping.org>.
Please report bugs at https://github.com/hartwork/image-bootstrap.  Thank you!

Selected approach "chroot-grub2-drive" for bootloader installation.
Checking for blkid... /sbin/blkid
Checking for blockdev... /sbin/blockdev
Checking for chmod... /bin/chmod
Checking for chroot... /sbin/chroot
Checking for cp... /bin/cp
Checking for find... /bin/find
Checking for gpg... /bin/gpg
Checking for kpartx... /sbin/kpartx
Checking for mkdir... /bin/mkdir
Checking for mkfs.ext4... /sbin/mkfs.ext4
Checking for mount... /bin/mount
Checking for parted... /sbin/parted
Checking for partprobe... /sbin/partprobe
Checking for rm... /bin/rm
Checking for rmdir... /bin/rmdir
Checking for sed... /bin/sed
Checking for tar... /bin/tar
Checking for tune2fs... /sbin/tune2fs
Checking for umount... /bin/umount
Checking for wget... /bin/wget

Checking for known unsupported architecture/machine combination...
Checking if "/dev/centos_host/testvol" is a block device...
Checking chroot scripts directory permissions...
Checking chroot scripts for executability...

Unsharing Linux namespaces (mount, UTS/hostname)...
Checking size of "/dev/centos_host/testvol"...
# blockdev --getsize64 /dev/centos_host/testvol
Partitioning "/dev/centos_host/testvol"...
# parted --script /dev/centos_host/testvol mklabel msdos
# partprobe /dev/centos_host/testvol
# parted --script --align optimal /dev/centos_host/testvol mkpart primary ext4 1 100%
# parted --script /dev/centos_host/testvol set 1 boot on
Activating partition devices...
# kpartx -l /dev/centos_host/testvol
# kpartx -u /dev/centos_host/testvol
Creating file system on "/dev/mapper/centos_host-testvol1"...
# mkfs.ext4 -F /dev/mapper/centos_host-testvol1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
1310720 inodes, 5242624 blocks
262131 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2153775104
160 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
    4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

# blkid -o value -s UUID /dev/mapper/centos_host-testvol1
Creating directory "/mnt/tmp1xZWZj"...
Mounting partitions...
# mount /dev/mapper/centos_host-testvol1 /mnt/tmp1xZWZj
Creating directory "/mnt/tmp1xZWZj/etc"...
Writing file "/mnt/tmp1xZWZj/etc/hostname"...
Writing file "/mnt/tmp1xZWZj/etc/resolv.conf" (based on file "/etc/resolv.conf")...
Bootstrapping Arch into "/mnt/tmp1xZWZj"...
Checking access to "/var/cache/directory-bootstrap"...
Checking access to "/mnt/tmp1xZWZj"...
Downloading image listing...
Downloading keyring listing...
Downloading "https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz.sig"...
# wget -O/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz.sig https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz.sig
--2020-01-03 17:05:26--  https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz.sig
Resolving sources.archlinux.org (sources.archlinux.org)... 88.198.91.70, 2a01:4f8:160:6087::1
Connecting to sources.archlinux.org (sources.archlinux.org)|88.198.91.70|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 566 [application/pgp-signature]
Saving to: ‘/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz.sig’

100%[======================================================================================================================================================================================================================================>] 566         --.-K/s   in 0s

2020-01-03 17:05:26 (64.8 MB/s) - ‘/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz.sig’ saved [566/566]

Downloading "https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz"...
# wget -O/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz
--2020-01-03 17:05:26--  https://sources.archlinux.org/other/archlinux-keyring/archlinux-keyring-20191219.tar.gz
Resolving sources.archlinux.org (sources.archlinux.org)... 88.198.91.70, 2a01:4f8:160:6087::1
Connecting to sources.archlinux.org (sources.archlinux.org)|88.198.91.70|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 963887 (941K) [application/gzip]
Saving to: ‘/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz’

100%[======================================================================================================================================================================================================================================>] 963,887     1015KB/s   in 0.9s

2020-01-03 17:05:28 (1015 KB/s) - ‘/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz’ saved [963887/963887]

Initializing temporary GnuPG home at "/tmp/tmpNzUpD1/gpg_home"...
Downloading "https://raw.githubusercontent.com/gpg/gnupg/master/dirmngr/sks-keyservers.netCA.pem"...
# wget -O/tmp/tmpNzUpD1/gpg_home/sks-keyservers.netCA.pem https://raw.githubusercontent.com/gpg/gnupg/master/dirmngr/sks-keyservers.netCA.pem
--2020-01-03 17:05:28--  https://raw.githubusercontent.com/gpg/gnupg/master/dirmngr/sks-keyservers.netCA.pem
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1984 (1.9K) [text/plain]
Saving to: ‘/tmp/tmpNzUpD1/gpg_home/sks-keyservers.netCA.pem’

100%[======================================================================================================================================================================================================================================>] 1,984       --.-K/s   in 0s

2020-01-03 17:05:28 (15.5 MB/s) - ‘/tmp/tmpNzUpD1/gpg_home/sks-keyservers.netCA.pem’ saved [1984/1984]

Importing GPG keys whitelisted to sign archlinux-keyring...
Keys found allowed to sign archlinux-keyring tarball:
  - Bartlomiej Piotrowski <bpiotrowski@archlinux.org> (F3691687D867B81B51CE07D9BBE43771487328A9)
  - Christian Hesse <Christi@n-Hes.se> (BD84DE71F493DF6814B0167254EDC91609BC9183)
  - Evangelos Foutras <evangelos@foutrelis.com> (86CFFCA918CF3AF47147588051E8B148A9999C34)
  - Florian Pritz <bluewind@xinu.at> (CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E)
  - Jelle van der Waa <jelle@archlinux.org> (E499C79F53C96A54E572FEE1C06086337C50773E)
  - Pierre Schmitz <pierre@archlinux.de> (4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC)
  - Thomas Bächler <thomas@bchlr.de> (A314827C4E4250A204CE6E13284FC34C8E4B1A25)
Importing GPG keys from the internet...
Importing GPG keys from disk...
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/86CFFCA918CF3AF47147588051E8B148A9999C34.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/86CFFCA918CF3AF47147588051E8B148A9999C34.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/F3691687D867B81B51CE07D9BBE43771487328A9.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/F3691687D867B81B51CE07D9BBE43771487328A9.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/A314827C4E4250A204CE6E13284FC34C8E4B1A25.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/A314827C4E4250A204CE6E13284FC34C8E4B1A25.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/BD84DE71F493DF6814B0167254EDC91609BC9183.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/BD84DE71F493DF6814B0167254EDC91609BC9183.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC.asc
Importing GPG key from file "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/E499C79F53C96A54E572FEE1C06086337C50773E.asc"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /root/libvirt_stuff/image-bootstrap/directory_bootstrap/resources/arch/E499C79F53C96A54E572FEE1C06086337C50773E.asc
Verifying integrity of file "/var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --verify /var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz.sig /var/cache/directory-bootstrap/archlinux-keyring-20191219.tar.gz
gpg: Signature made Thu 19 Dec 2019 08:01:43 AM PST
gpg:                using RSA key 0x54EDC91609BC9183
gpg: Good signature from "Christian Hesse <Christi@n-Hes.se>"
gpg:                 aka "Christian Hesse <mail@eworm.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: BD84 DE71 F493 DF68 14B0  1672 54ED C916 09BC 9183
Importing GPG key from file "/tmp/tmpNzUpD1/archlinux-keyring-20191219/archlinux.gpg"...
# unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /tmp/tmpNzUpD1/archlinux-keyring-20191219/archlinux.gpg
gpg: key 0xA06B49470F8E620A: no valid user IDs
gpg: key 0x6BC26A17B9B7018A: no valid user IDs
gpg: key 0xEEEEE2EEEE2EEEEE: no valid user IDs
gpg: key 0x7258734B41C31549: no valid user IDs
Cleaning up "/tmp/tmpNzUpD1"...
Unmounting partitions...
# umount /mnt/tmp1xZWZj
Removing directory "/mnt/tmp1xZWZj"...
Deactivating partition devices...
# kpartx -d /dev/centos_host/testvol
Traceback (most recent call last):
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/shared/output_control.py", line 40, in run_handle_errors
    main_function(messenger, options)
  File "/root/libvirt_stuff/image-bootstrap/image_bootstrap/__main__.py", line 97, in _main__level_three
    bootstrap.run()
  File "/root/libvirt_stuff/image-bootstrap/image_bootstrap/engine.py", line 929, in run
    self.run_directory_bootstrap()
  File "/root/libvirt_stuff/image-bootstrap/image_bootstrap/engine.py", line 422, in run_directory_bootstrap
    self._config.bootloader_approach,
  File "/root/libvirt_stuff/image-bootstrap/image_bootstrap/distros/arch.py", line 76, in run_directory_bootstrap
    bootstrap.run()
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/distros/arch.py", line 284, in run
    self._import_gpg_keyring(abs_temp_dir, abs_gpg_home_dir, package_filename, package_yyyymmdd)
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/distros/arch.py", line 99, in _import_gpg_keyring
    self._import_gpg_key_file(abs_gpg_home_dir, abs_archlinux_gpg_path)
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/distros/base.py", line 197, in _import_gpg_key_file
    self._executor.check_call(cmd)
  File "/root/libvirt_stuff/image-bootstrap/directory_bootstrap/shared/executor.py", line 116, in check_call
    cwd=cwd,
  File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call
    raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '['unshare', '--fork', '--pid', 'gpg', '--home', '/tmp/tmpNzUpD1/gpg_home', '--keyid-format', '0xlong', '--batch', '--quiet', '--import', '/tmp/tmpNzUpD1/archlinux-keyring-20191219/archlinux.gpg']' returned non-zero exit status 2
Error: Command "unshare --fork --pid gpg --home /tmp/tmpNzUpD1/gpg_home --keyid-format 0xlong --batch --quiet --import /tmp/tmpNzUpD1/archlinux-keyring-20191219/archlinux.gpg" returned non-zero exit status 2
If this looks like a bug to you, please file a report at https://github.com/hartwork/image-bootstrap.  Thank you!```

[hartwork]

Hi Dan,

I cannot reproduce the issue with GnuPG 2.2.19 on another distro so it might be a GnuPG problem.

I would ask if using another build host is an option to you but bug #64 will hit you after. I have pinned that bug just now to make it easier to see. It's unfortunate that Arch OpenStack images cannot be built right now but please note that Arch is a moving target so having Arch support work every day of the year would be a full time job...

[merginator]

I was able to test with CentOS 8, which comes with GnuPG version 2.2.9 and everything worked. I didn't run into issue #64 as it seems to be tied to the openstack flag, which I am not using. I'm not sure what minimum GnuPG version is needed, but maybe a version check is in order once someone's able to narrow it down.

[hartwork]

Make sense! Thanks for the update!