fatal: Commit XXXXXXX does not have a GPG signature.

[Vouivre]

Hello,

I wanted to update my system with kiss update, but I get:

-> Updating repositories
-> /var/db/kiss/perso
Not a git repository, skipping.
-> /var/db/kiss/repo [signed ✓]
-> /var/db/kiss/repo Need root to update
-> Using '/usr/bin/sudo'
fatal: Commit 891344b does not have a GPG signature.

Do I simply need to wait a little bit ?

Thank you!

[dylanaraps]

I'm not quite sure why this is happening as each and every commit is correctly signed. The commit in the error output above is also signed (See https://github.com/kisslinux/repo/commit/891344b2084fdddf7768973030fc37d7c5dc8ed5).

Either wait a little bit and see if it works, or temporarily disable signature verification. There's nothing I can really do about this. This feature isn't KISS related and is actually a part of git!

Signature verification can be disabled by following the same steps as the install guide (changing true to false). See: https://getkiss.org/pages/install#enable-signature-verification

Temporarily disabling signature verification isn't ideal of course but it sometimes refuses to work.

Questions, is this the first time this has happened? When did kiss u last work?

[Vouivre]

I'll wait until tonight I think. At the moment it still doesn't work. I have seen that the commit 891344b is signed.

I think I did my last update a few days ago. I wanted to update because I get an error on gnutls.

I have also see some strange behaviors with the package manager recently. I will report them after the update is done.

[dylanaraps]

The strange behavior you have been seeing should already be fixed as of the latest release. A new feature brought a couple of bugs which I fixed. The gnutls issue was also fixed. :)

[Vouivre]

Ok, I'm eager to test!

Interesting, the commit 891344b is no longer a problem. Now it's 5611459. The last commit seems to be a problem. I'll disable the verification, but perhaps it's better not to close it immediately. I'll test again in a few days.

[dylanaraps]

I have a hunch. One thing to try as root:

cd /var/db/kiss/repo
git fetch && git merge

If this works then I'll push a fix to the package manager.

[Vouivre]

Oooopppsss, I have already updated! I'll try tomorrow or after tomorrow.

You were right, the problem is fixed with gnutls. Unfortunately with kiss there is alwas something strange to me. I'll report it tomorrow in the kiss repo.

[Vouivre]

Perfect, there are some new commits. As before, the last commit gives me the same error message.

I ran as root the commands you gave, and it's interesting:

git merge
Commit 5901fbf has a good GPG signature by Dylan Araps <dylan.araps@gmail.com>
Updating 5611459..5901fbf
Fast-forward
 extra/glib/build      | 8 ++++++++
 extra/glib/depends    | 1 -
 extra/python/build    | 6 ++++++
 extra/vim/build       | 1 -
 xorg/gdk-pixbuf/build | 2 ++
 xorg/gtk+3/build      | 1 +
 xorg/libSM/build      | 3 ++-
 xorg/libSM/depends    | 1 -
 8 files changed, 19 insertions(+), 4 deletions(-)

And before executing this command, the commit 5901fbf was a problem. My system is up to date, but if I run kiss update there are no more errors.

[dylanaraps]

Fixed in latest kiss. :+1:

[Vouivre]

Hello, I have the version 1.4.1 of kiss. Unfortunately the issue is still there. Did you fix something in 1.4.2 ?

[dylanaraps]

1.4.1 contains all of the fixes. It turns out that this is then an issue in git itself. I will do some more digging.

[Vouivre]

Thank you. In between, I will disable the verification or use the fix you mentioned above.

[dylanaraps]

Are you by any chance using gnupg2 (gpg2)? Signatures have always worked fine for me with gnupg1 (gpg). This is the one question I haven't asked yet.

[dylanaraps]

What I can conclude thus far:

• Each commit is signed despite git saying otherwise.
• This affects both gnupg1 and gnupg2.
• The issue isn't in the package manager (all kiss runs is effectively a git pull).

If anyone else can reproduce this please comment below with some details.

• Does it always fail?
• Has it worked before?
• When do you remember it last working?
• Which version of gpg are you using?
• Which sudo tool do you use with kiss? su, sudo or doas?

Please add any additional information which may be helpful. If anyone knows of a way to reproduce this that would also be appreciated! I cannot reproduce this anywhere for reference.

[Vouivre]

gpg version:

gpg --version
gpg (GnuPG) 1.4.23
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Perhaps more interesting now. I have always run kiss update as normal user and it worked without problem. If I change to root with su, then I can run kiss update without problem.

[dylanaraps]

@Vouivre, do you use su, sudo or doas with kiss as a normal user?

[Vouivre]

I have never used doas. Since the beginning I have used kiss as normal user, because there was no problem. For me it is the same as yaourt a tool of Archlinux. I use su and sudo as normal user, but after running them of course everything is executing with root permissions.

I slowly have the feeling the problem is not in my system....

[dylanaraps]

What I mean is, when you run kiss, which tool does it say it uses?

-> kiss i zlib
-> Using '/usr/bin/doas'

I have a hunch that this may be related to how kiss runs these tools. It could be a specific tool having this issue. :+1:

[Vouivre]

Sorry, I didn't understant. So first try as normal user:

$ kiss update
-> Updating repositories
-> /var/db/kiss/perso
Not a git repository, skipping.
-> /var/db/kiss/repo [signed ✓]
-> /var/db/kiss/repo Need root to update
-> Using '/usr/bin/sudo'
[sudo] password for macquat:
remote: Enumerating objects: 90, done.
remote: Counting objects: 100% (90/90), done.
remote: Compressing objects: 100% (21/21), done.
remote: Total 56 (delta 37), reused 47 (delta 28), pack-reused 0
Unpacking objects: 100% (56/56), 9.56 KiB | 466.00 KiB/s, done.
From https://github.com/kisslinux/repo
   89fce83..6f3dc23  master     -> origin/master
-> Using '/usr/bin/sudo'
-> Using '/usr/bin/sudo'
fatal: Commit 6f3dc23 does not have a GPG signature.

Then as root:

# git fetch
# git merge
Commit 6f3dc23 has a good GPG signature by Dylan Araps <dylan.araps@gmail.com>
Updating 89fce83..6f3dc23
Fast-forward
 README.md                         |  3 +++
 core/busybox/checksums            |  2 +-
 core/busybox/files/.config        |  2 +-
 core/eudev/build                  |  1 +
 core/eudev/version                |  2 +-
 core/gcc/build                    |  1 -
 core/gcc/checksums                |  1 -
 core/gcc/patches/static-pie.patch | 88 ---------------------------------------------------------------
 core/gcc/sources                  |  1 -
 core/gcc/version                  |  2 +-
 core/grub/build                   |  3 ---
 core/grub/version                 |  2 +-
 core/mandoc/build                 |  2 +-
 core/mandoc/version               |  2 +-
 core/zlib/build                   |  2 --
 core/zlib/version                 |  2 +-
 extra/cryptsetup/build            |  1 +
 extra/cryptsetup/version          |  2 +-
 extra/dosfstools/build            |  1 +
 extra/dosfstools/version          |  2 +-
 extra/rust/build                  |  3 +--
 21 files changed, 17 insertions(+), 108 deletions(-)
 delete mode 100644 core/gcc/patches/static-pie.patch

Then as normal user:

$ kiss update
-> Updating repositories
-> /var/db/kiss/perso
Not a git repository, skipping.
-> /var/db/kiss/repo [signed ✓]
-> /var/db/kiss/repo Need root to update
-> Using '/usr/bin/sudo'
-> Using '/usr/bin/sudo'
-> Using '/usr/bin/sudo'
Already up to date.
-> /var/db/kiss/community
-> /var/db/kiss/community Need root to update
-> Using '/usr/bin/sudo'
remote: Enumerating objects: 20, done.
remote: Counting objects: 100% (20/20), done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 12 (delta 4), reused 10 (delta 2), pack-reused 0
Unpacking objects: 100% (12/12), 2.34 KiB | 239.00 KiB/s, done.
From https://github.com/kisslinux/community
   575f611..bcddc88  master     -> origin/master
-> Using '/usr/bin/sudo'
-> Using '/usr/bin/sudo'
Updating 575f611..bcddc88
Fast-forward
 community/icu/build      | 3 ++-
 community/ncdu/checksums | 2 +-
 community/ncdu/sources   | 2 +-
 community/ncdu/version   | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)
-> Checking for new package versions
alsa-utils 1.2.1-1 ==> 1.2.1-2
eudev 3.2.9-2 ==> 3.2.9-3
gcc 9.2.0-1 ==> 9.2.0-3
gdk-pixbuf 2.40.0-1 ==> 2.40.0-2
grub 2.04-3 ==> 2.04-4
gtk+2 2.24.32-2 ==> 2.24.32-3
gtk+3 3.24.13-1 ==> 3.24.13-2
json-c 0.13.1-1 ==> 0.13.1-2
kiss 1.4.1-1 ==> 1.5.0-1
kiss-utils 1.3.0-1 ==> 1.5.0-1
libgpg-error 1.36-1 ==> 1.37-1
mandoc 1.14.5-2 ==> 1.14.5-4
openssh 8.1p1-1 ==> 8.1p1-2
util-linux 2.35.1-1 ==> 2.35.1-2
xinit 1.4.1-2 ==> 1.4.1-3
zlib 1.2.11-1 ==> 1.2.11-3
-> Detected package manager update
-> The package manager will be updated first
-> Continue?: Press Enter to continue or Ctrl+C to abort here

So the answer is sudo and I need to give my password.

[dylanaraps]

@Vouivre

Next update try running KISS_SU=su kiss update. This will force kiss to use su instead of sudo. If it works, then this issue is in the way kiss works with sudo.

NOTE: su will ask for you root password and not your user's password.

Thanks for testing all of this. :)

[Vouivre]

It will be done tomorrow or after tomorrow.

[dylanaraps]

This should be fixed in the latest kiss (1.5.2). Please reopen if the issue comes back. Thanks again. :+1: