| View previous topic :: View next topic |
| Author |
Message |
niderecha
n00b
Joined: 10 Nov 2024
Posts: 13
|
 Posted: Wed Nov 13, 2024 10:49 pm Post subject: binary packages signing: gpg database lock |
 |
|
Hi. I'm trying to compile and sign binary packages. It doesn't work for me without strange manual steps, and googling didn't help.
If I run for example
it fails with
| Code: | >>> Completed installing sys-apps/cpuid-20240916 into /var/tmp/portage/sys-apps/cpuid-20240916/image
* Final size of build directory: 1240 KiB (1.2 MiB)
* Final size of installed tree: 626 KiB
strip: x86_64-pc-linux-gnu-strip --strip-unneeded -N __gentoo_check_ldflags__ -R .comment -R .GCC.command.
line -R .note.gnu.gold-version
/usr/bin/cpuid
!!!
gpg: Note: database_open 134217901 waiting for lock (held by 666240) ...
gpg: Note: database_open 134217901 waiting for lock (held by 666240) ...
gpg: Note: database_open 134217901 waiting for lock (held by 666240) ...
gpg: Note: database_open 134217901 waiting for lock (held by 666240) ...
gpg: Note: database_open 134217901 waiting for lock (held by 666240) ...
gpg: keydb_search failed: Connection timed out
gpg: skipped "0x306A307EE50F1047": Connection timed out
gpg: signing failed: Connection timed out
Traceback (most recent call last):
File "/usr/lib/portage/python3.12/gpkg-helper.py", line 75, in <module>
rval = main(sys.argv[:])
^^^^^^^^^^^^^^^^^
|
The process 666240 here is
| Code: | | keyboxd --homedir /root/.gnupg --daemon |
But it didn't exist when I was starting the emerge.
If, after I start emerge, I run
then emerge completes successfully.
My make.conf:
| Code: | ...
BINPKG_FORMAT="gpkg"
FEATURES="${FEATURES} getbinpkg binpkg-request-signature buildpkg binpkg-signing"
BINPKG_GPG_SIGNING_GPG_HOME="/root/.gnupg"
BINPKG_GPG_SIGNING_KEY="0x306A307EE50F1047"
...
|
Last edited by niderecha on Thu Nov 14, 2024 11:56 am; edited 1 time in total |
|
| Back to top |
|
 |
bstaletic
Guru
Joined: 05 Apr 2014
Posts: 373
|
|
| Back to top |
|
|
niderecha
n00b
Joined: 10 Nov 2024
Posts: 13
|
| Posted: Wed Nov 13, 2024 11:01 pm Post subject: |
|
|
| yes... If I kill root's keyboxd after I start emerge, then everything goes through |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1248
Location: Richmond Hill, Canada
|
| Posted: Thu Nov 14, 2024 12:20 am Post subject: |
|
|
niderecha,
Do root user have a file in /root/.gnupg/common.conf file? And if that file exist do you have "use-keyboxd" in it? if "use-keyboxd" exist you need to comment it out. |
|
| Back to top |
|
|
niderecha
n00b
Joined: 10 Nov 2024
Posts: 13
|
| Posted: Thu Nov 14, 2024 9:45 am Post subject: |
|
|
| Code: | # cat ~/.gnupg/common.conf
use-keyboxd |
Yes, apparently so. I didn't touch this file myself, I guess it was created by one of the gpg invocations. It's safe to delete it, right? |
|
| Back to top |
|
|
niderecha
n00b
Joined: 10 Nov 2024
Posts: 13
|
| Posted: Thu Nov 14, 2024 9:50 am Post subject: |
|
|
Uh, without that file things break differently
| Code: | # emerge -av1 cpuid
Local copy of remote index is up-to-date and will be used.
These are the packages that would be merged, in order:
Calculating dependencies... done!
Dependency resolution took 2.04 s (backtrack: 0/20).
[ebuild N ] sys-apps/cpuid-20240916::gentoo 0 KiB
Total: 1 package (1 new), Size of downloads: 0 KiB
Would you like to merge these packages? [Yes/No]
>>> Unlocking GPG... gpg: skipped "0x306A307EE50F1047": No secret key
gpg: signing failed: No secret key
!!! GPG unlock failed |
|
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1248
Location: Richmond Hill, Canada
|
| Posted: Thu Nov 14, 2024 12:35 pm Post subject: |
|
|
| niderecha wrote: | | Code: | # cat ~/.gnupg/common.conf
use-keyboxd |
Yes, apparently so. I didn't touch this file myself, I guess it was created by one of the gpg invocations. It's safe to delete it, right? |
No, I ask comment out the line. Not delete the file. |
|
| Back to top |
|
|
niderecha
n00b
Joined: 10 Nov 2024
Posts: 13
|
| Posted: Thu Nov 14, 2024 2:34 pm Post subject: |
|
|
| With the line commented out I get the same error as without the file |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1248
Location: Richmond Hill, Canada
|
| Posted: Thu Nov 14, 2024 3:34 pm Post subject: Re: binary packages signing: gpg database lock |
|
|
| niderecha wrote: | My make.conf:
| Code: | ...
BINPKG_FORMAT="gpkg"
FEATURES="${FEATURES} getbinpkg binpkg-request-signature buildpkg binpkg-signing"
BINPKG_GPG_SIGNING_GPG_HOME="/root/.gnupg"
BINPKG_GPG_SIGNING_KEY="0x306A307EE50F1047"
...
|
|
I am no GPG expert, so I don't know what that error is about. I just search what is "keyboxd" and find some explain how it got started.
However how did you arrive with "0x306A307EE50F1047" it looks to me is something random, so somewhere you have store a "key" for it? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1248
Location: Richmond Hill, Canada
|
|
| Back to top |
|
|
niderecha
n00b
Joined: 10 Nov 2024
Posts: 13
|
| Posted: Thu Nov 14, 2024 3:55 pm Post subject: |
|
|
I don't understand gpg at all. Actually, I don't even need or want to sign the packages, but I want to mix my own packages with packages from gentoo binhost, for which I want to verify the signature. And it means I have to sign my own binary packages too...
"0x306A307EE50F1047" is my key which I generated by "gpg --full-generate-key"
Then I followed https://forums.gentoo.org/viewtopic-p-8828115.html to make portage understand my key (I haven't found any other manuals):
| Code: | # gpg --output - --export 0xB9FE342E12D2B962 | gpg --homedir /etc/portage/gnupg --import -
# cat /etc/portage/gnupg/pass
(here goes password used later on lsign stage)
# gpg --homedir /etc/portage/gnupg --edit-key 0xB9FE342E12D2B962
gpg> trust
...
4 = I trust fully
...
Your decision? 4
gpg> lsign
...
Really sign? (y/N) y
... enter password from above ...
gpg> save
# gpg --homedir /etc/portage/gnupg --check-trustdb
# emerge whatever |
Last edited by niderecha on Thu Nov 14, 2024 4:01 pm; edited 1 time in total |
|
| Back to top |
|
|
niderecha
n00b
Joined: 10 Nov 2024
Posts: 13
|
| Posted: Thu Nov 14, 2024 3:59 pm Post subject: |
|
|
heh, sure I did  |
|
| Back to top |
|
|
|
Portage & Programming
