Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2225463 - whois-5.5.17-3.fc39 FTBFS: gpg: Can't check signature: No public key
Summary: whois-5.5.17-3.fc39 FTBFS: gpg: Can't check signature: No public key
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: whois
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Menšík
QA Contact: Fedora Extras Quality Assurance
URL: https://koschei.fedoraproject.org/pac...
Whiteboard:
Depends On:
Blocks: F39FTBFS
TreeView+ depends on / blocked
 
Reported: 2023-07-25 11:15 UTC by Petr Pisar
Modified: 2023-08-10 00:42 UTC (History)
2 users (show)

Fixed In Version: whois-5.5.17-4.fc39 whois-5.5.18-1.fc38 whois-5.5.18-1.fc37
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-02 01:16:18 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Petr Pisar 2023-07-25 11:15:39 UTC
whois-5.5.17-3.fc39 fails to build in Fedora 39:

Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.9DE8Ja
+ umask 022
+ cd /builddir/build/BUILD
++ mktemp --tmpdir whois-XXXXXXX.gpg
+ TMPKEY=/tmp/whois-dIkE40K.gpg
+ gpg --no-default-keyring --keyring /tmp/whois-dIkE40K.gpg --import /builddir/build/SOURCES/md-pgp.asc
gpg: key E6FFF1E38DC968B0: 64 signatures not checked due to missing keys
gpg: directory '/builddir/.gnupg' created
gpg: /builddir/.gnupg/trustdb.gpg: trustdb created
gpg: key E6FFF1E38DC968B0: public key "Marco d'Itri <md>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found
+ dscverify --keyring /tmp/whois-dIkE40K.gpg /builddir/build/SOURCES/whois_5.5.17.dsc
/builddir/build/SOURCES/whois_5.5.17.dsc:
dscverify: /builddir/build/SOURCES/whois_5.5.17.dsc failed signature check:
gpg: Signature made Wed May  3 12:27:41 2023 UTC
gpg:                using EDDSA key 272945CD836D38DFB7427E86CB3EC33AE1DED781
gpg: Can't check signature: No public key
Validation FAILED!!
error: Bad exit status from /var/tmp/rpm-tmp.9DE8Ja (%prep)

A difference between passing and failing build root is at <https://koschei.fedoraproject.org/build/15454437>. An upgrade of gnupg2 from 2.4.0-3.fc39 to 2.4.1-1.fc39 looks suspicious.

Please note that the gpg --import command spoils $HOME/.gnupg which should not happen. Commands executed when building a package should not modify user's home directory.

That it touched $HOME can be seen in these lines:

gpg: directory '/builddir/.gnupg' created
gpg: /builddir/.gnupg/trustdb.gpg: trustdb created

Also when building the package in my virtual machine (HOME=/home/test), I can see:

gpg: WARNING: unsafe permissions on homedir '/home/test/.gnupg'

(And the build passes in my virutal machine, probably because of prepopulated ~./gnupg.)

Comment 1 Petr Menšík 2023-07-30 17:10:47 UTC
Yes, you are right. It has been doing some issues on fedpkg local for some time, but it worked on fedpkg mockbuild. I had not understand fully why it was a problem, but it seems using temporary GNUPGHOME, including place for trustdb.gpg, solves it in both ways.

Comment 2 Fedora Update System 2023-07-30 17:49:40 UTC
FEDORA-2023-52736856a0 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-52736856a0

Comment 3 Fedora Update System 2023-07-31 02:32:04 UTC
FEDORA-2023-52736856a0 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-52736856a0`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-52736856a0

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 4 Fedora Update System 2023-07-31 07:08:02 UTC
FEDORA-2023-e912add7bc has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-e912add7bc

Comment 5 Fedora Update System 2023-08-01 01:50:44 UTC
FEDORA-2023-e912add7bc has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-e912add7bc`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-e912add7bc

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2023-08-02 01:16:18 UTC
FEDORA-2023-52736856a0 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 7 Fedora Update System 2023-08-10 00:42:22 UTC
FEDORA-2023-e912add7bc has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.