Bug #15939: parcimonie does not refresh custom reprepro's keyring on apt.lizard

Bug #15939

parcimonie does not refresh custom reprepro's keyring on apt.lizard

Added by bertagaz 2018-09-11 14:35:39 . Updated 2018-10-03 09:58:04 .

Status:

Resolved

Priority:

Normal

Assignee:

bertagaz

Category:

Infrastructure

Target version:

Tails_3.10.1

Start date:

2018-09-11

Due date:

% Done:

100%

Feature Branch:

Type of work:

Sysadmin

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

After having updated my GnuPG key, I was not able to upload a package in our custom reprepro on apt.lizard. After having investigated a bit, my key was not up-to-date there and had expired.

Looking at parcimonie’s log, it seems it does not refresh the keyring but fail:

Sep 10 07:01:43 apt dbus-launch[538]: {"state":"FetchEnd","details":{"keyid":"XXX","gpg_error":"gpg: WARNING: Tor is not properly configured\ngpg: keyserver receive failed: Permission denied\n at /usr/share/perl5/App/Parcimonie/Daemon.pm line 350.\n","success":0,"signal":"FetchEnd"}}
Sep 10 07:01:43 apt dbus-launch[538]: {"details":{"duration":144751.229622572},"state":"Sleeping"}
Sep 10 07:01:43 apt dbus-launch[538]: gpgconf: warning: can not open list file /srv/reprepro/.gnupg/dirmngr_ldapservers.conf: No such file or directory
Sep 10 07:01:43 apt dbus-launch[538]: dirmngr:Network:/usr/bin/dirmngr:1:1:
Sep 10 07:01:43 apt dbus-launch[538]: Using 75600 seconds as average sleep time, and 877.672832659127 seconds as fallback sleep time.
Sep 10 07:01:43 apt dbus-launch[538]: tryRecvKey: trying to fetch XXXX
Sep 10 07:01:43 apt dbus-launch[538]: {"details":{"keyid":"05657A225A048861565961DB43AB710FAE9FE593","signal":"FetchBegin"},"state":"FetchBegin"}
Sep 10 07:01:43 apt dbus-launch[538]: gpgconf: warning: can not open list file /srv/reprepro/.gnupg/dirmngr_ldapservers.conf: No such file or directory
Sep 10 07:01:43 apt dbus-launch[538]: dirmngr:Network:/usr/bin/dirmngr:1:1:
Sep 10 07:01:43 apt dbus-launch[538]: gpg: WARNING: Tor is not properly configured
Sep 10 07:01:43 apt dbus-launch[538]: gpg: keyserver receive failed: Permission denied
Sep 10 07:01:43 apt dbus-launch[538]:  at /usr/share/perl5/App/Parcimonie/Daemon.pm line 350.

I suspect the transition to GnuPG v2 broke the setup.

Subtasks

Related issues

Blocks Tails - Feature #13242: Core work: Sysadmin (Maintain our already existing services)

Confirmed

2017-06-29

History

#1 Updated by bertagaz 2018-09-11 14:36:25

Assignee set to intrigeri
QA Check set to Info Needed

intrigeri, you’re the author of this setup, do you want to have a look?

#2 Updated by intrigeri 2018-09-11 15:26:41

Assignee changed from intrigeri to bertagaz
QA Check changed from Info Needed to Dev Needed

> intrigeri, you’re the author of this setup, do you want to have a look?

See workarounds on https://bugs.debian.org/898085 :)

#3 Updated by bertagaz 2018-09-11 17:48:20

Assignee changed from bertagaz to groente
% Done changed from 0 to 50
QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:
> > intrigeri, you’re the author of this setup, do you want to have a look?
>
> See workarounds on https://bugs.debian.org/898085 :)

Ok, thanks for the hint, greatly helps. I’ve implemented the keyserver option workaround in puppet-tails:8c022a6. Deployed and now parcimonie seems to be able to refresh keys again. Passing the review to my fellow sysadmin.

#4 Updated by bertagaz 2018-09-11 17:56:45

blocks Feature #13242: Core work: Sysadmin (Maintain our already existing services) added

#5 Updated by intrigeri 2018-09-12 09:52:11

Subject changed from Parcimonie does not refresh custom reprepro's keyring on apt.lizard to parcimonie does not refresh custom reprepro's keyring on apt.lizard
Assignee changed from groente to bertagaz
Target version set to Tails_3.10.1
QA Check changed from Ready for QA to Dev Needed

Tails::Reprepro::Custom/Exec[shutdown_reprepro_dirmngr] is realized on every Puppet run. I think you meant to use https://puppet.com/docs/puppet/5.5/type.html#exec-attribute-refreshonly.

#6 Updated by bertagaz 2018-09-12 11:27:13

Assignee changed from bertagaz to groente
QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:
> Tails::Reprepro::Custom/Exec[shutdown_reprepro_dirmngr] is realized on every Puppet run. I think you meant to use https://puppet.com/docs/puppet/5.5/type.html#exec-attribute-refreshonly.

Right, forgot that subtility. That’s fixed now.

#7 Updated by groente 2018-09-27 13:53:38

Assignee changed from groente to bertagaz
QA Check changed from Ready for QA to Pass

Looks good to me!

#8 Updated by bertagaz 2018-10-03 09:58:04

Status changed from Confirmed to Resolved
% Done changed from 50 to 100

Closing this ticket then.