Bug #15939
parcimonie does not refresh custom reprepro's keyring on apt.lizard
100%
Description
After having updated my GnuPG key, I was not able to upload a package in our custom reprepro on apt.lizard. After having investigated a bit, my key was not up-to-date there and had expired.
Looking at parcimonie’s log, it seems it does not refresh the keyring but fail:
Sep 10 07:01:43 apt dbus-launch[538]: {"state":"FetchEnd","details":{"keyid":"XXX","gpg_error":"gpg: WARNING: Tor is not properly configured\ngpg: keyserver receive failed: Permission denied\n at /usr/share/perl5/App/Parcimonie/Daemon.pm line 350.\n","success":0,"signal":"FetchEnd"}}
Sep 10 07:01:43 apt dbus-launch[538]: {"details":{"duration":144751.229622572},"state":"Sleeping"}
Sep 10 07:01:43 apt dbus-launch[538]: gpgconf: warning: can not open list file /srv/reprepro/.gnupg/dirmngr_ldapservers.conf: No such file or directory
Sep 10 07:01:43 apt dbus-launch[538]: dirmngr:Network:/usr/bin/dirmngr:1:1:
Sep 10 07:01:43 apt dbus-launch[538]: Using 75600 seconds as average sleep time, and 877.672832659127 seconds as fallback sleep time.
Sep 10 07:01:43 apt dbus-launch[538]: tryRecvKey: trying to fetch XXXX
Sep 10 07:01:43 apt dbus-launch[538]: {"details":{"keyid":"05657A225A048861565961DB43AB710FAE9FE593","signal":"FetchBegin"},"state":"FetchBegin"}
Sep 10 07:01:43 apt dbus-launch[538]: gpgconf: warning: can not open list file /srv/reprepro/.gnupg/dirmngr_ldapservers.conf: No such file or directory
Sep 10 07:01:43 apt dbus-launch[538]: dirmngr:Network:/usr/bin/dirmngr:1:1:
Sep 10 07:01:43 apt dbus-launch[538]: gpg: WARNING: Tor is not properly configured
Sep 10 07:01:43 apt dbus-launch[538]: gpg: keyserver receive failed: Permission denied
Sep 10 07:01:43 apt dbus-launch[538]: at /usr/share/perl5/App/Parcimonie/Daemon.pm line 350.
I suspect the transition to GnuPG v2 broke the setup.
Subtasks
Related issues
Blocks Tails - Feature #13242: Core work: Sysadmin (Maintain our already existing services) | Confirmed | 2017-06-29 |
History
#1 Updated by bertagaz 2018-09-11 14:36:25
- Assignee set to intrigeri
- QA Check set to Info Needed
intrigeri, you’re the author of this setup, do you want to have a look?
#2 Updated by intrigeri 2018-09-11 15:26:41
- Assignee changed from intrigeri to bertagaz
- QA Check changed from Info Needed to Dev Needed
> intrigeri, you’re the author of this setup, do you want to have a look?
See workarounds on https://bugs.debian.org/898085 :)
#3 Updated by bertagaz 2018-09-11 17:48:20
- Assignee changed from bertagaz to groente
- % Done changed from 0 to 50
- QA Check changed from Dev Needed to Ready for QA
intrigeri wrote:
> > intrigeri, you’re the author of this setup, do you want to have a look?
>
> See workarounds on https://bugs.debian.org/898085 :)
Ok, thanks for the hint, greatly helps. I’ve implemented the keyserver option workaround in puppet-tails:8c022a6. Deployed and now parcimonie seems to be able to refresh keys again. Passing the review to my fellow sysadmin.
#4 Updated by bertagaz 2018-09-11 17:56:45
- blocks Feature #13242: Core work: Sysadmin (Maintain our already existing services) added
#5 Updated by intrigeri 2018-09-12 09:52:11
- Subject changed from Parcimonie does not refresh custom reprepro's keyring on apt.lizard to parcimonie does not refresh custom reprepro's keyring on apt.lizard
- Assignee changed from groente to bertagaz
- Target version set to Tails_3.10.1
- QA Check changed from Ready for QA to Dev Needed
Tails::Reprepro::Custom/Exec[shutdown_reprepro_dirmngr]
is realized on every Puppet run. I think you meant to use https://puppet.com/docs/puppet/5.5/type.html#exec-attribute-refreshonly.
#6 Updated by bertagaz 2018-09-12 11:27:13
- Assignee changed from bertagaz to groente
- QA Check changed from Dev Needed to Ready for QA
intrigeri wrote:
> Tails::Reprepro::Custom/Exec[shutdown_reprepro_dirmngr]
is realized on every Puppet run. I think you meant to use https://puppet.com/docs/puppet/5.5/type.html#exec-attribute-refreshonly.
Right, forgot that subtility. That’s fixed now.
#7 Updated by groente 2018-09-27 13:53:38
- Assignee changed from groente to bertagaz
- QA Check changed from Ready for QA to Pass
Looks good to me!
#8 Updated by bertagaz 2018-10-03 09:58:04
- Status changed from Confirmed to Resolved
- % Done changed from 50 to 100
Closing this ticket then.