Bug #15939

parcimonie does not refresh custom reprepro's keyring on apt.lizard

Added by bertagaz 2018-09-11 14:35:39 . Updated 2018-10-03 09:58:04 .

Status:
Resolved
Priority:
Normal
Assignee:
bertagaz
Category:
Infrastructure
Target version:
Start date:
2018-09-11
Due date:
% Done:

100%

Feature Branch:
Type of work:
Sysadmin
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

After having updated my GnuPG key, I was not able to upload a package in our custom reprepro on apt.lizard. After having investigated a bit, my key was not up-to-date there and had expired.

Looking at parcimonie’s log, it seems it does not refresh the keyring but fail:

Sep 10 07:01:43 apt dbus-launch[538]: {"state":"FetchEnd","details":{"keyid":"XXX","gpg_error":"gpg: WARNING: Tor is not properly configured\ngpg: keyserver receive failed: Permission denied\n at /usr/share/perl5/App/Parcimonie/Daemon.pm line 350.\n","success":0,"signal":"FetchEnd"}}
Sep 10 07:01:43 apt dbus-launch[538]: {"details":{"duration":144751.229622572},"state":"Sleeping"}
Sep 10 07:01:43 apt dbus-launch[538]: gpgconf: warning: can not open list file /srv/reprepro/.gnupg/dirmngr_ldapservers.conf: No such file or directory
Sep 10 07:01:43 apt dbus-launch[538]: dirmngr:Network:/usr/bin/dirmngr:1:1:
Sep 10 07:01:43 apt dbus-launch[538]: Using 75600 seconds as average sleep time, and 877.672832659127 seconds as fallback sleep time.
Sep 10 07:01:43 apt dbus-launch[538]: tryRecvKey: trying to fetch XXXX
Sep 10 07:01:43 apt dbus-launch[538]: {"details":{"keyid":"05657A225A048861565961DB43AB710FAE9FE593","signal":"FetchBegin"},"state":"FetchBegin"}
Sep 10 07:01:43 apt dbus-launch[538]: gpgconf: warning: can not open list file /srv/reprepro/.gnupg/dirmngr_ldapservers.conf: No such file or directory
Sep 10 07:01:43 apt dbus-launch[538]: dirmngr:Network:/usr/bin/dirmngr:1:1:
Sep 10 07:01:43 apt dbus-launch[538]: gpg: WARNING: Tor is not properly configured
Sep 10 07:01:43 apt dbus-launch[538]: gpg: keyserver receive failed: Permission denied
Sep 10 07:01:43 apt dbus-launch[538]:  at /usr/share/perl5/App/Parcimonie/Daemon.pm line 350.

I suspect the transition to GnuPG v2 broke the setup.


Subtasks


Related issues

Blocks Tails - Feature #13242: Core work: Sysadmin (Maintain our already existing services) Confirmed 2017-06-29

History

#1 Updated by bertagaz 2018-09-11 14:36:25

  • Assignee set to intrigeri
  • QA Check set to Info Needed

intrigeri, you’re the author of this setup, do you want to have a look?

#2 Updated by intrigeri 2018-09-11 15:26:41

  • Assignee changed from intrigeri to bertagaz
  • QA Check changed from Info Needed to Dev Needed

> intrigeri, you’re the author of this setup, do you want to have a look?

See workarounds on https://bugs.debian.org/898085 :)

#3 Updated by bertagaz 2018-09-11 17:48:20

  • Assignee changed from bertagaz to groente
  • % Done changed from 0 to 50
  • QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:
> > intrigeri, you’re the author of this setup, do you want to have a look?
>
> See workarounds on https://bugs.debian.org/898085 :)

Ok, thanks for the hint, greatly helps. I’ve implemented the keyserver option workaround in puppet-tails:8c022a6. Deployed and now parcimonie seems to be able to refresh keys again. Passing the review to my fellow sysadmin.

#4 Updated by bertagaz 2018-09-11 17:56:45

  • blocks Feature #13242: Core work: Sysadmin (Maintain our already existing services) added

#5 Updated by intrigeri 2018-09-12 09:52:11

  • Subject changed from Parcimonie does not refresh custom reprepro's keyring on apt.lizard to parcimonie does not refresh custom reprepro's keyring on apt.lizard
  • Assignee changed from groente to bertagaz
  • Target version set to Tails_3.10.1
  • QA Check changed from Ready for QA to Dev Needed

Tails::Reprepro::Custom/Exec[shutdown_reprepro_dirmngr] is realized on every Puppet run. I think you meant to use https://puppet.com/docs/puppet/5.5/type.html#exec-attribute-refreshonly.

#6 Updated by bertagaz 2018-09-12 11:27:13

  • Assignee changed from bertagaz to groente
  • QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:
> Tails::Reprepro::Custom/Exec[shutdown_reprepro_dirmngr] is realized on every Puppet run. I think you meant to use https://puppet.com/docs/puppet/5.5/type.html#exec-attribute-refreshonly.

Right, forgot that subtility. That’s fixed now.

#7 Updated by groente 2018-09-27 13:53:38

  • Assignee changed from groente to bertagaz
  • QA Check changed from Ready for QA to Pass

Looks good to me!

#8 Updated by bertagaz 2018-10-03 09:58:04

  • Status changed from Confirmed to Resolved
  • % Done changed from 50 to 100

Closing this ticket then.