Bugzilla – Bug 14705
linux gpg check fail...
Last modified: 2024-01-27 16:59:55 UTC
Created attachment 7112 [details] output for cast linux ...for file linux-2.6.26.tar.bz2 in current test grimoire. Here is what I get doing it by hand : $ gpg --verify /var/spool/sorcery/linux-2.6.26.tar.bz2.sign /var/spool/sorcery/linux-2.6.26.tar.bz2 gpg: Signature made Mon Jul 14 00:56:03 2008 CEST using DSA key ID 517D0F0E gpg: Can't check signature: public key not found Any tips for this ?
You don't have the key in your keyring, so the manual run failure is expected. $ gpg --verify /var/spool/sorcery/linux-2.6.24.tar.bz2.sign gpg: Signature made Fri 25 Jan 2008 12:25:10 AM CET using DSA key ID 517D0F0E gpg: Can't check signature: public key not found vs $ gpg --no-default-keyring --keyring /var/lib/sorcery/codex/test/kernel.gpg --verify /var/spool/sorcery/linux-2.6.24.tar.bz2.sign gpg: Signature made Fri 25 Jan 2008 12:25:10 AM CET using DSA key ID 517D0F0E gpg: Good signature from "Linux Kernel Archives Verification Key <ftpadmin@kernel.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E But this is besides the real issue.
Created attachment 7113 [details] The superdebugging log (I love that feature) I was a bit lazy yesterday to investigate the bug. Now I'm as hot as I could be. The thing is that the actual gpg checking doesn't fail: (lines 105533-105539) ++ gpg --no-default-keyring --always-trust --keyring /var/lib/sorcery/codex/test/kernel.gpg --batch --verbose --verify /var/spool/sorcery/linux-2.6.26.tar.bz2.sign /var/spool/sorcery/linux-2.6.26.tar.bz2 ++ rc=0 ++ [[ 0 != 0 ]] +++ awk '/digest algorithm/ { print tolower($NF) }' /root/linux-2.6.26.tar.bz2.gpgout +++ sort -u ++ algo= ++ rm /root/linux-2.6.26.tar.bz2.gpgout As rc=0, gpg succeeds. However the algo variable is not set properly makes sorcery think there is an error. Here is what is in my /root/linux-2.6.26.tar.bz2.gpgout file : gpg: en-tête d'armure: Version: GnuPG v1.4.9 (GNU/Linux) gpg: en-tête d'armure: Comment: See http://www.kernel.org/signature.html for info gpg: Signature faite le lun 14 jui 2008 00:56:03 CEST avec la clé DSA ID 517D0F0E gpg: Bonne signature de « Linux Kernel Archives Verification Key <ftpadmin@kernel.org> » gpg: ATTENTION: Utilisation d'une clé sans confiance ! gpg: signature binaire, algorithme de hachage SHA1 The problem is the LANG environment variable which changes the output of gpg and makes awk fails to guess the algorithm. The fix would be to locally unset the LANG environment. This should be done at the beginning of the cast as it might break other things as well. I don't know much about the code though so I leave this to gurus. Cheers
I forgot to say that it works with LANG unset.
The relevant calls should have LC_ALL=C in their environment.
Ok, this seems to be related to bug #2910, bug #3499, bug #10546 and bug #12164. The linux spell unsets LC_ALL to solve bug #12164.
Just a bit. The key thing is to modify only the relevant environments, not all. So the gpg lines would have LC_ALL=C prepended and that would only change it for them. If that doesn't have to be done too much, it saves the need for restoring the previous locale. Not that that would be a problem.
fixed in devel and test.
closing fixed bugs that either are already fixed in stable or were only relevant to devel.
Unhandled corner case: gettext uses LANGUAGE (colon separated list) in preference over LC_ALL, so both need to be set.
*** Bug 16170 has been marked as a duplicate of this bug. ***
Corner case of LANGUAGE overriding LC_ALL fixed in commit c4b7e0066e80367e6206ce24e540fecaf2916c9c.