Re: [opensuse-buildservice] gpg: decryption failed: No secret key

7 Aug 2014


      Ahh.. now it makes sense..
Probably leftovers from the migration...
ttprpm01:/usr/lib/obs/server # osc -A https://ttprpm01.ttg.local:443 signkey --delete Butik-Server
Server returned an error: HTTP Error 400: Bad Request
must have a key for signing
Any ideas???
/Martin
----- Original meddelelse ----- 
Fra: "Michael Schroeder" mls@suse.de 
Til: "Martin Juhl" mj@casalogic.dk 
Cc: opensuse-buildservice@opensuse.org 
Sendt: torsdag, 7. august 2014 14:50:24 
Emne: Re: [opensuse-buildservice] gpg: decryption failed: No secret key
On Thu, Aug 07, 2014 at 02:34:22PM +0200, Martin Juhl wrote:
...
Now we're getting somewhere...
Now I get the complete sign command:
/usr/bin/sign -P /srv/obs/upload/signer.32136 -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm
If I run this command manually:
/usr/bin/sign -P /srv/obs/upload/signer.32136 -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm 
/srv/obs/upload/signer.32136: No such file or directory
If I remove the -P argument:
/usr/bin/sign -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm
and it signs the file correctly...
The file in /srv/obs/upload/ is probably being generated by bs_signer..
Anyone knows what the "-P" parameter is????
It's not mentioned in the man-pages..
It's used to specify a private key stored in a project. The "Butik-Server" 
project seems to have an signkey that was created with a different master key.
- Due to a bug the "forceprojectkeys" setting defaults to "true". You probably 
don't want to force every project to have a key, so add
our $forceprojectkeys = 0;
to /usr/lib/obs/server/BSConfig.pm and restart the source server.
- Run "find /srv/obs/projects -name _signkey" to find out which projects 
have a key. All of those are probably bad. Remove them with 
osc signkey --delete <project>
Cheers, 
Michael.
-- 
Michael Schroeder mls@suse.de 
SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg 
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} 
-- 
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org 
To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org 


-- 
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: [opensuse-buildservice] gpg: decryption failed: No secret key