Dear Christian, Am Montag, 20. April 2020, 01:00:48 CEST schrieb Christian:
Hi Pete,
Am 10.04.20 um 19:12 schrieb Hans-Peter Jansen:
If finally succeeded. Even less pleasant to the early expiry is, this key replacement destroyed the carefully choosen user, email and comment from the original gpg key and replaced it with some jumbled artifacts.
I would love to fix the Wiki (and my setup), but I'm not willing to replace misleading/confusing information with other misleading/confusing information, as nobody would profit. OBS is such a nice piece, it deserves some love in these dark corners as well.
It boils down to: what's wrong with the manual gpg key setup, as documented in the Wiki and shown in my second mail in this thread.
Since I'm talking mostly to myself in this thread, not sure, whether I'm really helpful here. Redacted: unqualified statement about Perl deleted.
my local instance (appliance) is working with one 'global' sign key, but not with kernel stuff ... obviously.
tried to build wireguard, wich is succeeding, but after that build a new build is started ... something with pesign.
This is correct behavior. Building kernel related stuff is done with two passes. First builds the package itself, while the second signs it with pesign.
I saw this the first time on my instance ... and it is failing:
[ 50s] + echo 'warning: No buildservice project certificate found, add' [ 50s] warning: No buildservice project certificate found, add [ 50s] + echo 'warning: # needssslcertforbuild to the specfile' [ 50s] warning: # needssslcertforbuild to the specfile [ 50s] + echo 'warning: Using /usr/lib/rpm/pesign/pesign-cert.x509 as fallback' [ 50s] warning: Using /usr/lib/rpm/pesign/pesign-cert.x509 as fallback [ 50s] + cert=/usr/lib/rpm/pesign/pesign-cert.x509 [ 50s] + mkdir nss-db [ 50s] + nss_db=/home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db [ 50s] + echo foofoofoo [ 50s] + certutil -N -d /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db -f /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db/passwd [ 50s] + certutil -A -d /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db -f /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db/passwd -n cert -t CT,CT,CT -i /usr/lib/rpm/pesign/pesign-cert.x509 [ 50s] certutil: unable to open "/usr/lib/rpm/pesign/pesign-cert.x509" for reading (-5950, 2). [ 50s] error: Bad exit status from /var/tmp/rpm-tmp.TO7vqo (%install)
so what needs to be done to make these builds also working ?
Your signer setup seems to be lacking. Is it up: sc status obssignd obssigner What does: su -s /bin/bash obsrun -c 'sign -k' return? Cheers, Pete -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org