Re: [opensuse-buildservice] gpg: decryption failed: No secret key
On Thu, Aug 07, 2014 at 02:34:22PM +0200, Martin Juhl wrote:
Now we're getting somewhere...
Now I get the complete sign command:
/usr/bin/sign -P /srv/obs/upload/signer.32136 -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm
If I run this command manually:
/usr/bin/sign -P /srv/obs/upload/signer.32136 -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm /srv/obs/upload/signer.32136: No such file or directory
If I remove the -P argument:
/usr/bin/sign -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm
and it signs the file correctly...
The file in /srv/obs/upload/ is probably being generated by bs_signer..
Anyone knows what the "-P" parameter is????
It's not mentioned in the man-pages..
It's used to specify a private key stored in a project. The "Butik-Server" project seems to have an signkey that was created with a different master key. - Due to a bug the "forceprojectkeys" setting defaults to "true". You probably don't want to force every project to have a key, so add our $forceprojectkeys = 0; to /usr/lib/obs/server/BSConfig.pm and restart the source server. - Run "find /srv/obs/projects -name _signkey" to find out which projects have a key. All of those are probably bad. Remove them with osc signkey --delete <project> Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Ahh.. now it makes sense.. Probably leftovers from the migration... ttprpm01:/usr/lib/obs/server # osc -A https://ttprpm01.ttg.local:443 signkey --delete Butik-Server Server returned an error: HTTP Error 400: Bad Request must have a key for signing Any ideas??? /Martin ----- Original meddelelse ----- Fra: "Michael Schroeder" <mls@suse.de> Til: "Martin Juhl" <mj@casalogic.dk> Cc: opensuse-buildservice@opensuse.org Sendt: torsdag, 7. august 2014 14:50:24 Emne: Re: [opensuse-buildservice] gpg: decryption failed: No secret key On Thu, Aug 07, 2014 at 02:34:22PM +0200, Martin Juhl wrote:
Now we're getting somewhere...
Now I get the complete sign command:
/usr/bin/sign -P /srv/obs/upload/signer.32136 -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm
If I run this command manually:
/usr/bin/sign -P /srv/obs/upload/signer.32136 -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm /srv/obs/upload/signer.32136: No such file or directory
If I remove the -P argument:
/usr/bin/sign -S /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums /srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm
and it signs the file correctly...
The file in /srv/obs/upload/ is probably being generated by bs_signer..
Anyone knows what the "-P" parameter is????
It's not mentioned in the man-pages..
It's used to specify a private key stored in a project. The "Butik-Server" project seems to have an signkey that was created with a different master key. - Due to a bug the "forceprojectkeys" setting defaults to "true". You probably don't want to force every project to have a key, so add our $forceprojectkeys = 0; to /usr/lib/obs/server/BSConfig.pm and restart the source server. - Run "find /srv/obs/projects -name _signkey" to find out which projects have a key. All of those are probably bad. Remove them with osc signkey --delete <project> Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Thu, Aug 07, 2014 at 02:59:26PM +0200, Martin Juhl wrote:
Ahh.. now it makes sense..
Probably leftovers from the migration...
ttprpm01:/usr/lib/obs/server # osc -A https://ttprpm01.ttg.local:443 signkey --delete Butik-Server Server returned an error: HTTP Error 400: Bad Request must have a key for signing
Any ideas???
Yeah, that's because of the "forceprojectkeys" setting. Please add our $forceprojectkeys = 0; to /usr/lib/obs/server/BSConfig.pm and restart the source server. M. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
HEUREKA!!!! It works :)..... Thanks a lot.. just forgot to restart the source server... /Martin ----- Original meddelelse ----- Fra: "Michael Schroeder" <mls@suse.de> Til: "Martin Juhl" <mj@casalogic.dk> Cc: opensuse-buildservice@opensuse.org Sendt: torsdag, 7. august 2014 14:58:18 Emne: Re: [opensuse-buildservice] gpg: decryption failed: No secret key On Thu, Aug 07, 2014 at 02:59:26PM +0200, Martin Juhl wrote:
Ahh.. now it makes sense..
Probably leftovers from the migration...
ttprpm01:/usr/lib/obs/server # osc -A https://ttprpm01.ttg.local:443 signkey --delete Butik-Server Server returned an error: HTTP Error 400: Bad Request must have a key for signing
Any ideas???
Yeah, that's because of the "forceprojectkeys" setting. Please add our $forceprojectkeys = 0; to /usr/lib/obs/server/BSConfig.pm and restart the source server. M. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (2)
-
Martin Juhl -
Michael Schroeder