Mailinglist Archive: opensuse-buildservice (116 mails)

< Previous Next >
Re: [opensuse-buildservice] gpg: decryption failed: No secret key
Ahh.. now it makes sense..

Probably leftovers from the migration...

ttprpm01:/usr/lib/obs/server # osc -A https://ttprpm01.ttg.local:443 signkey
--delete Butik-Server
Server returned an error: HTTP Error 400: Bad Request
must have a key for signing

Any ideas???

/Martin


----- Original meddelelse -----
Fra: "Michael Schroeder" <mls@xxxxxxx>
Til: "Martin Juhl" <mj@xxxxxxxxxxxx>
Cc: opensuse-buildservice@xxxxxxxxxxxx
Sendt: torsdag, 7. august 2014 14:50:24
Emne: Re: [opensuse-buildservice] gpg: decryption failed: No secret key

On Thu, Aug 07, 2014 at 02:34:22PM +0200, Martin Juhl wrote:
Now we're getting somewhere...

Now I get the complete sign command:

/usr/bin/sign -P /srv/obs/upload/signer.32136 -S
/srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums

/srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm



If I run this command manually:

/usr/bin/sign -P /srv/obs/upload/signer.32136 -S
/srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums

/srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm

/srv/obs/upload/signer.32136: No such file or directory


If I remove the -P argument:

/usr/bin/sign -S
/srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/.checksums

/srv/obs/jobs/i586/Butik-Server::CentOS_6::imlib2-5abd789cfc11ace94b7ff0fe11864966:dir/imlib2-1.4.4-6.1.i686.rpm



and it signs the file correctly...

The file in /srv/obs/upload/ is probably being generated by bs_signer..

Anyone knows what the "-P" parameter is????

It's not mentioned in the man-pages..

It's used to specify a private key stored in a project. The "Butik-Server"
project seems to have an signkey that was created with a different master key.

- Due to a bug the "forceprojectkeys" setting defaults to "true". You probably
don't want to force every project to have a key, so add

our $forceprojectkeys = 0;

to /usr/lib/obs/server/BSConfig.pm and restart the source server.

- Run "find /srv/obs/projects -name _signkey" to find out which projects
have a key. All of those are probably bad. Remove them with
osc signkey --delete <project>

Cheers,
Michael.

--
Michael Schroeder mls@xxxxxxx
SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx


--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups