Interesting failure on aarch64

Konstantin Ryabitsev konstantin at linuxfoundation.org
Fri Dec 20 17:22:12 CET 2019 

Hi, all:

I came across an interesting gpg failure while trying to build 
git-2.24.1 RPM for Fedora COPR. As part of RPM build, the prep stage 
attempts to verify the tarball signature using Junio's PGP key:

  %prep
  # Verify GPG signatures
  gpghome="$(mktemp -qd)" # Ensure we don't use any existing gpg keyrings
  # Convert the ascii-armored key to binary
  # (use --yes to ensure an existing dearmored key is overwritten)
  gpg2 --homedir "$gpghome" --dearmor --quiet --yes %{SOURCE9}
  xz -dc %{SOURCE0} | # Upstream signs the uncompressed tarballs
	  gpgv2 --homedir "$gpghome" --quiet --keyring %{SOURCE9}.gpg %{SOURCE1} -
  rm -rf "$gpghome" # Cleanup tmp gpg home dir

On x86_64 this succeeds, but when I tried building on aarch64, that step 
returned the following error:

  Building for target aarch64
  Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.FYxOmt
  + umask 022
  + cd /builddir/build/BUILD
  ++ mktemp -qd
  + gpghome=/tmp/tmp.dndOuot6S2
  + gpg2 --homedir /tmp/tmp.dndOuot6S2 --dearmor --quiet --yes /builddir/build/SOURCES/gpgkey-junio.asc
  gpg: Fatal: can't disable core dumps: Operation not permitted
  error: Bad exit status from /var/tmp/rpm-tmp.FYxOmt (%prep)

Here's the same step on x86_64:

  Building for target x86_64
  Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.eDX1Cv
  + umask 022
  + cd /builddir/build/BUILD
  ++ mktemp -qd
  + gpghome=/tmp/tmp.ON2CbIaFXg
  + gpg2 --homedir /tmp/tmp.ON2CbIaFXg --dearmor --quiet --yes /builddir/build/SOURCES/gpgkey-junio.asc
  + xz -dc /builddir/build/SOURCES/git-2.24.1.tar.xz
  + gpgv2 --homedir /tmp/tmp.ON2CbIaFXg --quiet --keyring /builddir/build/SOURCES/gpgkey-junio.asc.gpg /builddir/build/SOURCES/git-2.24.1.tar.sign -
  gpgv: Signature made Tue Dec 10 13:43:57 2019 UTC using RSA key ID 96AFE6CB
  gpgv: Signature made Tue Dec 10 13:43:57 2019 UTC using RSA key ID 96AFE6CB
  gpgv: Good signature from "Junio C Hamano <gitster at pobox.com>"
  gpgv: Good signature from "Junio C Hamano <gitster at pobox.com>"
  gpgv:                 aka "Junio C Hamano <junio at pobox.com>"
  gpgv:                 aka "Junio C Hamano <junio at pobox.com>"
  gpgv:                 aka "Junio C Hamano <jch at google.com>"
  gpgv:                 aka "Junio C Hamano <jch at google.com>"

I'm curious what exactly is at fault here -- is there something in the 
COPR build environment that causes this error, or is there something 
that gnupg is not checking correctly?

-K

More information about the Gnupg-users mailing list