Interesting failure on aarch64

Todd Zullinger tmz at pobox.com
Fri Jan 24 19:58:45 CET 2020 

Hi Konstantin,

Konstantin Ryabitsev wrote:
> I came across an interesting gpg failure while trying to build 
> git-2.24.1 RPM for Fedora COPR. As part of RPM build, the prep stage 
> attempts to verify the tarball signature using Junio's PGP key:
> 
>   %prep
>   # Verify GPG signatures
>   gpghome="$(mktemp -qd)" # Ensure we don't use any existing gpg keyrings
>   # Convert the ascii-armored key to binary
>   # (use --yes to ensure an existing dearmored key is overwritten)
>   gpg2 --homedir "$gpghome" --dearmor --quiet --yes %{SOURCE9}
>   xz -dc %{SOURCE0} | # Upstream signs the uncompressed tarballs
> 	  gpgv2 --homedir "$gpghome" --quiet --keyring %{SOURCE9}.gpg %{SOURCE1} -
>   rm -rf "$gpghome" # Cleanup tmp gpg home dir
> 
> On x86_64 this succeeds, but when I tried building on aarch64, that step 
> returned the following error:
> 
>   Building for target aarch64
>   Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.FYxOmt
>   + umask 022
>   + cd /builddir/build/BUILD
>   ++ mktemp -qd
>   + gpghome=/tmp/tmp.dndOuot6S2
>   + gpg2 --homedir /tmp/tmp.dndOuot6S2 --dearmor --quiet --yes /builddir/build/SOURCES/gpgkey-junio.asc
>   gpg: Fatal: can't disable core dumps: Operation not permitted
>   error: Bad exit status from /var/tmp/rpm-tmp.FYxOmt (%prep)
[...]
> I'm curious what exactly is at fault here -- is there something in the 
> COPR build environment that causes this error, or is there something 
> that gnupg is not checking correctly?

I noticed this recently as well.  It only happens on EPEL-7
aarch64, which has gnupg2-2.0.22-5.el7_5.  Builds for EPEL-8
aarch64 work fine.

I've tested this on one of the Fedora package maintainer
aarch64 instances as well and it fails there too.  That
doesn't narrow it down much, other than likely ruling out
something specific to the COPR build environment.

It could still be a bug in gnupg-2.0.22, in the RHEL-7
packages (gnupg2 or otherwise), or when used with mock on
aarch64. For those unfamiliar, mock is a Fedora/EPEL rpm
build tool.

-- 
Todd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200124/37051bfc/attachment.sig>

More information about the Gnupg-users mailing list