[pacman-dev] Dan's pacman tree build&test

Gerhard Brauer gerbra at archlinux.de
Thu Dec 4 13:44:05 EST 2008


Ok, have tested the package signing feature from Dan's pacman git.
(Thanks Allan for the hint with --disable-doc)

I test with the abook package from extra.

1)
makepkg
==> Finished making: abook 0.5.6-2 i686 (Thu Dec  4 15:52:44 UTC 2008)
==> Signing package...
==> ERROR: Cannot find the gpg binary! Is gnupg installed?

That's right, it is a fresh VM ;-)

2)
makepkg
==> Finished making: abook 0.5.6-2 i686 (Thu Dec  4 15:55:34 UTC 2008)
==> Signing package...
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: no default secret key: secret key not available
gpg: signing failed: secret key not available
==> WARNING: Failed to sign package file.

That's right. I still have no gpg key.
After setting up all gpg things makepkg builds and signs the package.

3)
Add a repo: mypkg
repo-add ad the abook package and puts also the %PGPSIG% field in the desc file.

4)
pacman -S mypkg/abook
checking package integrity...
warning: gpg cmdline: gpg --verify --no-default-keyring --keyserver-options no-auto-key-retrieve --keyring /tmp/testing.gpg - /var/cache/pacman/pkg/abook-0.5.6-2-i686.pkg.tar.gz
error: failed to commit transaction (invalid or corrupted package)
abook-0.5.6-2-i686.pkg.tar.gz is invalid or corrupted
Errors occurred, no packages were upgraded.

Ok, i have not imported the public key to root's keyring.

5)
[root at archtest ~]# LANG=C pacman -S mypkg/abook
resolving dependencies...
looking for inter-conflicts...

Targets (1): abook-0.5.6-2  

Total Download Size:    0.00 MB
Total Installed Size:   0.20 MB

Proceed with installation? [Y/n] 
checking package integrity...
warning: gpg cmdline: gpg --verify --no-default-keyring --keyserver-options no-auto-key-retrieve --keyring /tmp/testing.gpg - /var/cache/pacman/pkg/abook-0.5.6-2-i686.pkg.tar.gz
(1/1) checking for file conflicts                   [#####################] 100%
(1/1) installing abook                              [#####################] 100%

Problem/Question:
Where could i define the public keyring location?
According to commit: "Add keyring location as option on libalpm handle" the is a libalpm option
--keyring. But i have no plan where to define it (in pacman.conf i got an error).
I copied my keyring temporary to /tmp/testing.gpg what seems the default search path and
filename. Doing this i could install above abook from my repo.

6)
[root at archtest ~]# LANG=C pacman -Sy mypkg/abook
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 mypkg is up to date
warning: abook-0.5.6-2 is up to date -- reinstalling
resolving dependencies...
looking for inter-conflicts...

Targets (1): abook-0.5.6-2  

Total Download Size:    0.05 MB
Total Installed Size:   0.20 MB

Proceed with installation? [Y/n] 
:: Retrieving packages from mypkg...
 abook-0.5.6-2-i686        49.6K   20.9M/s 00:00:00 [#####################] 100%
checking package integrity...
warning: gpg cmdline: gpg --verify --no-default-keyring --keyserver-options no-a
uto-key-retrieve --keyring /tmp/testing.gpg - /var/cache/pacman/pkg/abook-0.5.6-
2-i686.pkg.tar.gz
error: failed to commit transaction (invalid or corrupted package)
abook-0.5.6-2-i686.pkg.tar.gz is invalid or corrupted
Errors occurred, no packages were upgraded.

Here if have modified the abook-0.5.6-2-i686.pkg.tar.gz package, copied to my repo,
do a repo-add but use the old *.sig signature. This modified package gets not
installed.
Maybe the error/reason could be more explained.

Summary:
I think most of the signing part (makepkg, repo-add) and the verifying
part (pacman) works so far. Awesome!
gpg verifying is good integrated in pacman, the "warning: gpg cmdline"
line thing i assume is a test/debug thing.

Next step could be: verifying the database files during pacman -Sy ?


Regards
	Gerhard


More information about the pacman-dev mailing list