[pacman-dev] Dan's pacman tree build&test
Gerhard Brauer
gerbra at archlinux.de
Thu Dec 4 13:44:05 EST 2008
Ok, have tested the package signing feature from Dan's pacman git.
(Thanks Allan for the hint with --disable-doc)
I test with the abook package from extra.
1)
makepkg
==> Finished making: abook 0.5.6-2 i686 (Thu Dec 4 15:52:44 UTC 2008)
==> Signing package...
==> ERROR: Cannot find the gpg binary! Is gnupg installed?
That's right, it is a fresh VM ;-)
2)
makepkg
==> Finished making: abook 0.5.6-2 i686 (Thu Dec 4 15:55:34 UTC 2008)
==> Signing package...
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: no default secret key: secret key not available
gpg: signing failed: secret key not available
==> WARNING: Failed to sign package file.
That's right. I still have no gpg key.
After setting up all gpg things makepkg builds and signs the package.
3)
Add a repo: mypkg
repo-add ad the abook package and puts also the %PGPSIG% field in the desc file.
4)
pacman -S mypkg/abook
checking package integrity...
warning: gpg cmdline: gpg --verify --no-default-keyring --keyserver-options no-auto-key-retrieve --keyring /tmp/testing.gpg - /var/cache/pacman/pkg/abook-0.5.6-2-i686.pkg.tar.gz
error: failed to commit transaction (invalid or corrupted package)
abook-0.5.6-2-i686.pkg.tar.gz is invalid or corrupted
Errors occurred, no packages were upgraded.
Ok, i have not imported the public key to root's keyring.
5)
[root at archtest ~]# LANG=C pacman -S mypkg/abook
resolving dependencies...
looking for inter-conflicts...
Targets (1): abook-0.5.6-2
Total Download Size: 0.00 MB
Total Installed Size: 0.20 MB
Proceed with installation? [Y/n]
checking package integrity...
warning: gpg cmdline: gpg --verify --no-default-keyring --keyserver-options no-auto-key-retrieve --keyring /tmp/testing.gpg - /var/cache/pacman/pkg/abook-0.5.6-2-i686.pkg.tar.gz
(1/1) checking for file conflicts [#####################] 100%
(1/1) installing abook [#####################] 100%
Problem/Question:
Where could i define the public keyring location?
According to commit: "Add keyring location as option on libalpm handle" the is a libalpm option
--keyring. But i have no plan where to define it (in pacman.conf i got an error).
I copied my keyring temporary to /tmp/testing.gpg what seems the default search path and
filename. Doing this i could install above abook from my repo.
6)
[root at archtest ~]# LANG=C pacman -Sy mypkg/abook
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
mypkg is up to date
warning: abook-0.5.6-2 is up to date -- reinstalling
resolving dependencies...
looking for inter-conflicts...
Targets (1): abook-0.5.6-2
Total Download Size: 0.05 MB
Total Installed Size: 0.20 MB
Proceed with installation? [Y/n]
:: Retrieving packages from mypkg...
abook-0.5.6-2-i686 49.6K 20.9M/s 00:00:00 [#####################] 100%
checking package integrity...
warning: gpg cmdline: gpg --verify --no-default-keyring --keyserver-options no-a
uto-key-retrieve --keyring /tmp/testing.gpg - /var/cache/pacman/pkg/abook-0.5.6-
2-i686.pkg.tar.gz
error: failed to commit transaction (invalid or corrupted package)
abook-0.5.6-2-i686.pkg.tar.gz is invalid or corrupted
Errors occurred, no packages were upgraded.
Here if have modified the abook-0.5.6-2-i686.pkg.tar.gz package, copied to my repo,
do a repo-add but use the old *.sig signature. This modified package gets not
installed.
Maybe the error/reason could be more explained.
Summary:
I think most of the signing part (makepkg, repo-add) and the verifying
part (pacman) works so far. Awesome!
gpg verifying is good integrated in pacman, the "warning: gpg cmdline"
line thing i assume is a test/debug thing.
Next step could be: verifying the database files during pacman -Sy ?
Regards
Gerhard
More information about the pacman-dev
mailing list