Package: guix;
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Wed, 18 May 2022 17:06:02 UTC
Severity: normal
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: help-debbugs <at> gnu.org (GNU bug Tracking System) To: Ludovic Courtès <ludo <at> gnu.org> Cc: tracker <at> debbugs.gnu.org Subject: bug#55506: closed (‘tests/channels.scm’ and ‘tests/git-authenticate.scm’ GPG-related test failures) Date: Wed, 18 May 2022 22:10:02 +0000
[Message part 1 (text/plain, inline)]
Your message dated Thu, 19 May 2022 00:09:17 +0200 with message-id <87a6be1oj6.fsf <at> gnu.org> and subject line Re: bug#55506: ‘tests/channels.scm’ and ‘tests/git-authenticate.scm’ GPG-related test failures has caused the debbugs.gnu.org bug report #55506, regarding ‘tests/channels.scm’ and ‘tests/git-authenticate.scm’ GPG-related test failures to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs <at> gnu.org.) -- 55506: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=55506 GNU Bug Tracking System Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org> To: bug-guix <at> gnu.org Subject: ‘tests/channels.scm’ and ‘tests/git-authenticate.scm’ GPG-related test failures Date: Wed, 18 May 2022 19:05:28 +0200Hi! Since recently, some authentication-related tests in ‘tests/channels.scm’ and ‘tests/git-authenticate.scm’ fail for me: --8<---------------cut here---------------start------------->8--- gpg: keybox '/tmp/guix-directory.9C2KC5/pubring.kbx' created gpg: /tmp/guix-directory.9C2KC5/trustdb.gpg: trustdb created gpg: key 771F49CBFAAE072D: public key "Ed Two-Fifty <ludo+test-ecc <at> chbouib.org>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: key 771F49CBFAAE072D: "Ed Two-Fifty <ludo+test-ecc <at> chbouib.org>" not changed gpg: key 771F49CBFAAE072D: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 gpg: key 82240EDCAB80DA83: public key "Charlie Guix <charlie <at> example.org>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: key 82240EDCAB80DA83: "Charlie Guix <charlie <at> example.org>" not changed gpg: key 82240EDCAB80DA83: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 hint: Using 'master' as the name for the initial branch. This default branch name hint: is subject to change. To configure the initial branch name to use in all hint: of your new repositories, which will suppress this warning, call: hint: hint: git config --global init.defaultBranch <name> hint: hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and hint: 'development'. The just-created branch can be renamed via this command: hint: hint: git branch -m <name> Initialized empty Git repository in /tmp/guix-directory.y6IOfw/.git/ error: gpg failed to sign the data fatal: failed to write commit object test-name: authenticate-channel, wrong first commit signer location: /home/ludo/src/guix/tests/channels.scm:479 source: + (test-equal + "authenticate-channel, wrong first commit signer" + #t + (with-fresh-gnupg-setup + (list %ed25519-public-key-file + %ed25519-secret-key-file + %ed25519-2-public-key-file + %ed25519-2-secret-key-file) + (with-temporary-git-repository + directory + `((add ".guix-channel" + ,(object->string + '(channel + (version 0) + (keyring-reference "master")))) + (add ".guix-authorizations" + ,(object->string + `(authorizations + (version 0) + ((,(key-fingerprint %ed25519-public-key-file) + (name "Charlie")))))) + (add "signer.key" + ,(call-with-input-file + %ed25519-public-key-file + get-string-all)) + (commit + "first commit" + (signer + ,(key-fingerprint %ed25519-public-key-file))) + (add "random" ,(random-text)) + (commit + "second commit" + (signer + ,(key-fingerprint %ed25519-public-key-file)))) + (with-repository + directory + repository + (let* ((commit1 (find-commit repository "first")) + (commit2 (find-commit repository "second")) + (intro (make-channel-introduction + (commit-id-string commit1) + (openpgp-public-key-fingerprint + (read-openpgp-packet %ed25519-2-public-key-file)))) + (channel + (channel + (name 'example) + (url (string-append "file://" directory)) + (introduction intro)))) + (guard (c ((formatted-message? c) + (and (string-contains + (formatted-message-string c) + "initial commit") + (equal? + (formatted-message-arguments c) + (list (oid->string (commit-id commit1)) + (key-fingerprint %ed25519-public-key-file) + (key-fingerprint + %ed25519-2-public-key-file)))))) + (authenticate-channel + channel + directory + (commit-id-string commit2) + #:keyring-reference-prefix + "") + 'failed)))))) expected-value: #t actual-value: #f actual-error: + (%exception + #<&invoke-error program: "git" arguments: ("-C" "/tmp/guix-directory.y6IOfw" "commit" "-m" "first commit" "--gpg-sign=44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAAE 072D") exit-status: 128 term-signal: #f stop-signal: #f>) result: FAIL --8<---------------cut here---------------end--------------->8--- Notice “error: gpg failed to sign the data”, which comes from Git. When stracing, we see this: --8<---------------cut here---------------start------------->8--- 13587 write(2, "[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A771F49CBFAAE072D 3", 66) = 66 13581 <... poll resumed>) = 1 ([{fd=7, revents=POLLIN}]) 13587 write(2, "\n", 1 <unfinished ...> 13581 read(7, <unfinished ...> 13587 <... write resumed>) = 1 13581 <... read resumed>"[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A771F49CBFAAE072D 3\n", 8192) = 67 13581 poll([{fd=5, events=POLLIN}, {fd=7, events=POLLIN}], 2, -1 <unfinished ...> 13587 read(3, "", 8192) = 0 13587 brk(0x13bf000) = 0x13bf000 13587 write(2, "gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAAE 072D\": Unusable secret key", 86) = 86 13581 <... poll resumed>) = 1 ([{fd=7, revents=POLLIN}]) 13587 write(2, "\n", 1 <unfinished ...> 13581 read(7, <unfinished ...> 13587 <... write resumed>) = 1 13581 <... read resumed>"gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAAE 072D\": Unusable secret key\n", 12245) = 87 13587 write(2, "[GNUPG:] INV_SGNR 9 44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAAE 072D", 70 <unfinished ...> 13581 poll([{fd=5, events=POLLIN}, {fd=7, events=POLLIN}], 2, -1 <unfinished ...> 13587 <... write resumed>) = 70 13581 <... poll resumed>) = 1 ([{fd=7, revents=POLLIN}]) 13587 write(2, "\n", 1 <unfinished ...> 13581 read(7, <unfinished ...> 13587 <... write resumed>) = 1 13581 <... read resumed>"[GNUPG:] INV_SGNR 9 44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAAE 072D\n", 12158) = 71 13587 write(2, "[GNUPG:] FAILURE sign 54", 24 <unfinished ...> 13581 poll([{fd=5, events=POLLIN}, {fd=7, events=POLLIN}], 2, -1 <unfinished ...> 13587 <... write resumed>) = 24 13581 <... poll resumed>) = 1 ([{fd=7, revents=POLLIN}]) 13587 write(2, "\n", 1 <unfinished ...> 13581 read(7, <unfinished ...> 13587 <... write resumed>) = 1 13581 <... read resumed>"[GNUPG:] FAILURE sign 54\n", 12087) = 25 13587 write(2, "gpg: signing failed: Unusable secret key", 40 <unfinished ...> --8<---------------cut here---------------end--------------->8--- It’s not clear to me why we get “Unusable secret key”. I suppose this came up as a result of a recent Git or GnuPG update. This is with: --8<---------------cut here---------------start------------->8--- $ gpg --version gpg (GnuPG) 2.2.32 libgcrypt 1.8.8 Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/ludo/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ git --version git version 2.36.0 $ guix describe Generation 214 May 02 2022 21:44:14 (current) guix 6b588da repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 6b588da368c77cde82ea2f22ca315116228777ad --8<---------------cut here---------------end--------------->8--- (The ‘guix’ package skips these tests because it lacks dependencies on Git and GnuPG.) Ludo’.
[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org> To: 55506-done <at> debbugs.gnu.org Subject: Re: bug#55506: ‘tests/channels.scm’ and ‘tests/git-authenticate.scm’ GPG-related test failures Date: Thu, 19 May 2022 00:09:17 +0200Ludovic Courtès <ludo <at> gnu.org> skribis: > Notice “error: gpg failed to sign the data”, which comes from Git. > > When stracing, we see this: > > 13587 write(2, "[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A771F49CBFAAE072D 3", 66) = 66 > 13581 <... poll resumed>) = 1 ([{fd=7, revents=POLLIN}]) > 13587 write(2, "\n", 1 <unfinished ...> > 13581 read(7, <unfinished ...> > 13587 <... write resumed>) = 1 > 13581 <... read resumed>"[GNUPG:] KEY_CONSIDERED 44D31E21AF7138F9B632280A771F49CBFAAE072D 3\n", 8192) = 67 > 13581 poll([{fd=5, events=POLLIN}, {fd=7, events=POLLIN}], 2, -1 <unfinished ...> > 13587 read(3, "", 8192) = 0 > 13587 brk(0x13bf000) = 0x13bf000 > 13587 write(2, "gpg: skipped \"44D3 1E21 AF71 38F9 B632 280A 771F 49CB FAAE 072D\": Unusable secret key", 86) = 86 Turns out those keys all had an expiration date (I guess that’s what gpg does by default), and one of them expired a few weeks ago. I removed the expiration date with ‘gpg --edit-key’ and exported the resulting public keys (“OpenPGP certificates”) as tests/keys/*.pub. Fixed in 3ae7632ca0a1edca9d8c3c766efb0dcc8aa5da37. Ludo’.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.