Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sign_pkg fails to overwrite signature when rebuilding package #1256

Closed
iyanmv opened this issue Oct 7, 2024 · 3 comments
Closed

sign_pkg fails to overwrite signature when rebuilding package #1256

iyanmv opened this issue Oct 7, 2024 · 3 comments

Comments

@iyanmv
Copy link

iyanmv commented Oct 7, 2024

Affected Version

paru v2.0.4 - libalpm v15.0.0

Description

When paru is configured to sign local repos, if a package already exists in the repo and contains a detach signature, when rebuilding the package, the signature file is not overwritten, leading to failure later when the package is installed.

This is because the command used by sign_pkg(): gpg --detach-sign --no-armor --batch fails with the following error when the file already exists gpg: signing failed: File exists. A possible solution is to pass --yes as an additional argument.

I don't understand why this is not caught by the function as an error since gpg exists with code 2 instead of 0.

Output

paru.conf

[options]
PgpFetch
Devel
Provides
DevelSuffixes = -git -cvs -svn -bzr -darcs -always -hg -fossil
SudoLoop
Mode = arp
Rebuild = all
Provides = all

LocalRepo = iyanmv
Chroot = /home/iyan/Archlinux/chroot
Sign = 204C461FBA8C81D10327E647422E3694311E5AC1
SignDb = 204C461FBA8C81D10327E647422E3694311E5AC1

[aur-iyanmv]
Path = /home/iyan/Documents/ArchLinux/PKGBUILDs
SkipReview
iyanmv added a commit to iyanmv/paru that referenced this issue Oct 7, 2024
@iyanmv
Overwrite detach signature
43e1abe 
This change lets gpg overwrite the detached signatures of the packages
when the files already exist. Without --yes, and in combination with
--batch, gpg fails (exit 2) without overwriting any file.

Fixes Morganamilo#1256
@iyanmv iyanmv mentioned this issue Oct 7, 2024
Closed
@iyanmv
Copy link
Author

iyanmv commented Oct 7, 2024

Nevermind, I think the source code already has a solution to delete the signature before generating a new one, but this is never used because delete_sig is always passed as false.

@Morganamilo
Copy link
Owner

Don't know how this would happen as it should skip if the sig already exists. As you didn't provide any output logs I can't really debug this. Feel free to open a new issue with logs.

@iyanmv
Copy link
Author

iyanmv commented Dec 28, 2024

When a signature exists, I am still asked for the gpg private key password, but the new siganture is not saved. This is problematic when I'm trying to rebuild packages because the new package is updated, but the signature is not, causing issues later when trying to install the package.

I locally solved this issue changing this:

--- a/src/install.rs
+++ b/src/install.rs
@@ -632,7 +632,7 @@ impl Installer {
             .chain(debug_paths.values())
             .map(|s| s.as_str())
             .collect::<Vec<_>>();
-        sign_pkg(config, &paths, false)?;
+        sign_pkg(config, &paths, true)?;
 
         if let Some(ref repo) = repo {
             if let Some(repo) = self.upgrades.aur_repos.get(base.package_base()) {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Overwrite detach signature iyanmv/paru
2 participants
@iyanmv @Morganamilo