Hi dkg, Quoting Daniel Kahn Gillmor (2022-04-25 18:49:14) > When trying to upgrade to gnupg2 from version 2.2.27-1 to version > 2.2.34-1, we see a failure in the unshare-qemuwrapper test: > > https://ci.debian.net/data/autopkgtest/testing/amd64/s/sbuild/21152998/log.gz > > + ssh -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -i > /tmp/autopkgtest-lxc.29hmt_yk/downtmp/autopkgtest_tmp/id_rsa -T -p 10022 > root@localhost env --chdir=/build/ AUTOPKGTEST_TMP=/tmp runuser -u user -- > ./debian/tests/unshare > Warning: Permanently added '[localhost]:10022' (ED25519) to the list of known > hosts. > gpg: keybox '/tmp/gpghome/pubring.kbx' created > gpg: /tmp/gpghome/trustdb.gpg: trustdb created > gpg: key F08FF84541F5A0C0: public key "sbuild fake uploader > <fake-uploa...@debian.org>" imported > gpg: key F08FF84541F5A0C0/F08FF84541F5A0C0: error sending to agent: Invalid > argument > gpg: key F08FF84541F5A0C0/A4179B1DD69E01DD: error sending to agent: Invalid > argument > gpg: key F08FF84541F5A0C0: secret key imported > gpg: Total number processed: 1 > gpg: imported: 1 > gpg: secret keys read: 1 > gpg: secret keys imported: 1 > > I traced this error down to the use of "gpg --allow-secret-key-import > --import" in the unshare script. GnuPG upstream has always maintained > that use of gpg in scripts requires use of the --batch directive, which > avoids the error. Why this error response was introduced in the change > from GnuPG 2.2.27 to 2.2.34, i don't yet fully understand, but using > --batch does avoid the problem. > > The attached patch should hopefully make the sbuild autopkgtest succeed > with either version of GnuPG2. > > thanks for maintaining sbuild in debian!
thank you for tracking down the problem and submitting a patch! :) > Having to perform this workaround is unfortunate. A better approach > would be to rewrite sbuild's tooling to use OpenPGP utilities designed > for operation in a script, but doing so is a larger and more intrusive > patch. As you are the gpg expert I'd be very keen to learning which OpenPGP utilities are designed for operations in a script. Most of my interaction with dpkg is via scripts like autopkgtest or mmdebstrap and I'd like to know how to improve those. :) Thanks! cheers, josch
signature.asc
Description: signature
