Hi, After a new build host installation with Fedora 41, gnupg defaults to this configuration after creating or importing a (signing) key:
zozo@localhost:~$ cat ~/.gnupg/common.conf use-keyboxd RPM signing in Yocto stalls and eventually fails with: warning: Could not set GPG_TTY to stdin: Inappropriate ioctl for device gpg: waiting for lock (held by <pid>) ... gpg: can't connect to the keyboxd: IPC connect call failed gpg: error opening key DB: No Keybox daemon running gpg: skipped "[email protected]": Input/output error gpg: signing failed: Input/output error With adding --with-keyboxd-pgm=/usr/libexec/keyboxd to the Yocto build of gnupg (otherwise it won't install keyboxd), RPM signing fails again. Now, gpg complains that the keyboxd version is different from gpg's own. According to stackoverflow and blogs, the recommended way to fix "gpg: waiting for lock" issues is to disable use-keyboxd: zozo@localhost:~$ cat ~/.gnupg/common.conf #use-keyboxd I then cleaned up the rest of ~/.gnupg and re-created / re-imported the key with the new configuration. Still, RPM signing in Yocto master fails with: warning: Could not set GPG_TTY to stdin: Inappropriate ioctl for device error: Unsupported OpenPGP signature With use-keyboxd disabled, I also tested a build with Yocto 5.1 (it ships gnupg 5.0) on the same Fedora 41 host, and RPM signing succeeded. Also FWIW, I also tried to do a build with Yocto 4.3. To make it work, I had to backport ninja 1.12.1 (to be compatible with python 3.13 on the host) and the pseudo changes from Yocto master. With these, RPM signing succeeded with Yocto 4.3, too. I also tried reverting these commits in openembedded-core master: commit 2ab817c434ac443e29d66105056675d6256e8a2c Author: Wang Mingyu <[email protected]> Date: Tue Dec 10 07:56:38 2024 +0800 gnupg: upgrade 2.5.1 -> 2.5.2 commit 3a00465f4b0c01580fb27e0c462696bd4f840828 Author: hongxu <[email protected]> Date: Fri Nov 29 07:33:29 2024 -0800 gnupg: upgrade 2.5.0 -> 2.5.1 but the same "Unsupported OpenPGP signature" error occurs. For now, I disabled RPM signing in my distro layer: -PACKAGE_CLASSES = "package_rpm sign_rpm" +PACKAGE_CLASSES = "package_rpm" It would be nice if Yocto 5.2 final can use RPM signing. Best regards, Zoltán Böszörményi
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#210312): https://lists.openembedded.org/g/openembedded-core/message/210312 Mute This Topic: https://lists.openembedded.org/mt/110856095/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
