~comcloudway/builds.sr.ht

c87bcac7cdc4a4f79bd18b28ea906d9a946c6c55 — Conrad Hoffmann 11 months ago 4c4e6ad 
images/archlinux: avoid GnuPG's new keyboxd

GnuPG recently made "keyboxd", an alternative keyring storage, the
default for new installs [1]. For reasons I cannot explain yet, a gpg
command will hang indefinetly trying to talk to keyboxd, if all of the
following are true:

- keyboxd is already running for the user
- it is managed by the systemd-user session (!?)
- the gpg command is run inside fakeroot

This is easily reproducible on builds.sr.ht: when building and signing a
package with `makepkg`, it will just hang forever after outputting
"Entering fakeroot environment". One can see in the process tree that it
is executing a gpg command inside a fakeroot at that time, which never
finishes.

While I have not found the cause, this issue is not isolated to
builds.sr.ht. I have reproduced this on other Arch Linux systems.

I am trying to figure out what the exact issue is, and whom to talk to
about it, but until then I think just avoiding keyboxd makes sense.

Hence, this commit disables keyboxd system-wide by adding a
configuration put forth in [2]. I verified that this is indeed
sufficient to make GnuPG fall back to the old storage format, even for
new setups.

[1] https://github.com/gpg/gnupg/blob/master/README#L119
[2] https://marc.info/?l=gnupg-users&m=170193805722787&w=2
patch browse .tar.gz 
1 files changed, 7 insertions(+), 0 deletions(-)

M images/archlinux/genimg

M images/archlinux/genimg => images/archlinux/genimg +7 -0
@@ 133,6 133,13 @@ cat > "$root"/home/build/.gitconfig << EOF
  email = builds@sr.ht
EOF
run_root chown build:build /home/build/.gitconfig
# Nudge GnuPG to _not_ use the new keyboxd, it does not play nice with fakeroot
# and hence breaks makepkg (the package signing part)
cat > "$root"/etc/gnupg/common.conf << EOF
[ignore]
use-keyboxd
[-ignore]
EOF

run_root pacman --noconfirm -Rs go
paccache -rk0 -c "$root/var/cache/pacman/pkg"