From c87bcac7cdc4a4f79bd18b28ea906d9a946c6c55 Mon Sep 17 00:00:00 2001 From: Conrad Hoffmann Date: Wed, 6 Dec 2023 22:36:35 +0100 Subject: [PATCH] images/archlinux: avoid GnuPG's new keyboxd GnuPG recently made "keyboxd", an alternative keyring storage, the default for new installs [1]. For reasons I cannot explain yet, a gpg command will hang indefinetly trying to talk to keyboxd, if all of the following are true: - keyboxd is already running for the user - it is managed by the systemd-user session (!?) - the gpg command is run inside fakeroot This is easily reproducible on builds.sr.ht: when building and signing a package with `makepkg`, it will just hang forever after outputting "Entering fakeroot environment". One can see in the process tree that it is executing a gpg command inside a fakeroot at that time, which never finishes. While I have not found the cause, this issue is not isolated to builds.sr.ht. I have reproduced this on other Arch Linux systems. I am trying to figure out what the exact issue is, and whom to talk to about it, but until then I think just avoiding keyboxd makes sense. Hence, this commit disables keyboxd system-wide by adding a configuration put forth in [2]. I verified that this is indeed sufficient to make GnuPG fall back to the old storage format, even for new setups. [1] https://github.com/gpg/gnupg/blob/master/README#L119 [2] https://marc.info/?l=gnupg-users&m=170193805722787&w=2 --- images/archlinux/genimg | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/images/archlinux/genimg b/images/archlinux/genimg index 58e55ab..11dbc85 100755 --- a/images/archlinux/genimg +++ b/images/archlinux/genimg @@ -133,6 +133,13 @@ cat > "$root"/home/build/.gitconfig << EOF email = builds@sr.ht EOF run_root chown build:build /home/build/.gitconfig +# Nudge GnuPG to _not_ use the new keyboxd, it does not play nice with fakeroot +# and hence breaks makepkg (the package signing part) +cat > "$root"/etc/gnupg/common.conf << EOF +[ignore] +use-keyboxd +[-ignore] +EOF run_root pacman --noconfirm -Rs go paccache -rk0 -c "$root/var/cache/pacman/pkg" -- 2.38.5