Ubuntu CI Services

branch source builder fails to build unsigned packages, but doesn't see the problem

Bug #1283186 reported by Paul Larson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu CI Engine
Fix Released
High
Francis Ginther
Ubuntu CI Services
Fix Released
High
Francis Ginther

Bug Description

I have foolishly created my .changes without signing it and submitted it to the airline for processing. Looking at the bsb logs I see:
INFO:__main__:The PPA is: ppa:pwlars/ci-pool-001
INFO:root:Upload to the ppa: ppa:pwlars/ci-pool-001
INFO:root:Retrieving source file: bash_4.2-5ubuntu4~plars_source.changes
INFO:root:Retrieving source file: bash_4.2-5ubuntu4~plars.diff.gz
INFO:root:Retrieving source file: bash_4.2-5ubuntu4~plars.dsc
$USER not set, will use login information.
Checking signature on .changes
gpg: fatal: can't create directory `/nonexistent/.gnupg': No such file or directory
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
Error in finding signature verification status.
Checking signature on .dsc
Checking signature on .dsc
gpg: fatal: can't create directory `/nonexistent/.gnupg': No such file or directory
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768
Error in finding signature verification status.
Uploading to ppa (via ftp to ppa.launchpad.net):
  Uploading bash_4.2-5ubuntu4~plars.dsc: done.
  Uploading bash_4.2-5ubuntu4~plars.diff.gz: done.
  Uploading bash_4.2-5ubuntu4~plars_source.changes: done.
Successfully uploaded packages.

Somehow, I think we need to have it check that it's signed, or apparently it will just get ignored in the ppa.

Tags: airline
Paul Larson (pwlars)
tags: added: airline
Evan (ev)
Changed in ubuntu-ci-services-itself:
assignee: nobody → Francis Ginther (fginther)
Revision history for this message
Chris Johnston (cjohnston) wrote :

Francis, what did we decide to do with this? I thought we were going to have the CLI check to see if they were signed?

Changed in ubuntu-ci-services-itself:
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Francis Ginther (fginther) wrote :

> Francis, what did we decide to do with this? I thought we were going to have the CLI check to see if they were signed?

We'll need to go with CLI checking. I explored the possibility of having the branch source builder sign packages on it's own, but plars raised some good security points that I'm concerned will grow into a bigger problem then having the CLI do the checking.

To support this, I created a defect to better document the need for users to sign packages and use proper team memberships:
https://bugs.launchpad.net/ubuntu-ci-services-itself/+bug/1287196

Revision history for this message
Ursula Junque (ursinha) wrote :

Filed bug 1290174 to track this CLI change.

Revision history for this message
Paul Larson (pwlars) wrote :

Since https://bugs.launchpad.net/ubuntu-ci-services-itself/+bug/1290174 is fixed now, can we consider this to be made obsolete by that?

Revision history for this message
Andy Doan (doanac) wrote :

i agree. since its fixed in the bsbuilder and we have a bug to fix in the CLI, i see no point.

Changed in ubuntu-ci-services-itself:
status: Confirmed → Fix Released
Ursula Junque (ursinha)
Changed in uci-engine:
assignee: nobody → Francis Ginther (fginther)
importance: Undecided → High
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.