GnuPG recently made "keyboxd", an alternative keyring storage, the
default for new installs [1]. For reasons I cannot explain yet, a gpg
command will hang indefinetly trying to talk to keyboxd, if all of the
following are true:
- keyboxd is already running for the user
- it is managed by the systemd-user session (!?)
- the gpg command is run inside fakeroot
This is easily reproducible on builds.sr.ht: when building and signing a
package with `makepkg`, it will just hang forever after outputting
"Entering fakeroot environment". One can see in the process tree that it
is executing a gpg command inside a fakeroot at that time, which never
finishes.
While I have not found the cause, this issue is not isolated to
builds.sr.ht. I have reproduced this on other Arch Linux systems.
I am trying to figure out what the exact issue is, and whom to talk to
about it, but until then I think just avoiding keyboxd makes sense. As
described in [1], GnuPGP will only default keyboxd if it has to create
`~/.gnupg` when running. I verified that indeed only the empty directory
being present is already sufficient to make GnuPG fall back to the old
storage format.
Hence, this commit simply creates the build user's `~/.gnupg` with the
appropriate permissions, so that keyboxd will not be used.
[1] https://github.com/gpg/gnupg/blob/master/README#L119
---
images/archlinux/genimg | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/images/archlinux/genimg b/images/archlinux/genimg
index 58e55ab..503d8f1 100755
--- a/images/archlinux/genimg
+++ b/images/archlinux/genimg
@@ -133,6 +133,11 @@ cat > "$root"/home/build/.gitconfig << EOF
email = builds@sr.ht
EOF
run_root chown build:build /home/build/.gitconfig
+# Nudge GnuPG to _not_ use the new keyboxd, it does not play nice with fakeroot
+# and hence breaks makepkg (the package signing part)
+run_root mkdir /home/build/.gnupg
+run_root chown build:build /home/build/.gnupg
+run_root chmod 0700 /home/build/.gnupg
run_root pacman --noconfirm -Rs go
paccache -rk0 -c "$root/var/cache/pacman/pkg"
--
2.43.0