When trying to emerge a binpkg I just get this exception: # LC_ALL=C emerge -k firefox Local copy of remote index is up-to-date and will be used. Local copy of remote index is up-to-date and will be used. Local copy of remote index is up-to-date and will be used. These are the packages that would be merged, in reverse order: Calculating dependencies... done! Dependency resolution took 6.48 s (backtrack: 0/20). [binary R ] www-client/firefox-115.5.0-2 >>> Running pre-merge checks for www-client/firefox-115.5.0 !!! gpg: WARNING: unsafe ownership on homedir '/etc/portage/gnupg' [GNUPG:] PLAINTEXT 74 0 [GNUPG:] NEWSIG gpg: Signature made Thu Dec 7 00:56:12 2023 CET gpg: using RSA key CE5236E04A99641DC6794A5C2171B35124FF94BF [GNUPG:] ERRSIG 2171B35124FF94BF 1 10 01 1701906972 9 CE5236E04A99641DC6794A5C2171B35124FF94BF [GNUPG:] NO_PUBKEY 2171B35124FF94BF gpg: Can't check signature: No public key gpg: can't create `/etc/portage/gnupg/random_seed': Permission denied ================================================================================================ ======== Traceback for invalid call to portage.package.ebuild.config.config.__getitem__ ======== File "/usr/lib/python-exec/python3.11/emerge", line 88, in <module> main() File "/usr/lib/python-exec/python3.11/emerge", line 57, in main retval = emerge_main() File "/usr/lib/python3.11/site-packages/_emerge/main.py", line 1308, in emerge_main return run_action(emerge_config) File "/usr/lib/python3.11/site-packages/_emerge/actions.py", line 4007, in run_action retval = action_build(emerge_config, spinner=spinner) File "/usr/lib/python3.11/site-packages/_emerge/actions.py", line 678, in action_build retval = mergetask.merge() File "/usr/lib/python3.11/site-packages/_emerge/Scheduler.py", line 1152, in merge rval = self._merge() File "/usr/lib/python3.11/site-packages/_emerge/Scheduler.py", line 1592, in _merge rval = self._sched_iface.run_until_complete( File "/usr/lib/python3.11/site-packages/portage/util/_eventloop/asyncio_event_loop.py", line 149, in _run_until_complete return self._loop.run_until_complete(future) File "/usr/lib/python3.11/asyncio/base_events.py", line 640, in run_until_complete self.run_forever() File "/usr/lib/python3.11/asyncio/base_events.py", line 607, in run_forever self._run_once() File "/usr/lib/python3.11/asyncio/base_events.py", line 1922, in _run_once handle._run() File "/usr/lib/python3.11/asyncio/events.py", line 80, in _run self._context.run(self._callback, *self._args) File "/usr/lib/python3.11/site-packages/_emerge/AsynchronousTask.py", line 209, in _exit_listener_cb listener(self) File "/usr/lib/python3.11/site-packages/_emerge/EbuildPhase.py", line 288, in _ebuild_exit self._ebuild_exit_unlocked(ebuild_process) File "/usr/lib/python3.11/site-packages/_emerge/EbuildPhase.py", line 340, in _ebuild_exit_unlocked _post_phase_userpriv_perms(settings) File "/usr/lib/python3.11/site-packages/portage/package/ebuild/doebuild.py", line 2230, in _post_phase_userpriv_perms for path in (mysettings["HOME"], mysettings["T"]): File "/usr/lib/python3.11/site-packages/portage/package/ebuild/config.py", line 3116, in __getitem__ return self._getitem(key) ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/portage/package/ebuild/config.py", line 3193, in _getitem raise KeyError(mykey) KeyError: 'T' ================================================================================================ [ERROR] Exception in callback AsynchronousTask._exit_listener_cb(<bound method...7fea434a3be0>>) handle: <Handle AsynchronousTask._exit_listener_cb(<bound method...7fea434a3be0>>)> Traceback (most recent call last): File "/usr/lib/python3.11/asyncio/events.py", line 80, in _run self._context.run(self._callback, *self._args) File "/usr/lib/python3.11/site-packages/_emerge/AsynchronousTask.py", line 209, in _exit_listener_cb listener(self) File "/usr/lib/python3.11/site-packages/_emerge/EbuildPhase.py", line 288, in _ebuild_exit self._ebuild_exit_unlocked(ebuild_process) File "/usr/lib/python3.11/site-packages/_emerge/EbuildPhase.py", line 340, in _ebuild_exit_unlocked _post_phase_userpriv_perms(settings) File "/usr/lib/python3.11/site-packages/portage/package/ebuild/doebuild.py", line 2230, in _post_phase_userpriv_perms for path in (mysettings["HOME"], mysettings["T"]): ~~~~~~~~~~^^^^^ File "/usr/lib/python3.11/site-packages/portage/package/ebuild/config.py", line 3116, in __getitem__ return self._getitem(key) ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/portage/package/ebuild/config.py", line 3193, in _getitem raise KeyError(mykey) KeyError: 'T' ============================================= emerge --info: Portage 3.0.57 (python 3.11.6-final-0, default/linux/amd64/17.1/desktop/plasma/systemd/merged-usr, gcc-13, glibc-2.37-r7, 6.1.60-gentoo-dist x86_64) ================================================================= System uname: Linux-6.1.60-gentoo-dist-x86_64-Intel-R-_Core-TM-_i7-10510U_CPU_@_1.80GHz-with-glibc2.37 KiB Mem: 65526772 total, 24534612 free KiB Swap: 33554428 total, 28846140 free Timestamp of repository gentoo: Sun, 17 Dec 2023 15:01:55 +0000 Head commit of repository gentoo: 93117aadab2fdda440767c89c58bbefe1a19ae52 Head commit of repository mschiff: d38d630e3c7b5c1e2f5c32916c03329231c9d0ed sh bash 5.1_p16-r6 ld GNU ld (Gentoo 2.40 p7) 2.40.0 distcc 3.4 x86_64-pc-linux-gnu [disabled] ccache version 4.8.2 [enabled] app-misc/pax-utils: 1.3.5::gentoo app-shells/bash: 5.1_p16-r6::gentoo dev-java/java-config: 2.3.1-r1::gentoo dev-lang/perl: 5.38.0-r1::gentoo dev-lang/python: 3.11.6::gentoo, 3.12.1::gentoo dev-lang/rust: 1.71.1::gentoo dev-util/ccache: 4.8.2::gentoo dev-util/cmake: 3.27.7::gentoo dev-util/meson: 1.2.3::gentoo sys-apps/baselayout: 2.14-r1::gentoo sys-apps/openrc: 0.48::gentoo sys-apps/sandbox: 2.38::gentoo sys-apps/systemd: 254.5-r1::gentoo sys-devel/autoconf: 2.13-r7::gentoo, 2.71-r6::gentoo sys-devel/automake: 1.16.5-r1::gentoo sys-devel/binutils: 2.40-r9::gentoo, 2.41-r2::gentoo sys-devel/binutils-config: 5.5::gentoo sys-devel/clang: 15.0.7-r3::gentoo, 16.0.6::gentoo sys-devel/gcc: 13.2.1_p20230826::gentoo sys-devel/gcc-config: 2.11::gentoo sys-devel/libtool: 2.4.7-r1::gentoo sys-devel/lld: 15.0.7::gentoo, 16.0.6::gentoo sys-devel/llvm: 15.0.7-r3::gentoo, 16.0.6::gentoo sys-devel/make: 4.4.1-r1::gentoo sys-kernel/linux-headers: 6.1::gentoo (virtual/os-headers) sys-libs/glibc: 2.37-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: git sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git priority: -1000 volatile: True mschiff location: /home/mschiff/gentoo/overlays/mschiff sync-type: git sync-uri: git://anongit.gentoo.org/dev/mschiff.git masters: gentoo priority: 50 volatile: True Binary Repositories: binhost priority: 900 sync-uri: https://mirror.leaseweb.com/gentoo/releases/amd64/binpackages/17.1/x86-64 Installed sets: @system ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA Q3AEULA PUEL dlj-1.1 skype-4.0.0.7-copyright googleearth AdobeFlash-11.x google-talkplugin Oracle-BCLA-JavaSE Google-TOS TeamViewer google-chrome RAR" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=skylake -mno-hle -mno-rtm -mtune=skylake" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/stunnel/stunnel.conf /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -march=skylake -mno-hle -mno-rtm -mtune=skylake" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--keep-going --load-average=3.0 --tree --quiet-build=n --verbose-conflicts --autounmask --autounmask-keep-keywords=n --autounmask-write --autounmask-unrestricted-atoms --autounmask-continue --keep-going --load-average=6.0 --tree --quiet-build=n --verbose-conflicts --jobs=5 --getbinpkg --autounmask --autounmask-keep-keywords=n --autounmask-write --autounmask-unrestricted-atoms --autounmask-continue --rebuilt-binaries=n --quiet-build=y --verbose-conflicts " ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -pipe -march=skylake -mno-hle -mno-rtm -mtune=skylake" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance binpkg-request-signature binpkg-signing buildpkg-live ccache compressdebug config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles gpg-keepalive ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms sign strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -march=skylake -mno-hle -mno-rtm -mtune=skylake" GENTOO_MIRRORS="https://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ https://ftp.agdsn.de/gentoo https://ftp.fau.de/gentoo https://ftp.gwdg.de/pub/linux/gentoo/ https://ftp.halifax.rwth-aachen.de/gentoo/ https://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ https://ftp.tu-ilmenau.de/mirror/gentoo/ https://ftp.uni-hannover.de/gentoo/ https://ftp.uni-stuttgart.de/gentoo-distfiles/ https://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ https://mirror.dogado.de/gentoo https://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo/ https://mirror.netcologne.de/gentoo/ https://mirror.netzwerge.de/gentoo/ https://packages.hs-regensburg.de/gentoo-distfiles/" LANG="C.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LEX="flex" LINGUAS="de" MAKEOPTS="-j5 -l3" PKGDIR="/usr/portage/packages" PORTAGE_BINHOST="https://<redacted>/packages/" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" SHELL="/bin/bash" USE="X a52 aac aalib acl acpi activities adns aes akonadi alsa amd64 ao audiofile avx avx2 bluetooth branding bzip2 cairo cdda cddb cdr chm cli crypt cryptsetup css cups dbus declarative device-mapper dhclient dist-kernel djvu dri dts dvd dvdr ebook encode exif f16c ffmpeg flac fma3 fortran gdbm gdm gif gimp gnome-shell google-gadgets gpm gtk gui iconv icu id3tag ieee1394 iproute2 ipv6 jpeg jpeg2k kde kipi kwallet l7filter lame laptop lcms libnotify libtirpc lm_sensors lzma mad mjpeg mmx mmxext mng mp3 mp4 mpeg mtp multilib musicbrainz mysql ncurses networkmanager nls nptl ogg openexr opengl openmp pam pango pclmul pcmcia pcre pdf pipewire plasma plymouth png policykit popcnt postgres ppds pulseaudio qml qt5 rdrand readline real resolvconf rss samba screencast sdl seccomp semantic-desktop smapi sndfile sound spell sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification svg systemd test-rust theora thumbnail tiff truetype udev udisks unicode upower usb vaapi vcd vdpau verify-sig vnc vorbis vulkan wayland webkit widgets wifi win32codecs wxwidgets x264 xattr xcb xcomposite xft xml xrandr xscreensaver xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" CAMERAS="canon fuji" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="openssl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GRUB_PLATFORMS="multiboot pc qemu efi-64" INPUT_DEVICES="evdev synaptics" KERNEL="linux" L10N="de en" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby31" VIDEO_CARDS="intel i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
It looks like it tried to run pkg_pretend and failed, but it seems like it should not have tried due to an earlier signature verification failure.
It looks like it probably raised InvalidSignature in Scheduler._run_pkg_pretend here: await bintree.dbapi.unpack_metadata(settings, infloc, loop=loop) Then it probably failed running the clean phase in the finally block here: finally: if current_task is not None: if current_task.isAlive(): current_task.cancel() if current_task.returncode == os.EX_OK: clean_phase = EbuildPhase( background=False, phase="clean", scheduler=sched_iface, settings=settings, ) clean_phase.start() await clean_phase.async_wait() It looks like current_task was a successful BinpkgVerifier instance. We could set current_task to None here because the current task is really the bintree.dbapi.unpack_metadata coroutine.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=1477124cc20c8ff3ca3be07efe98fafeb9999990 commit 1477124cc20c8ff3ca3be07efe98fafeb9999990 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2023-12-18 18:35:14 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2023-12-18 18:35:46 +0000 Scheduler: Reset current_task in _run_pkg_pretend For completed tasks, reset current_task to None so that it does not cause the clean phase to execute with an invalid environment in the finally block. Bug: https://bugs.gentoo.org/920258 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/_emerge/Scheduler.py | 4 ++++ 1 file changed, 4 insertions(+)
With the fix in comment #3 we should be able to see a InvalidSignature, which we can handle similarly to a fetch or digest verification error.
For the InvalidSignature exception from unpack_metadata in _run_pkg_pretend, we might use an error message like "!!! Invalid binary package" is used for SignatureException in this commit: https://gitweb.gentoo.org/proj/portage.git/commit/?id=ad7882a1cba4cedf6288abeff0fd2b8052b5302a After the error, we can call Scheduer._record_pkg_failure, which will allow the package to be skipped if appropriate (when --keep-going is enabled).
(In reply to Zac Medico from comment #4) > With the fix in comment #3 we should be able to see a InvalidSignature, > which we can handle similarly to a fetch or digest verification error. Looks good to me! But due to local circumstances I cannot fully test it here ATM but from a quick test I saw that I was able to install packages again without having to disable binkg usage. Thanks!
(In reply to Zac Medico from comment #5) > For the InvalidSignature exception from unpack_metadata in _run_pkg_pretend, > we might use an error message like "!!! Invalid binary package" is used for > SignatureException in this commit: > > https://gitweb.gentoo.org/proj/portage.git/commit/ > ?id=ad7882a1cba4cedf6288abeff0fd2b8052b5302a > > After the error, we can call Scheduer._record_pkg_failure, which will allow > the package to be skipped if appropriate (when --keep-going is enabled). If a user could somehow see that its actually the signature that could not be verified that would be very useful I think. And also some more details would be good: Could the signature not be verified because the signature was bad or because the pubkey was not available?
(In reply to Marc Schiffbauer from comment #7) > If a user could somehow see that its actually the signature that could not > be verified that would be very useful I think. And also some more details > would be good: Could the signature not be verified because the signature was > bad or because the pubkey was not available? It will still dump all of the gpg stderr output shown in comment #1, so maybe that's enough? The "Invalid binary package" message added in https://github.com/gentoo/portage/pull/1217 also includes the exception string which would be "GPG verify failed" in this case.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=fbd6909c24f51ad79fb313ddd7043b4a40de91a6 commit fbd6909c24f51ad79fb313ddd7043b4a40de91a6 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2023-12-26 21:37:24 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2023-12-26 22:01:51 +0000 Scheduler: Handle unpack_metadata SignatureException in _run_pkg_pretend This will handle the InvalidSignature exception that triggered bug 920258, allowing emerge --keep-going to skip the package if possible. All of the gpg stderr output is dumped before the exception is raised, as shown in bug 920258 comment #0. Bug: https://bugs.gentoo.org/920258 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/_emerge/Scheduler.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a1f19cdd7a598070b7eb08b3954e677aa4868ad commit 0a1f19cdd7a598070b7eb08b3954e677aa4868ad Author: Sam James <sam@gentoo.org> AuthorDate: 2023-12-27 21:27:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-27 21:28:01 +0000 sys-apps/portage: add 3.0.59 Closes: https://bugs.gentoo.org/587088 Closes: https://bugs.gentoo.org/822033 Closes: https://bugs.gentoo.org/915494 Closes: https://bugs.gentoo.org/916135 Closes: https://bugs.gentoo.org/917120 Closes: https://bugs.gentoo.org/919862 Closes: https://bugs.gentoo.org/920095 Closes: https://bugs.gentoo.org/920258 Closes: https://bugs.gentoo.org/920537 Closes: https://bugs.gentoo.org/920654 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-3.0.59.ebuild | 246 +++++++++++++++++++++++++++++++++ 2 files changed, 247 insertions(+)