Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 925422 - Failing binpkg signature when TMPDIR is set to directory Portage can't access
Summary: Failing binpkg signature when TMPDIR is set to directory Portage can't access
Status: UNCONFIRMED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Binary packages support (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Portage team
URL:
Whiteboard:
Keywords:
: 926428 (view as bug list)
Depends on:
Blocks: 945384
  Show dependency tree
 
Reported: 2024-02-24 14:17 UTC by Klaus Ethgen
Modified: 2024-11-29 23:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Klaus Ethgen 2024-02-24 14:17:05 UTC
I currently doing a complete new gentoo installation where binpkg is enabled. In the begin it worked until today, when no package signature is correct anymore.

I did not find how to manually check the signatures.

One example package:
--2024-02-24 15:09:10--  https://mirror.init7.net/gentoo/releases/amd64/binpackages/17.1/x86-64/dev-libs/libaio/libaio-0.3.113-1.gpkg.tar
Resolving mirror.init7.net... 109.202.202.202, 2001:1620::1620
Connecting to mirror.init7.net|109.202.202.202|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 61440 (60K) [application/octet-stream]
Saving to: '/var/cache/binpkgs/dev-libs/libaio/libaio-0.3.113-4.gpkg.tar.partial'

     0K .......... .......... .......... .......... .......... 83% 12.8M 0s
    50K ..........                                            100% 18.6T=0.004s

2024-02-24 15:09:11 (15.3 MB/s) - '/var/cache/binpkgs/dev-libs/libaio/libaio-0.3.113-4.gpkg.tar.partial' saved [61440/61440]

!!! Invalid binary package: '/var/cache/binpkgs/dev-libs/libaio/libaio-0.3.113-4.gpkg.tar.partial', GPG verify failed

I tryed getuto several times; even with removing /etc/portage/gnupg.

Here is the content:
~> gpg --homedir=/etc/portage/gnupg --list-keys    
gpg: WARNUNG: Unsichere Zugriffsrechte des Home-Verzeichnis `/etc/portage/gnupg'
/etc/portage/gnupg/pubring.kbx
------------------------------
pub   rsa3072 2024-02-24 [SCEA]
      76E07218017921935F158EC2CD95B7191511ABC7
uid        [ ultimativ ] Portage Local Trust Key (local signing only) <portage@localhost>
sub   rsa3072 2024-02-24 [SEA]

pub   rsa4096 2018-05-28 [C] [verfällt: 2024-07-01]
      EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72
uid        [vollständig] Gentoo repository mirrors (automated git signing key) <repomirrorci@gentoo.org>
sub   rsa2048 2018-05-28 [S] [verfällt: 2024-07-01]

pub   rsa4096 2011-11-25 [C] [verfällt: 2024-07-01]
      DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
uid        [vollständig] Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>
uid        [vollständig] Gentoo Portage Snapshot Signing Key (Automated Signing Key)
sub   rsa4096 2011-11-25 [S] [verfällt: 2024-07-01]

pub   dsa1024 2004-07-20 [SC] [verfällt: 2025-07-01]
      D99EAC7379A850BCE47DA5F29E6438C817072058
uid        [vollständig] Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>
sub   elg2048 2004-07-20 [E] [verfällt: 2025-07-01]

pub   rsa4096 2009-08-25 [SC] [verfällt: 2024-07-01]
      13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
uid        [vollständig] Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
sub   rsa2048 2019-02-23 [S] [verfällt: 2024-07-01]

No installation that needs a binary package work anymore.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-02-24 14:19:50 UTC
It works okay for me right now in a Docker container I'm working on.

Please include the full build.log and emerge --info.
Comment 2 Klaus Ethgen 2024-02-24 14:26:38 UTC
The above IS the full build log!

~> emerge --info
Portage 3.0.61 (python 3.11.8-final-0, default/linux/amd64/17.1/hardened, gcc-13, glibc-2.38-r10, 6.6.16-gentoo-dist x86_64)
=================================================================
System uname: Linux-6.6.16-gentoo-dist-x86_64-Intel-R-_Core-TM-2_Duo_CPU_L7500_@_1.60GHz-with-glibc2.38
KiB Mem:     8058292 total,   5949500 free
KiB Swap:    4194300 total,   4194300 free
Timestamp of repository gentoo: Fri, 23 Feb 2024 19:00:00 +0000
Head commit of repository gentoo: aef0ef66bf7cce12aeea00a3efd0e745def7e095
sh bash 5.1_p16-r6
ld GNU ld (Gentoo 2.41 p5) 2.41.0
ccache version 4.9.1 [enabled]
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.1_p16-r6::gentoo
dev-build/autoconf:        2.71-r6::gentoo
dev-build/automake:        1.16.5-r2::gentoo
dev-build/cmake:           3.27.9::gentoo
dev-build/libtool:         2.4.7-r2::gentoo
dev-build/make:            4.4.1-r1::gentoo
dev-build/meson:           1.3.1-r1::gentoo
dev-lang/perl:             5.38.2-r1::gentoo
dev-lang/python:           3.11.8_p1::gentoo, 3.12.1_p1::gentoo
dev-lang/rust-bin:         1.74.1::gentoo
dev-util/ccache:           4.9.1::gentoo
sys-apps/baselayout:       2.14-r2::gentoo
sys-apps/openrc:           0.53::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-devel/binutils:        2.41-r5::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/gcc:             13.2.1_p20240113-r1::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/llvm:            17.0.6::gentoo
sys-kernel/linux-headers:  6.6::gentoo (virtual/os-headers)
sys-libs/glibc:            2.38-r10::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    volatile: False
    sync-rsync-verify-max-age: 3
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-metamanifest: yes
    sync-rsync-extra-opts: 

Binary Repositories:

gentoobinhost-hardened
    priority: 100
    sync-uri: https://mirror.init7.net/gentoo/releases/amd64/binpackages/17.1/x86-64_hardened

gentoobinhost
    priority: 1
    sync-uri: https://mirror.init7.net/gentoo/releases/amd64/binpackages/17.1/x86-64

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=core2 -O2 -pipe"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS=" --usepkg-exclude 'sys-kernel/gentoo-sources virtual/* dev-perl/*'"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=core2 -O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live ccache config-protect-if-modified distlocks ebuild-locks fixlafiles getbinpkg ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict suidctl unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=core2 -O2 -pipe"
GENTOO_MIRRORS="https://mirror.init7.net/gentoo/ https://distfiles.gentoo.org"
LANG="de_DE"
LC_ALL="C"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
MAKEOPTS="-j3 -l2"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/zsh"
USE="X acl alsa alsa-plugin amd64 bluetooth bzip2 caps cet cli crypt dri fortran gdbm hardened iconv ipv6 jpeg libtirpc multilib ncurses nls openmp pam pcre pcsc-lite pic pie png readline seccomp split-usr ssl ssp test-rust threads udev unicode vaapi vdpau xattr xtpax zlib zsh-completion" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" INPUT_DEVICES="evdev keyboard mouse wacom" KERNEL="linux" L10N="de de-1901 de-DE" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" VIDEO_CARDS="dummy fbdev i965 intel vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
Comment 3 Klaus Ethgen 2024-02-24 14:30:58 UTC
To be clear, I don't believe that the packages are all broken. But I have no idea, what went wrong as there is just little informations. And I have no idea how to check the package manually.

I expect some mismatch in signatures but as I have no furter informations, that is hard to prove (and to fix).
Comment 4 Klaus Ethgen 2024-02-24 14:38:17 UTC
I found a clue:

gpg: WARNING: unsafe ownership on homedir '/etc/portage/gnupg'
gpg: can't open '/tmp/root/portage-sign-zkspbzl9.sig': Permission denied
gpg: verify signatures failed: Permission denied
[GNUPG:] FAILURE verify 33587201

/tmp/root is only readable by root... And The unsafe ownership is just a warning.
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-02-24 14:39:46 UTC
Do you have GPG_VERIFY_USER_DROP, GPG_VERIFY_GROUP_DROP, or any other GPG_ or similar variables set in make.conf or environment (check `env`)?
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-02-24 14:40:00 UTC
(In reply to Sam James from comment #5)
> Do you have GPG_VERIFY_USER_DROP, GPG_VERIFY_GROUP_DROP, or any other GPG_
> or similar variables set in make.conf or environment (check `env`)?

BINPKG_* too
Comment 7 Klaus Ethgen 2024-02-24 14:42:52 UTC
… and that leaded to the bug. Portage is using the TMPDIR environment of root, which is not usable for user portage. When it is unset, it works.

So, portage should unset such variables or set them accordingly.
Comment 8 Klaus Ethgen 2024-02-24 14:43:36 UTC
For completenes, this is my make.conf:
COMMON_FLAGS="-march=core2 -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"

# NOTE: This stage was built with the bindist Use flag enabled
#PORTDIR="/usr/portage"
#DISTDIR="/usr/portage/distfiles"
#PKGDIR="/usr/portage/packages"

# This sets the language of build output to English.
# Please keep this setting intact when reporting bugs.
LC_MESSAGES=C
MAKEOPTS="-j3 -l2"

GENTOO_MIRRORS="https://mirror.init7.net/gentoo/ https://distfiles.gentoo.org"

USE="-avahi -dbus -elogind -gnome -gnome-keyring -mono -networkmanager -policykit -portaudio -pulseaudio -systemd -tcpd -upnp -upnp-av -zeroconf alsa alsa-plugin bluetooth caps jpeg pcsc-lite png threads udev vaapi vdpau X zsh-completion"

L10N="de de-1901 de-DE"

FEATURES="ccache getbinpkg suidctl"

CCACHE_SIZE="1G"

INPUT_DEVICES="evdev keyboard mouse wacom"
VIDEO_CARDS="dummy fbdev i965 intel vesa"

EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --usepkg-exclude 'sys-kernel/gentoo-sources virtual/* dev-perl/*'"
Comment 9 Klaus Ethgen 2024-02-24 17:44:07 UTC
Note that the only help is to unset the $TMPDIR as root. Keeping it and unset TMPDIR in /etc/portage/bashrc does not work (But creates other errors), neither explicitly setting that variable over there.
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-03-08 17:42:45 UTC
*** Bug 926428 has been marked as a duplicate of this bug. ***
Comment 11 Mike Gilbert gentoo-dev 2024-03-08 18:35:22 UTC
I would say that invoking Portage with a TMPDIR that is not accessible to the portage user is error on the part of the user.

You should either unset TMPDIR before calling Portage, or set TMPDIR in make.conf.
Comment 12 Zac Medico gentoo-dev 2024-03-08 18:48:11 UTC
(In reply to Mike Gilbert from comment #11)
> You should either unset TMPDIR before calling Portage, or set TMPDIR in
> make.conf.


For make.conf TMPDIR settings to be effective it looks like we would need the make.conf environment to propagate to this subprocess.run call:

>     def _run_trust_helper(self):
>         portage_trust_helper = self.settings.get("PORTAGE_TRUST_HELPER", "")
>         if portage_trust_helper == "":
>             return
>         try:
>             ret = subprocess.run(portage_trust_helper)
>         except FileNotFoundError:
>             writemsg(
>                 _(
>                     "\n!!! Portage trust helper %s for binary packages not found\n!!! Continuing, but did you install app-portage/getuto?\n"
>                 )
>                 % portage_trust_helper,
>                 noiselevel=-1,
>             )
>             return
>         ret.check_returncode()
Comment 13 Mike Gilbert gentoo-dev 2024-03-08 18:49:25 UTC
Ah, my bad.

Thinking on it more, maybe we should set TMPDIR=${PORTAGE_TMPDIR} anyway.
Comment 14 Zac Medico gentoo-dev 2024-03-08 18:56:25 UTC
There are probably lots of variables we could sanitize better when dropping privileges. We have special setup for the LOGNAME variable in a couple of places:

lib/portage/package/ebuild/fetch.py:        env["LOGNAME"] = logname
lib/portage/sync/controller.py:                spawn_kwargs["env"]["LOGNAME"] = logname
lib/portage/sync/controller.py:                spawn_kwargs["env"]["LOGNAME"] = pw.pw_name