Bug 854492

Summary:	sys-libs/compiler-rt-sanitizers-14.0.6[verify-sig]: gpg: can't connect to the agent: IPC connect call failed
Product:	Gentoo Linux	Reporter:	Sam James <sam>
Component:	Current packages	Assignee:	LLVM support project <llvm>
Status:	RESOLVED FIXED
Severity:	normal	CC:	mgorny
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/28180
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	build.log

Description Sam James archtester

2022-06-26 22:09:47 UTC

>>> Emerging (1 of 2) sys-libs/compiler-rt-sanitizers-14.0.6::gentoo
 * llvm-project-14.0.6.src.tar.xz BLAKE2B SHA512 size ;-) ...                                                                                                                         [ ok ]
 * llvm-project-14.0.6.src.tar.xz.sig BLAKE2B SHA512 size ;-) ...                                                                                                                     [ ok ]
 * llvm-gentoo-patchset-14.0.6.tar.xz BLAKE2B SHA512 size ;-) ...                                                                                                                     [ ok ]
 * Checking whether python3_10 is suitable ...
 *   >=dev-lang/python-3.10.0_p1-r1:3.10 ...                                                                                                                                          [ ok ]
 *   python_check_deps ...                                                                                                                                                            [ ok ]
 * Using python3.10 to build (via PYTHON_COMPAT iteration)
>>> Unpacking source...
 * Verifying llvm-project-14.0.6.src.tar.xz ...
ERROR:root:OpenPGP key import failed:
gpg: keybox '/var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/temp/gemato.70iflpqi/pubring.kbx' created
gpg: /var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/temp/gemato.70iflpqi/trustdb.gpg: trustdb created
gpg: key A2C794A986419D8A: public key "Tom Stellard <tstellar@redhat.com>" imported
gpg: can't connect to the agent: IPC connect call failed
gpg: Total number processed: 1
gpg:               imported: 1

 * ERROR: sys-libs/compiler-rt-sanitizers-14.0.6::gentoo failed (unpack phase):
 *   PGP signature verification failed
 * 
 * Call stack:
 *     ebuild.sh, line  127:  Called src_unpack
 *   environment, line 3545:  Called llvm.org_src_unpack
 *   environment, line 2639:  Called verify-sig_verify_detached '/var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/distdir/llvm-project-14.0.6.src.tar.xz' '/var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/distdir/llvm-project-14.0.6.src.tar.xz.sig'
 *   environment, line 4445:  Called die
 * The specific snippet of code:
 *               gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- gpg --verify "${sig}" "${file}" || die "PGP signature verification failed"
 * 
 * If you need support, post the output of `emerge --info '=sys-libs/compiler-rt-sanitizers-14.0.6::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=sys-libs/compiler-rt-sanitizers-14.0.6::gentoo'`.
 * The complete build log is located at '/var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/temp/environment'.
 * Working directory: '/var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/work'
 * S: '/var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/work/compiler-rt'

----
Portage 3.0.30 (python 3.11.0-beta-3, default/linux/amd64/17.1/hardened, gcc-12.1.1, glibc-2.35-r7, 5.15.49-adry x86_64)
=================================================================
System uname: Linux-5.15.49-adry-x86_64-11th_Gen_Intel-R-_Core-TM-_i7-11800H_@_2.30GHz-with-glibc2.35
KiB Mem:    16101452 total,  10068204 free
KiB Swap:    8388604 total,   8388604 free
Timestamp of repository gentoo: Sun, 26 Jun 2022 09:16:36 +0000
Head commit of repository gentoo: d1c8d9dd9a9f83ced73b3668ce6490dcaa3390e5

Timestamp of repository emacs: Wed, 22 Jun 2022 16:10:21 +0000
Head commit of repository emacs: af7f0cc64b9166a848658a5ef63a5626672965cd

Timestamp of repository kde: Wed, 22 Jun 2022 16:10:41 +0000
Head commit of repository kde: cdc5abad1085b140e07ac610ff422d1cd04173c4

Timestamp of repository qt: Wed, 22 Jun 2022 16:10:27 +0000
Head commit of repository qt: 42a2a03ea26968ddb36fbb9935964c84c892a3e2

sh dash 0.5.11.5
ld GNU ld (Gentoo 2.38 p4) 2.38
ccache version 4.6.1 [disabled]
app-misc/pax-utils:        1.3.4::gentoo
app-shells/bash:           5.1_p16::gentoo
dev-java/java-config:      2.3.1::gentoo
dev-lang/perl:             5.36.0::gentoo
dev-lang/python:           3.8.13_p2::gentoo, 3.9.13::gentoo, 3.10.5::gentoo, 3.11.0_beta3::gentoo
dev-lang/rust-bin:         1.61.0::gentoo
dev-util/ccache:           4.6.1::gentoo
dev-util/cmake:            3.23.2::gentoo
dev-util/meson:            0.62.2::gentoo
sys-apps/baselayout:       2.8::gentoo
sys-apps/openrc:           9999::gentoo
sys-apps/sandbox:          2.29::gentoo
sys-devel/autoconf:        2.13-r2::gentoo, 2.71-r1::gentoo
sys-devel/automake:        1.16.5::gentoo
sys-devel/binutils:        2.38-r3::gentoo
sys-devel/binutils-config: 5.4.1::gentoo
sys-devel/clang:           13.0.1::gentoo, 14.0.6::gentoo
sys-devel/gcc:             11.3.1_p20220624::gentoo, 12.1.1_p20220625::gentoo
sys-devel/gcc-config:      2.5-r1::gentoo
sys-devel/libtool:         2.4.7::gentoo
sys-devel/lld:             14.0.6::gentoo
sys-devel/llvm:            13.0.1::gentoo, 14.0.6::gentoo
sys-devel/make:            4.3::gentoo
sys-kernel/linux-headers:  5.18-r1::gentoo (virtual/os-headers)
sys-libs/glibc:            2.35-r7::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000
    sync-git-verify-commit-signature: yes
    sync-git-clone-extra-opts: -b stable -c gc.reflogExpire=0 -c gc.reflogExpireUnreachable=0 -c gc.rerereresolved=0 -c gc.rerereunresolved=0 -c gc.pruneExpire=now

emacs
    location: /var/db/repos/emacs
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/emacs.git
    masters: gentoo

kde
    location: /var/db/repos/kde
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/kde.git
    masters: gentoo

local
    location: /var/db/repos/local
    masters: gentoo

qt
    location: /var/db/repos/qt
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/qt.git
    masters: gentoo

sam_c
    location: /home/sjames/git/overlay
    masters: gentoo
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches -ggdb3"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/stunnel/stunnel.conf /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches -D_GLIBCXX_ASSERTIONS -ggdb3"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--keep-going=y --complete-graph --deep --changed-deps-report=y --usepkg=n --usepkg-exclude sys-fs/zfs --usepkg-exclude sys-fs/zfs-kmod --usepkg-exclude nvidia-drivers --usepkg-exclude gentoo-kernel --implicit-system-deps=n"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg buildpkg-live compressdebug config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles installsources ipc-sandbox mount-sandbox multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches"
GENTOO_MIRRORS="http://mirror.bytemark.co.uk/gentoo/ http://www.mirrorservice.org/sites/distfiles.gentoo.org/ http://mirrors.soeasyto.com/distfiles.gentoo.org/ http://mirrors.gethosted.online/gentoo"
LANG="en_GB.utf8"
LDFLAGS="-fuse-ld=lld -Wl,--as-needed -Wl,-z,relro,-z,now"
LINGUAS="en en_GB"
MAKEOPTS="-j16"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp/portage.notmp"
RUSTFLAGS="-C target-cpu=native"
SHELL="/bin/bash"
USE="PIC X a52 aac acl acpi activities aes alsa amd64 avx avx2 avx512bw avx512cd avx512dq avx512f avx512vbmi avx512vl bash-completion bluetooth branding bzip2 cairo caps cdda cdr cet clang crypt dbus declarative dist-kernel dri dts dvd dvdr elogind emacs encode exif f16c flac fma3 fortran gif gles2 gmp gpm graphite gtk gui hardened hunspell iconv icu ipv6 iwd jit jpeg kde kwallet lcms libglvnd libnotify libtirpc lto mad mmx mmxext mng mp3 mp4 mpeg multilib ncurses networkmanager nptl ogg opengl openmp pam pango pclmul pcre pdf pgo pic pie pipewire plasma png policykit popcnt ppds pulseaudio qml qt5 rdrand readline screencast sdl seccomp semantic-desktop sha smartcard spell split-usr sse sse2 sse3 sse4_1 sse4_2 ssl ssp ssse3 startup-notification svg syslog system-av1 system-binutils system-boost system-bootstrap system-cairo system-clang system-digest system-ffmpeg system-harfbuzz system-heimdal system-icu system-jpeg system-jsoncpp system-leveldb system-libevent system-libs system-libvpx system-libyaml system-lz4 system-mitkrb5 system-sqlite system-ssl system-tbb system-uulib system-webp system-zlib threads tiff truetype udev udisks unicode upower usb vaapi verify-sig vorbis vulkan wayland widgets x264 xattr xcb xml xtpax xv xvid zlib zsh-completion zstd" ABI_X86="32 64" ADA_TARGET="gnat_2020" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 avx512f avx512dq avx512cd avx512bw avx512vl avx512vbmi f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-GB" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_10" PYTHON_TARGETS="python3_9 python3_10 python3_11 python3_8" RUBY_TARGETS="ruby26 ruby27" USERLAND="GNU" VIDEO_CARDS="intel i965 iris nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LEX, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, SIZE, STRINGS, STRIP, YACC, YFLAGS

Comment 1 Sam James archtester

2022-06-26 22:10:13 UTC

Created attachment 787841 [details]
build.log

Comment 2 Sam James archtester

2022-06-26 22:10:55 UTC

What's weird is that other verify-sig packages (outside of LLVM, I guess) are fine:
```
>>> Emerging (1 of 1) sys-apps/sed-4.8::gentoo
 * sed-4.8.tar.xz BLAKE2B SHA512 size ;-) ...                                                                                                                                         [ ok ]
 * sed-4.8.tar.xz.sig BLAKE2B SHA512 size ;-) ...                                                                                                                                     [ ok ]
>>> Unpacking source...
 * Verifying sed-4.8.tar.xz ...
gpg: Signature made Wed Jan 15 04:12:10 2020 GMT
gpg:                using RSA key 155D3FC500C834486D1EEA677FD9FCCB000BEEEE
gpg: Good signature from "Jim Meyering <jim@meyering.net>" [ultimate]
gpg:                 aka "Jim Meyering <meyering@redhat.com>" [ultimate]
gpg:                 aka "Jim Meyering <meyering@gnu.org>" [ultimate]
>>> Unpacking sed-4.8.tar.xz to /var/tmp/portage.notmp/portage/sys-apps/sed-4.8/work
>>> Unpacking sed-4.8.tar.xz.sig to /var/tmp/portage.notmp/portage/sys-apps/sed-4.8/work
unpack sed-4.8.tar.xz.sig: file format not recognized. Ignoring.
>>> Source unpacked in /var/tmp/portage.notmp/portage/sys-apps/sed-4.8/work
>>> Preparing source in /var/tmp/portage.notmp/portage/sys-apps/sed-4.8/work/sed-4.8 ...
>>> Source prepared.
>>> Configuring source in /var/tmp/portage.notmp/portage/sys-apps/sed-4.8/work/sed-4.8 ...
```

Comment 3 Sam James archtester

2022-06-26 22:11:33 UTC

In fact, even Clang is okay, but not compiler-rt-sanitizers!

Comment 4 Sam James archtester

2022-06-26 22:13:55 UTC

Works okay outside of Portage:
```
# gemato gpg-wrap -K /usr/share/openpgp-keys/llvm.asc -R -- gpg --verify /var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/distdir/llvm-project-14.0.6.src.tar.xz.sig /var/tmp/portage.notmp/portage/sys-libs/compiler-rt-sanitizers-14.0.6/distdir/llvm-project-14.0.6.src.tar.xz
gpg: Signature made Sat Jun 25 05:09:12 2022 BST
gpg:                using RSA key 474E22316ABF4785A88C6E8EA2C794A986419D8A
gpg: Good signature from "Tom Stellard <tstellar@redhat.com>" [ultimate]
```

And as non-root.

Comment 5 Sam James archtester

2022-06-26 22:21:43 UTC

Apparently it can't handle the dir being "/var/tmp/portage.notmp". Maybe permissions or something (although they seem right to me).

Comment 6 Michał Górny archtester

2022-06-27 04:35:17 UTC

Maybe it exceeds UNIX socket path limit.  Try setting a shorter TMPDIR inside the verify-sig eclass.  If that helps, I can update it to use a shorter TMPDIR for gpg invocations.

Comment 7 Andrew John Hughes 2022-11-07 19:19:44 UTC

(In reply to Michał Górny from comment #6)
> Maybe it exceeds UNIX socket path limit.  Try setting a shorter TMPDIR
> inside the verify-sig eclass.  If that helps, I can update it to use a
> shorter TMPDIR for gpg invocations.

That seems to be it. The long package name 'compiler-rt-sanitizers' seems to push it over the limit. The other LLVM packages, with shorter names but using the same eclass, work fine.

The following was working for me at the command prompt but not during the build:

gemato gpg-wrap -K /usr/share/openpgp-keys/llvm.asc -R -- gpg --verify /mnt/scratch/portage/portage/sys-libs/compiler-rt-sanitizers-14.0.6/distdir/llvm-project-14.0.6.src.tar.xz.sig /mnt/scratch/portage/portage/sys-libs/compiler-rt-sanitizers-14.0.6/distdir/llvm-project-14.0.6.src.tar.xz

I altered TMPDIR to be /mnt/scratch instead of /mnt/scratch/portage (it seems it creates its own portage subdirectory anyway) and the build worked.

I don't know whether it's worth using a shortened name in the compiler-rt-sanitizers ebuild or perhaps adding a length check in the llvm.org eclass. Just using a shortened name should reduce the likelihood of hitting this. As you can see, shaving off just eight characters worked for me.

Comment 8 Larry the Git Cow gentoo-dev

2022-11-10 17:08:13 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48b23e4578736c4e9d29c270ce3be72be73a9405

commit 48b23e4578736c4e9d29c270ce3be72be73a9405
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2022-11-08 04:45:44 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2022-11-10 17:08:10 +0000

    verify-sig.eclass: Workaround GPG problems with long TMPDIR
    
    Force using TMPDIR=/tmp to workaround GPG failing when TMPDIR happens
    to be long enough to cause UNIX socket paths to exceed the system limit.
    
    Closes: https://bugs.gentoo.org/854492
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 eclass/verify-sig.eclass | 6 ++++++
 1 file changed, 6 insertions(+)