Bug 447326

Summary: don't build with gpg2 2.3.3 (gpg: key generation failed: Unknown elliptic curve)
Product: [Unmaintained] trojita Reporter: Илья Индиго <ilya>
Component: CryptographyAssignee: Trojita default assignee <trojita-bugs>
Status: RESOLVED FIXED    
Severity: major CC: heiko.becker
Priority: NOR    
Version: git   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: gpg2-2.3.patch

Description Илья Индиго 2021-12-21 10:32:11 UTC
https://build.opensuse.org/package/show/home:13ilya/trojita
The latest git version stopped building in openSUSE Tumbleweed.
https://build.opensuse.org/package/live_build_log/home:13ilya/trojita/openSUSE_Tumbleweed/x86_64
I don't understand what the reason is, maybe gcc/glibc.
Comment 1 Jan Kundrát 2021-12-21 13:43:46 UTC
That error comes from your build system, not from something we provide, and bugzilla is not really a good place to ask for help. Consider using a mailing list next time, please. But if you read the error log, here's the relevant part:

[  116s] bash /home/abuild/rpmbuild/BUILD/trojita-0.7~git20211029/tests/Cryptography/keygen.sh /home/abuild/rpmbuild/BUILD/trojita-0.7~git20211029
[  116s] gpgconf: error running '/usr/bin/dirmngr': probably not installed
[  116s] gpgconf: error running '/usr/bin/pinentry': probably not installed

That comes from a script which generates GPG keys for the test suite, and the error suggests that your configuration of GnuPG expects to find '/usr/bin/dirmngr' a '/usr/bin/pinentry', but they are not available in your build environment. Perhaps your build dependencies are not set properly?
Comment 2 Илья Индиго 2021-12-21 16:14:00 UTC
Don't build with gpg2 2.3.2
[   39s] bash /home/abuild/rpmbuild/BUILD/trojita-0.7~git20211029/tests/Cryptography/keygen.sh /home/abuild/rpmbuild/BUILD/trojita-0.7~git20211029
[   39s] gpg: Generating key for valid encryptions and signatures
[   39s] gpg: key generation failed: Unknown elliptic curve
[   39s] gpg: Generating key for expired encryptions and signatures
[   39s] gpg: key generation failed: Unknown elliptic curve
[   39s] gpg: Generating key that will be deleted after message generation
[   39s] gpg: key generation failed: Unknown elliptic curve
[   39s] gpg: Generating a key which will be used for signature verification, where the private key will be removed
[   39s] gpg: key generation failed: Unknown elliptic curve
[   39s] gpg: Keys generated

But it's built with gpg2 2.2.27.
[   17s] bash /home/abuild/rpmbuild/BUILD/trojita-0.7~git20211029/tests/Cryptography/keygen.sh /home/abuild/rpmbuild/BUILD/trojita-0.7~git20211029
[   17s] gpg: Generating key for valid encryptions and signatures
[   17s] gpg: Generating key for expired encryptions and signatures
[   17s] gpg: Generating key that will be deleted after message generation
[   17s] gpg: Generating a key which will be used for signature verification, where the private key will be removed
[   17s] gpg: Keys generated
[   17s] gpg: checking the trustdb
[   17s] gpg: marginals needed: 3  completes needed: 1  trust model: pgp
[   17s] gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
[   17s] gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
Comment 3 Thomas Lübking 2021-12-21 16:23:29 UTC
https://dev.gnupg.org/T5444 but afaiu that's the SuSE build system and nothing related to the built source (trojitá)?
Comment 4 Илья Индиго 2021-12-21 16:39:12 UTC
(In reply to Thomas Lübking from comment #3)
> https://dev.gnupg.org/T5444 but afaiu that's the SuSE build system and
> nothing related to the built source (trojitá)?

Did I get it right, the problem is not in tests/Cryptography/keygen.sh but somewhere in OBS?
Comment 5 Thomas Lübking 2021-12-21 16:49:06 UTC
The problem is in gpg, but tests/Cryptography/keygen.sh has indeed

LD_PRELOAD=./libfake-dev-random.so ${GPG} --batch --quiet --gen-key ${SRCDIR}/tests/Cryptography/batch-keygen

which will likely trigger that.

However it'll just create a new key pair w/ your local default settings and your default settings conflict w/ the bug in gpg.
The script could select an algorithm (RSA) but that's a stupid workaround - just assume the next gpg bug is that RSA fails…
Comment 6 Илья Индиго 2021-12-21 17:23:10 UTC
Created attachment 144759 [details]
gpg2-2.3.patch

https://build.opensuse.org/package/view_file/home:13ilya/trojita/gpg2-2.3.patch?expand=1
This patch fix build with gpg2- 2.3.3 and don't break build with gpg2-2.2.27.
Comment 7 Илья Индиго 2021-12-21 17:39:00 UTC
Thank you, now I understand the problem.
The problem is gpg, my patch solves it temporarily until they fix the upstream gpg.
Comment 8 Jan Kundrát 2022-02-16 01:24:59 UTC
Fixed via https://invent.kde.org/pim/trojita/-/merge_requests/11