Bug 2225463

Summary: whois-5.5.17-3.fc39 FTBFS: gpg: Can't check signature: No public key
Product: [Fedora] Fedora Reporter: Petr Pisar <ppisar>
Component: whoisAssignee: Petr Menšík <pemensik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: pemensik, ppisar
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://koschei.fedoraproject.org/package/whois
Whiteboard:
Fixed In Version: whois-5.5.17-4.fc39 whois-5.5.18-1.fc38 whois-5.5.18-1.fc37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-02 01:16:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2168842    

Description Petr Pisar 2023-07-25 11:15:39 UTC 
whois-5.5.17-3.fc39 fails to build in Fedora 39:

Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.9DE8Ja
+ umask 022
+ cd /builddir/build/BUILD
++ mktemp --tmpdir whois-XXXXXXX.gpg
+ TMPKEY=/tmp/whois-dIkE40K.gpg
+ gpg --no-default-keyring --keyring /tmp/whois-dIkE40K.gpg --import /builddir/build/SOURCES/md-pgp.asc
gpg: key E6FFF1E38DC968B0: 64 signatures not checked due to missing keys
gpg: directory '/builddir/.gnupg' created
gpg: /builddir/.gnupg/trustdb.gpg: trustdb created
gpg: key E6FFF1E38DC968B0: public key "Marco d'Itri <md>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found
+ dscverify --keyring /tmp/whois-dIkE40K.gpg /builddir/build/SOURCES/whois_5.5.17.dsc
/builddir/build/SOURCES/whois_5.5.17.dsc:
dscverify: /builddir/build/SOURCES/whois_5.5.17.dsc failed signature check:
gpg: Signature made Wed May  3 12:27:41 2023 UTC
gpg:                using EDDSA key 272945CD836D38DFB7427E86CB3EC33AE1DED781
gpg: Can't check signature: No public key
Validation FAILED!!
error: Bad exit status from /var/tmp/rpm-tmp.9DE8Ja (%prep)

A difference between passing and failing build root is at <https://koschei.fedoraproject.org/build/15454437>. An upgrade of gnupg2 from 2.4.0-3.fc39 to 2.4.1-1.fc39 looks suspicious.

Please note that the gpg --import command spoils $HOME/.gnupg which should not happen. Commands executed when building a package should not modify user's home directory.

That it touched $HOME can be seen in these lines:

gpg: directory '/builddir/.gnupg' created
gpg: /builddir/.gnupg/trustdb.gpg: trustdb created

Also when building the package in my virtual machine (HOME=/home/test), I can see:

gpg: WARNING: unsafe permissions on homedir '/home/test/.gnupg'

(And the build passes in my virutal machine, probably because of prepopulated ~./gnupg.)
Comment 1 Petr Menšík 2023-07-30 17:10:47 UTC 
Yes, you are right. It has been doing some issues on fedpkg local for some time, but it worked on fedpkg mockbuild. I had not understand fully why it was a problem, but it seems using temporary GNUPGHOME, including place for trustdb.gpg, solves it in both ways.
Comment 2 Fedora Update System 2023-07-30 17:49:40 UTC 
FEDORA-2023-52736856a0 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-52736856a0
Comment 3 Fedora Update System 2023-07-31 02:32:04 UTC 
FEDORA-2023-52736856a0 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-52736856a0`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-52736856a0

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2023-07-31 07:08:02 UTC 
FEDORA-2023-e912add7bc has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-e912add7bc
Comment 5 Fedora Update System 2023-08-01 01:50:44 UTC 
FEDORA-2023-e912add7bc has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-e912add7bc`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-e912add7bc

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2023-08-02 01:16:18 UTC 
FEDORA-2023-52736856a0 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 7 Fedora Update System 2023-08-10 00:42:22 UTC 
FEDORA-2023-e912add7bc has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.