buildd signing-failure issue

To: debian-dak@lists.debian.org
Subject: buildd signing-failure issue
From: Wookey <wookey@wookware.org>
Date: Tue, 24 Oct 2023 19:13:33 +0100
Message-id: <[🔎] 20231024181333.GF19515@mail.wookware.org>

I quite often find myself getting email every 15 mins from a buildd
that has got a build in the below state:

It's all(apparently) built, but the changes file is not signed. Thus
the upload script, which runs every 15 mins, fails the signing check
and sends buildd-admins mail to say so.

It usually happens with large packages like qt, libboost, libreoffice.

What is not clear to me is how I decide whether to just sign it with
the buildd key so it uploads or delete it so it stops sending me mail,
and eventually it will get built again. One can check that all the
packages are built, that the md5sums match (I think dupload does that
anyway?) and that the source matches the archive. But it's a faff, and
it might still be possible that some bad actor has worked out how to
get a plausible-looking set of files into the upload directory to
trick someone into signing, so it seems to have some risk.

On the other hand some of these packages take many hours to build,
especially on slower arches like armel.

And finally why does/might this happen - is there a race condition
somewhere? If we could fix it it would save adming-hassle and wasted
builds.

If we do not expect build-admins to sign and upload these then
probably the script should just delete them for us (and maybe send a
'please redo' message). Or if there is a set of check we deem
appropriate can we run those, and auto-sign, which is what should
presumably have happened in the first place?

I don't mind having a look into this in my copious free time to try
and fix it once and for all, given some direction. 

(cc: me I'm not on this list, although I probably should be?)

----- Forwarded message from Build Daemon <buildd@arm-ubc-06.debian.org> -----

Date: Tue, 24 Oct 2023 15:25:03 +0000
From: Build Daemon <buildd@arm-ubc-06.debian.org>
To: buildd-porters@localhost
Subject: dupload errors

dupload exit status 9/0
Removed  to reupload later.

Complete output from dupload:

dupload note: no announcement will be sent.
Checking signatures before upload...GPG signature is missing

dupload: error: Pre-upload '/usr/share/dupload/gpg-check %1' failed for qtbase-opensource-src_5.15.10+dfsg-4_armel-buildd.changes


----- End forwarded message -----
Wookey
-- 
Principal hats:  Debian, Wookware, ARM
http://wookware.org/

Reply to:

Index(es):
- Date
- Thread