[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: breaking buildds with new version of sbuild?



* Philipp Kern (pkern@debian.org) [110403 21:44]:
> On Sun, Apr 03, 2011 at 08:36:41PM +0200, Andreas Barth wrote:
> > I noticed that at least one of my buildds got broken now with
> > -->--
> > Merged Build-Depends: build-essential, fakeroot
> > Filtered Build-Depends: build-essential, fakeroot
> > dpkg-deb: building package `sbuild-build-depends-core-dummy' in `/build/buildd-kbibtex_0.3~beta1+svn561-1-mipsel-v7zyPh/resolver-MDIiIi/apt_archive/sbuild-build-depends-core-dummy.deb'.
> > E: Local archive GPG signing key not found
> > I: Please generate a key with 'sbuild-update --keygen'
> > I: Note that on machines with scarce entropy, you may wish to generate the key with this command on another machine and copy the public and private keypair to '/var/lib/sbuild/apt-keys/sbuild-key.pub' and '/var/lib/sbuild/apt-keys/sbuild-key.sec'
> > Failed to generate archive keys.
> > Core source dependencies not satisfied; skipping
> > Purging /var/lib/schroot/mount/sid-experimental-mipsel-sbuild-6bbf59d6-aeb9-4280-86eb-dbc7be0142ad/build/buildd-kbibtex_0.3~beta1+svn561-1-mipsel-v7zyPh
> > Not cleaning session: cloned chroot in use
> > --<--
> > 
> > I'm surprised to see that happen. Is there an authoritative reason why
> > we can't fall back to the previous way if there is no signing key? I'm
> > sorry if I missed that, but can't remember to have read about that
> > before.
> 
> In short: apt is stupid and there's no clean other way that doesn't involve
> ignoring failures of dpkg (see pbuilder).

It is of course ok if the new apt-resolver config only works after
creating such keys.

It is however simply not acceptable at all (and even not debatable)
that existing working aptitude chroots stop working without any good
reasons. I consider buildds a 24x7 service, which we shouldn't just
disrupt because things could be done different.

There would be various other ways: e.g. continue to use the existing
aptitude config and setup-type till keys auto-generated by cron are
there. Or various other ways I could imagine.

> > Anyways, I downgraded the packages on the relevant machines now, and
> > put them to hold, until the situation is resolved.
> 
> Just call sbuild-update --keygen as you're told.  We've got enough
> entropy on the official buildds now anyway. 

I'm just wondering what else bugs are hidden there. I don't want to
cope with the next instance of bugs - rather staying with the current
software seems a good deal for me.

I'm really short of giving up caring about buildds and wanna-build,
because working setups are disrupted for no good reason - and it isn't
even considered a problem. Sorry, but this isn't the way to operate
the buildd service.


Andi


Reply to: