gpg: clear-sign failed: Permission denied - gnupg

I'm trying to build a debian package from a very simple "hithere"/helloworld c code. I'm getting this error
$ DEBNAME="Maintainer" DEBEMAIL=user#buildserver.org debmake -a hithere-0.8.1.tar.gz -T -i debuild
...
W: hithere: copyright-without-copyright-notice
W: hithere: readme-debian-contains-invalid-email-address bogus#localhost
W: hithere: extended-description-line-too-long
E: hithere: maintainer-name-missing <bogus#localhost>
E: hithere: maintainer-address-malformed <bogus#localhost>
E: hithere: maintainer-address-is-on-localhost <bogus#localhost>
W: hithere: unknown-section local
Finished running lintian.
Now signing changes and any dsc files...
signfile dsc hithere_0.8.1-1.dsc <bogus#localhost>
gpg --local-user "<bogus#localhost>" --clearsign --list-options no-show-policy-urls --armor --textmode --output "/tmp/debsign.XYoWdyn7/hithere_0.8.1-1.dsc.asc" "/tmp/debsign.XYoWdyn7/hithere_0.8.1-1.dsc"
gpg: signing failed: Permission denied
gpg: /tmp/debsign.XYoWdyn7/hithere_0.8.1-1.dsc: clear-sign failed: Permission denied
debsign: gpg error occurred! Aborting....
debuild: fatal error at line 1045:
running debsign failed
E: failed to build Debian package(s).
Isolating the command I get the same:
$gpg --local-user "<bogus#localhost>" --clearsign --list-options no-show-policy-urls --armor --textmode test
gpg: signing failed: Permission denied
gpg: test: clear-sign failed: Permission denied
No luck with strace:
$strace gpg --local-user "<bogus#localhost>" --clearsign --list-options no-show-policy-urls --armor --textmode test
strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted
+++ exited with 1 +++
this is my gnupg
$ls ~/.gnupg/
openpgp-revocs.d private-keys-v1.d pubring.kbx pubring.kbx~ S.gpg-agent S.gpg-agent.browser S.gpg-agent.extra S.gpg-agent.ssh trustdb.gpg
Thanks for any help

Related

Building Kraken2 Databases Errors

Currently running a metagenomic analysis of transcriptome reads using kraken2. Currently running into issues installing the required databases
Buildind kraken2 database code:
kraken2-build --download-library archaea --db archaea_DB
kraken2-build --download-library viral --db viral_DB
kraken2-build --download-library bacteria --db bacteria_DB
kraken2-build --download-library human --db human_DB
kraken2-build --download-library fungi --db fungi_DB
kraken2-build --download-library protozoa --db protozoa_DB
Errors:
rsync: getaddrinfo: ftp.ncbi.nlm.nih.gov 873: Temporary failure in name resolution
rsync error: error in socket IO (code 10) at clientserver.c(138) [Receiver=3.2.6]
Error downloading assembly summary file for archaea, exiting.
rsync: getaddrinfo: ftp.ncbi.nlm.nih.gov 873: Temporary failure in name resolution
rsync error: error in socket IO (code 10) at clientserver.c(138) [Receiver=3.2.6]
Error downloading assembly summary file for viral, exiting.
rsync: getaddrinfo: ftp.ncbi.nlm.nih.gov 873: Temporary failure in name resolution
rsync error: error in socket IO (code 10) at clientserver.c(138) [Receiver=3.2.6]
Error downloading assembly summary file for bacteria, exiting.
rsync: getaddrinfo: ftp.ncbi.nlm.nih.gov 873: Temporary failure in name resolution
rsync error: error in socket IO (code 10) at clientserver.c(138) [Receiver=3.2.6]
Error downloading assembly summary file for human, exiting.
rsync: getaddrinfo: ftp.ncbi.nlm.nih.gov 873: Temporary failure in name resolution
rsync error: error in socket IO (code 10) at clientserver.c(138) [Receiver=3.2.6]
Error downloading assembly summary file for fungi, exiting.
rsync: getaddrinfo: ftp.ncbi.nlm.nih.gov 873: Temporary failure in name resolution
rsync error: error in socket IO (code 10) at clientserver.c(138) [Receiver=3.2.6]
Error downloading assembly summary file for protozoa, exiting.
Ok so some adjustments I made was that I had to manually change the source code files of kraken2 through my anaconda environment.
I don't recall exactly what the changes were (you can look them up yourselves), but to access the files you can run the conda info -a command to find the directory where your conda environments are located. For example: find $(conda info -a) -name "rsync_from_ncbi.pl".
Once Files are edited then we can do the kraken2 process. The Errors I had was actually issues with the connection with the server (don't know why, but that's how it worked). Just wait for like 10 minutes or more and run the code and it should work.
Step 1: create a directory for the database
mkdir database
Step 2: Download taxonomy data to the database
kraken2-build --download-taxonomy --db database
Step 3: Download microbial data for the database
kraken2-build --download-library bacteria --db database
Step 4: Once the data is loaded to the library, build the database
kraken2-build --build --db database
These should be all the commands needed for kraken2

Using golang-ci lint error fetch corp package

Im using golangci-lint and getting the following error in CI, any idea what could be the reason? and how can I avoid this.
Our GitHub repo is already have all the vendor packages so it shouldn't install it in first place.
golangci-lint run --config golangci.yml
level=error msg="Running error: context loading failed: failed to load packages: failed to load with go/packages: err: exit
status 1: stderr: go: github.avt.corp/ding/logger-ut#v1.1.0:
unrecognized import path "github.avt.corp/ding/logger-ut" (https
fetch: Get https://github.avt.corp/ding/logger-ut?go-get=1: x509:
certificate signed by unknown authority)\n"
btw I was able to clone the project and run it
Use the following:
run:
modules-download-mode: vendor
or add this to the command you are runnig
--modules-download-mode vendor

debgsig-verify fails with gpg: no valid OpenPGP data found while gpg decrypt can verify the detached signature

Why does debsig-verify fail to verify when the _gpgorigin detached signature matches the combined debian-binary control.tar.gz data.tar.gz file?
Is it because of this WARNING: This key is not certified with a trusted signature!?
On debian:7 docker container package signing worked well and on debian:9.8 it fails with
gpg: no valid OpenPGP data found.
gpg: processing message failed: Unknown system error
debsig: subprocess getKeyID returned error exit status 2
Signing Process
# Unpack
ar x unsigned.deb
# Generate combine file
cat debian-binary control.tar.gz data.tar.gz > combined
# Create detached signature for combined
gpg -abs -o _gpgorigin combined
# Repack
ar rc signed.deb _gpgorigin debian-binary control.tar.gz data.tar.gz
Verify detached signature (seems successful)
gpg --output doc --decrypt _gpgorigin
Detached signature.
Please enter name of data file: combined
gpg: Signature made Thu Apr 25 22:43:37 2019 UTC
gpg: using RSA key AAAABBBBCCCCDDDD996FCC98FFFFFFFFFFFFFFFF
gpg: Good signature from "mygroup Testing <testing#mygroup.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: AAAA BBBB CCCC DDDD 996F CC98 FFFF FFFF FFFF FFFF
Verify signed package (fails)
debsig-verify -v -d signed.deb
debsig: Starting verification for: signed.deb
debsig: getSigKeyID: got FFFFFFFFFFFFFFFF for origin key
debsig: Using policy directory: /etc/debsig/policies/FFFFFFFFFFFFFFFF
debsig: Parsing policy file: /etc/debsig/policies/FFFFFFFFFFFFFFFF/mygroup-test.pol
debsig: parsePolicyFile: parsing '/etc/debsig/policies/FFFFFFFFFFFFFFFF/mygroup-test.pol'
debsig: parsePolicyFile: completed
debsig: Checking Selection group(s).
debsig: Processing 'origin' key...
gpg: no valid OpenPGP data found.
gpg: processing message failed: Unknown system error
debsig: subprocess getKeyID returned error exit status 2
Key Listing for policie's keyring
gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/FFFFFFFFFFFFFFFF/pubring.gpg --list-sigs
/usr/share/debsig/keyrings/FFFFFFFFFFFFFFFF/pubring.gpg
-------------------------------------------------------
pub rsa2048 2017-06-19 [SC]
AAAABBBBCCCCDDDD996FCC98FFFFFFFFFFFFFFFF
uid [ unknown] MyGroup Testing <testing#mygroup.net>
sig 3 FFFFFFFFFFFFFFFF 2017-06-19 MyGroup Testing <testing#mygroup.net>
sub rsa2048 2017-06-19 [E]
sig FFFFFFFFFFFFFFFF 2017-06-19 MyGroup Testing <testing#mygroup.net>
I've just had a similar problem, and found a number of things that I was doing wrong, that aren't obvious from the documentation/examples:
make sure that the policy file has the XML namespace using https (not http as the few examples use) i.e. <Policy xmlns="https://www.debian.org/debsig/1.0/">
the 'keyring' file isn't a keyring, it's just a (public) key.
the 'keyring' file must NOT be ASCII-armoured.
With the above changes, package verification succeeded (Ubuntu 18.04)
I had the same error.
To clarify Anthony's answer, the key file cannot be imported to the keyring.
It has to be a public key that is copied to the keyring folder.
(Example using DDDF2F4CE732A79A)
This will cause the error
$ gpg --no-default-keyring \
--keyring /usr/share/debsig/keyrings/DDDF2F4CE732A79A/debsig.gpg \
--import <public key>
This will work
$ cp <public key> /usr/share/debsig/keyrings/DDDF2F4CE732A79A/debsig.gpg

using security to importing CSSMERR_TP_CERT_EXPIRED secutity codesigning

Does anybody know why when I use 'security' on os x to import a valid identity that it seems to think it has expired:
There are 2 machines, my development machine and a jenkins slave.
I am using the xcodebuild to create an archive and then use:
xcodebuild -exportArchive -archivePath myApp.xcarchive -exportOptionsPlist exportOptions.plist -exportPath . PROVISIONING_PROFILE=fdd0caeb-58fb-41df-a5e8-e5e9bd1f95c9 "OTHER_CODE_SIGN_FLAGS=--keychain /Users/me/Library/Keychains/Buildsystem"
to build an ipa for the store. This works on my development machine using the same archive and the same exportOptions.plist but not on the jenkins slave. I get this error:
016-10-06 23:29:23.438 xcodebuild[87720:8494157] [MT] IDEDistribution:
-[IDEDistributionLogging _createLoggingBundleAtPath:]: Created bundle at path
'/var/folders/yd/l_8k4cn91kjc9r853crzz98m0000gn/T/MyApp_2016-10-06_23-29-23.437.xcdistributionlogs'.
2016-10-06 23:29:23.888 xcodebuild[87720:8494157] [MT]
IDEDistribution: Step failed: : Error Domain=IDEDistributionErrorDomain Code=1 "The
operation couldn’t be completed. (IDEDistributionErrorDomain error
1.)"
error: exportArchive: The operation couldn’t be completed.
(IDEDistributionErrorDomain error 1.)
Error Domain=IDEDistributionErrorDomain Code=1 "The operation couldn’t
be completed. (IDEDistributionErrorDomain error 1.)"
** EXPORT FAILED **
I suspect it is because it thinks the code signing identity is bad. When I imported the identity as:
security import AP_Store.p12 -k /Users/me/Library/Keychains/Buildsystem -P ******* -T /usr/bin/codesign
then run:
security find-identity
I get:
1) 71497439A2987BC6830DF2E4879DBD3A5F1B2857 "iPhone Distribution:
xxxxx (xxxxxxxxx)" (CSSMERR_TP_CERT_EXPIRED)
If I import the same identity on my development machine it says it is OK.
Does anybody know why the same identity would be OK on one machine but not another?
This was caused by an expired intermediate certificate.
Apple Worldwide Developer Relations Certification Authority
had expired.
After replacing it everything worked.
A good reference is: MaintainingCertificates
Another thing that can lead to errors such as:
2016-10-11 11:41:11.780 xcodebuild[87463:15799133] [MT]
IDEDistribution: Step failed: : Error Domain=IDEDistributionErrorDomain Code=1
"(null)"
error: exportArchive: The operation couldn’t be completed.
(IDEDistributionErrorDomain error 1.)
is if you have an incorrect team ID in your exportOptions.plist file.

ibswiftCore.dylib: Permission denied, failed to run on simulator/device

After installing xcode8 I get the following 'compiling swift standard libraries' error:
Copying /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift/iphoneos/libswiftRemoteMirror.dylib to /Users/kamend/Library/Developer/Xcode/DerivedData/Evento-hhvrbzmhxucgladakdcphldjxugg/Build/Products/Debug-iphoneos/UTA.app/libswiftRemoteMirror.dylib
Probing signature of /Users/kamend/Library/Developer/Xcode/DerivedData/Evento-hhvrbzmhxucgladakdcphldjxugg/Build/Products/Debug-iphoneos/UTA.app/Frameworks/libswiftCore.dylib
/usr/bin/codesign '-r-' '--display' '/Users/kamend/Library/Developer/Xcode/DerivedData/Evento-hhvrbzmhxucgladakdcphldjxugg/Build/Products/Debug-iphoneos/UTA.app/Frameworks/libswiftCore.dylib'
/Users/kamend/Library/Developer/Xcode/DerivedData/Evento-hhvrbzmhxucgladakdcphldjxugg/Build/Products/Debug-iphoneos/UTA.app/Frameworks/libswiftCore.dylib: code object is not signed at all
Codesigning /Users/kamend/Library/Developer/Xcode/DerivedData/Evento-hhvrbzmhxucgladakdcphldjxugg/Build/Products/Debug-iphoneos/UTA.app/Frameworks/libswiftCore.dylib
/usr/bin/codesign '--force' '--sign' '1C2273B489890D7C4407493EB7A4A0BC7E7D38FF' '--verbose' '-D' 'DEBUG' '/Users/kamend/Library/Developer/Xcode/DerivedData/Evento-hhvrbzmhxucgladakdcphldjxugg/Build/Products/Debug-iphoneos/UTA.app/Frameworks/libswiftCore.dylib'
/Users/kamend/Library/Developer/Xcode/DerivedData/Evento-hhvrbzmhxucgladakdcphldjxugg/Build/Products/Debug-iphoneos/UTA.app/Frameworks/libswiftCore.dylib: Permission denied
error: Task failed with exit 1 signal 0 {
/usr/bin/codesign '--force' '--sign' '1C2273B489890D7C4407493EB7A4A0BC7E7D38FF' '--verbose' '-D' 'DEBUG' '/Users/kamend/Library/Developer/Xcode/DerivedData/Evento-hhvrbzmhxucgladakdcphldjxugg/Build/Products/Debug-iphoneos/UTA.app/Frameworks/libswiftCore.dylib'
}
Other projects runs just fine, any suggestions?
Update: the project does not run on another computer also
found it :)
Not sure why I had 'Other code signing flags' set to "-D DEBUG".
Removing it solved the problem

Resources