Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPG verification fails in sudo #228

Open
vehlwn opened this issue Aug 27, 2024 · 1 comment
Open

GPG verification fails in sudo #228

vehlwn opened this issue Aug 27, 2024 · 1 comment

Comments

@vehlwn
Copy link

vehlwn commented Aug 27, 2024
edited
Loading

rua 0.19.10

I want to create a separate user for rua because I don't want it clutter my home gpg keyring, but now I cannot install aur packages requiring gpg source verification (e.g. hplip-plugin). It says

Verifying source file signatures with gpg...
hplip-3.24.4-plugin.run ... FAILED (unknown public key 73D770CDA59047B9)

even if I import the key manually: gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ABA2F66DBD5A95894910E0673D770CDA59047B9

Example:

$ sudo useradd -mG wheel aurbuilder
$ sudo passwd aurbuilder
$ sudo -u aurbuilder gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ABA2F66DBD5A95894910E0673D770CDA59047B9
gpg: directory '/home/aurbuilder/.gnupg' created
gpg: /home/aurbuilder/.gnupg/trustdb.gpg: trustdb created
gpg: key 73D770CDA59047B9: public key "HPLIP (HP Linux Imaging and Printing) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

$ sudo -u aurbuilder gpg -k 73D770CDA59047B9
pub   dsa1024 2009-12-15 [SC]
      4ABA2F66DBD5A95894910E0673D770CDA59047B9
uid           [ unknown] HPLIP (HP Linux Imaging and Printing) <[email protected]>
sub   elg2048 2009-12-15 [E]

$ sudo -u aurbuilder rua install hplip-plugin
...
==> Verifying source file signatures with gpg...
    hplip-3.24.4-plugin.run ... FAILED (unknown public key 73D770CDA59047B9)
==> ERROR: One or more PGP signatures could not be verified!

But yay inside sudo works well. It successfully verifies the package:

Verifying source file signatures with gpg...
hplip-3.24.4-plugin.run ... Passed

I can also run gpg manually:

$ sudo -u aurbuilder -i
[aurbuilder] $ gpg --verify hplip-3.24.4-plugin.run.asc
gpg: assuming signed data in 'hplip-3.24.4-plugin.run'
gpg: Signature made Ср 22 мая 2024 04:57:54 UTC
gpg:                using DSA key 4ABA2F66DBD5A95894910E0673D770CDA59047B9
gpg: Good signature from "HPLIP (HP Linux Imaging and Printing) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4ABA 2F66 DBD5 A958 9491  0E06 73D7 70CD A590 47B9

I found similar issue in aura: fosskers/aura#606. Is it related?

PS: Without sudo rua works fine. But I don't want deprecated keys with DSA and SHA1 in my keyring.
@vehlwn
Copy link
Author

vehlwn commented Sep 16, 2024

I managed to workaround it with GNUPGHOME variable:

$ mkdir ~/.rua-gnupg
$ chmod 700 ~/.rua-gnupg
$ GNUPGHOME=~/.rua-gnupg gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ABA2F66DBD5A95894910E0673D770CDA59047B9
gpg: key 73D770CDA59047B9: public key "HPLIP (HP Linux Imaging and Printing) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

$ GNUPGHOME=~/.rua-gnupg gpg -k
/home/vehlwn/.rua-gnupg/pubring.kbx
--------------------------------
pub   dsa1024 2009-12-15 [SC]
      4ABA2F66DBD5A95894910E0673D770CDA59047B9
uid           [ unknown] HPLIP (HP Linux Imaging and Printing) <[email protected]>
sub   elg2048 2009-12-15 [E]

$ GNUPGHOME=~/.rua-gnupg rua install hplip-plugin
...
==> Verifying source file signatures with gpg...
    hplip-3.24.4-plugin.run ... Passed
...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vehlwn