obssigner: "Invalid RPC response"

[jengelh]

(If and when obssigner and signd are running on the same machine), I happen to observe this in /srv/obs/log/signer.log:

2018-11-13 10:15:01: [29712] signer started
signing i586/home:jengelh:leap15.0::standard::aaa_base-f176954da4821ec6411b323fed5c6e6f
signing i586/home:jengelh:leap15.0::standard::systemd-ea9afef1e7c8a1e46d0a16b1a066413f
signing i586/home:jengelh:leap42.3::standard::libHX-bc4ee7fe383d11763167668df08c1144
signing i586/home:jengelh:leap42.3::standard::systemd-91eb6d54e7677bd126ca689d3279a747
signing i586/home:jengelh:tumbleweed::standard::aaa_base-bdfd02e743f3a67be29941e17f99027c
gpg: signing failed: Invalid IPC response
gpg: signing failed: Invalid IPC response
sign failed: 512 - checking digest
gpg: signing failed: Invalid IPC response
gpg: signing failed: Invalid IPC response
sign failed: 512 - checking digest
/srv/obs/jobs/i586/home:jengelh:leap15.0::standard::aaa_base-f176954da4821ec6411b323fed5c6e6f:dir/aaa_base-84.87+git20180409.04c9dae-lp150.2.8.1.i586.rpm: digests OK
sign failed: sign /srv/obs/jobs/i586/home:jengelh:leap15.0::standard::aaa_base-f176954da4821ec6411b323fed5c6e6f:dir/aaa_base-84.87+git20180409.04c9dae-lp150.2.8.1.i586.rpm failed
/srv/obs/jobs/i586/home:jengelh:leap42.3::standard::systemd-91eb6d54e7677bd126ca689d3279a747:dir/libsystemd0-228-64.1.i586.rpm: digests OK
signing i586/home:jengelh:tumbleweed::standard::automake-f66a8b2d2296c5ebd8276fabb228a955
sign failed: sign /srv/obs/jobs/i586/home:jengelh:leap42.3::standard::systemd-91eb6d54e7677bd126ca689d3279a747:dir/libsystemd0-228-64.1.i586.rpm failed
signing i586/home:jengelh:tumbleweed::standard::bitstream-bankgothic-fonts-484e59f208cf58bb58f6b104ccb2c3fb
gpg: signing failed: Invalid IPC response
gpg: signing failed: Invalid IPC response
sign failed: 512 - checking digest
/srv/obs/jobs/i586/home:jengelh:leap15.0::standard::systemd-ea9afef1e7c8a1e46d0a16b1a066413f:dir/libsystemd0-234-lp150.20.13.1.i586.rpm: digests OK
sign failed: sign /srv/obs/jobs/i586/home:jengelh:leap15.0::standard::systemd-ea9afef1e7c8a1e46d0a16b1a066413f:dir/libsystemd0-234-lp150.20.13.1.i586.rpm failed
signing i586/home:jengelh:tumbleweed::standard::bnh-lucida-fonts-215bb9d361df368cf0540dbc425a7141
gpg: signing failed: Invalid IPC response

Packages are stuck in "signing" state. signer and/or signd falls on its feet and just dies with that IPC reponse thing. It means nothing me nothing, the error reporting is really bad.
(It would also make sense to prefix log messages by PID/TID to distinguish the different subworkers.)

obs-server-2.10~alpha.20181112T153317.f792cbbaa-lp150.6662.1.noarch
obs-signd-2.5.2-lp150.1.1.x86_64

[jengelh]

I have no idea where the rest of this thread went... anyway, someone had suggested to debug it with just the sign utility from the command line. sign does shows the same issue:

# sign -k
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
gpg: keyserver option 'no-try-dns-srv' is unknown
gpg: signing failed: Invalid IPC response
gpg: signing failed: Invalid IPC response

If I issue gpg and then sign, everything works:

# >empty
# gpg -ab empty
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
gpg: keyserver option 'no-try-dns-srv' is unknown
gpg: all values passed to '--default-key' ignored
Please enter the passphrase to unlock the OpenPGP secret key:
"Kopano Development <development@kopano.io>"
1024-bit DSA key, ID 0x5B8AED0FEC07C591,
created 2016-04-18 (main key ID 0x7CE3B81F0E8F4660).

Passphrase: 
# sign -k
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
gpg: keyserver option 'no-try-dns-srv' is unknown
EC07C591

So now gpg-agent has the passphrase cached/key unlocked and /usr/bin/sign completes. After some time, gpg-agent closes the key, and /usr/bin/sign no longer works. So it looks like sign/obssignd fails to give the passphrase to gpg(-agent) properly.

[jengelh]

Seems like a gpg regression, ignoring both --passphrase-file and --passphrase-fd (which bssign uses).

# gpg --passphrase-file=$PWD/.phrases/development\@kopano.io -ab test
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
gpg: keyserver option 'no-try-dns-srv' is unknown
gpg: all values passed to '--default-key' ignored
Please enter the passphrase to unlock the OpenPGP secret key:
"Kopano Development <development@kopano.io>"
1024-bit DSA key, ID 0x5B8AED0FEC07C591,
created 2016-04-18 (main key ID 0x7CE3B81F0E8F4660).

Passphrase

[jengelh]

See openSUSE/obs-sign#19

[mlschroe]

I'm closing this here as this is an obs-sign issue.