paru icon indicating copy to clipboard operation
paru copied to clipboard
Published 3 months ago verified publisher icon Morganamilo

sign_pkg fails to overwrite signature when rebuilding package

Open iyanmv opened this issue 1 year ago • 1 comments

Affected Version

paru v2.0.4 - libalpm v15.0.0

Description

When paru is configured to sign local repos, if a package already exists in the repo and contains a detach signature, when rebuilding the package, the signature file is not overwritten, leading to failure later when the package is installed.

This is because the command used by sign_pkg(): gpg --detach-sign --no-armor --batch fails with the following error when the file already exists gpg: signing failed: File exists. A possible solution is to pass --yes as an additional argument.

I don't understand why this is not caught by the function as an error since gpg exists with code 2 instead of 0.

Output

paru.conf

[options]
PgpFetch
Devel
Provides
DevelSuffixes = -git -cvs -svn -bzr -darcs -always -hg -fossil
SudoLoop
Mode = arp
Rebuild = all
Provides = all

LocalRepo = iyanmv
Chroot = /home/iyan/Archlinux/chroot
Sign = 204C461FBA8C81D10327E647422E3694311E5AC1
SignDb = 204C461FBA8C81D10327E647422E3694311E5AC1

[aur-iyanmv]
Path = /home/iyan/Documents/ArchLinux/PKGBUILDs
SkipReview

iyanmv avatar Oct 07 '24 20:10 iyanmv

Nevermind, I think the source code already has a solution to delete the signature before generating a new one, but this is never used because delete_sig is always passed as false.

iyanmv avatar Oct 07 '24 21:10 iyanmv

Don't know how this would happen as it should skip if the sig already exists. As you didn't provide any output logs I can't really debug this. Feel free to open a new issue with logs.

Morganamilo avatar Dec 27 '24 14:12 Morganamilo

When a signature exists, I am still asked for the gpg private key password, but the new siganture is not saved. This is problematic when I'm trying to rebuild packages because the new package is updated, but the signature is not, causing issues later when trying to install the package.

I locally solved this issue changing this:

--- a/src/install.rs
+++ b/src/install.rs
@@ -632,7 +632,7 @@ impl Installer {
             .chain(debug_paths.values())
             .map(|s| s.as_str())
             .collect::<Vec<_>>();
-        sign_pkg(config, &paths, false)?;
+        sign_pkg(config, &paths, true)?;
 
         if let Some(ref repo) = repo {
             if let Some(repo) = self.upgrades.aur_repos.get(base.package_base()) {

iyanmv avatar Dec 28 '24 11:12 iyanmv