qubes-builder won't start when hkp is blocked + can't build arch template
52 views
Skip to first unread message
Jacek Palczewski
May 16, 2016, 2:46:25 PM5/16/16
to qubes-devel
Hi,
There's a flaw(or a feature ;) ) in specific circumstances: while connected to a Wi-Fi with very restricted policy(even DNS queries to external servers are blocked) I wasn't able to import Qubes master key - it failed with message:
> System exit!
> RAN: '/usr/bin/gpg --keyserver (...)
> STDOUT:
But using KGpg I was able to connect to hkp://hkps.pool.sks-keyservers.net:80 and search for Qubes certificate(I wasn't brave enough to try it that way.) so I suppose that the problem was the hkp protocol based on +1000 tcp port which sometimes can be blocked.
But few hours later, with less restricted network I'm stuck with another problem: I can't make arch template - it's exits at make qubes-vm with
> Makefile.generic:20: *** Building packages for archlinux not supported by any of configured plugins. Stop.
> Makefile:208: recipe for target 'vmm-xen-vm' failed
I had edited both files(screenshots from orange AppVM at https://www.qubes-os.org/doc/templates/archlinux/ differs from the instruction) in example-config, added line with git repo to builder.conf and don't know what gone wrong. What can I do?
Regards,
Jacek
There's a flaw(or a feature ;) ) in specific circumstances: while connected to a Wi-Fi with very restricted policy(even DNS queries to external servers are blocked) I wasn't able to import Qubes master key - it failed with message:
> System exit!
> RAN: '/usr/bin/gpg --keyserver (...)
> STDOUT:
But using KGpg I was able to connect to hkp://hkps.pool.sks-keyservers.net:80 and search for Qubes certificate(I wasn't brave enough to try it that way.) so I suppose that the problem was the hkp protocol based on +1000 tcp port which sometimes can be blocked.
But few hours later, with less restricted network I'm stuck with another problem: I can't make arch template - it's exits at make qubes-vm with
> Makefile.generic:20: *** Building packages for archlinux not supported by any of configured plugins. Stop.
> Makefile:208: recipe for target 'vmm-xen-vm' failed
I had edited both files(screenshots from orange AppVM at https://www.qubes-os.org/doc/templates/archlinux/ differs from the instruction) in example-config, added line with git repo to builder.conf and don't know what gone wrong. What can I do?
Regards,
Jacek
Marek Marczykowski-Górecki
May 16, 2016, 2:53:17 PM5/16/16
to Jacek Palczewski, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, May 16, 2016 at 11:46:25AM -0700, 'Jacek Palczewski' via qubes-devel wrote:
> Hi,
>
> There's a flaw(or a feature ;) ) in specific circumstances: while connected
> to a Wi-Fi with very restricted policy(even DNS queries to external servers
> are blocked) I wasn't able to import Qubes master key - it failed with
> message:
> > System exit!
> > RAN: '/usr/bin/gpg --keyserver (...)
> > STDOUT:
What exactly have you done? Standard Qubes builder have all the required
keys in qubes-developers-keys.asc file, do not require any keyserver
access.
> But using KGpg I was able to connect to
> hkp://hkps.pool.sks-keyservers.net:80 and search for Qubes certificate(I
> wasn't brave enough to try it that way.) so I suppose that the problem was
> the hkp protocol based on +1000 tcp port which sometimes can be blocked.
>
> But few hours later, with less restricted network I'm stuck with another
> problem: I can't make arch template - it's exits at make qubes-vm with
> > Makefile.generic:20: *** Building packages for archlinux not supported by
> any of configured plugins. Stop.
> > Makefile:208: recipe for target 'vmm-xen-vm' failed
> I had edited both files(screenshots from orange AppVM at
> https://www.qubes-os.org/doc/templates/archlinux/ differs from the
> instruction) in example-config, added line with git repo to builder.conf
> and don't know what gone wrong. What can I do?
It looks like you haven't enabled builder-archlinux plugin (on that page
- - using `setup` tool).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXOhcWAAoJENuP0xzK19csYygH/jk/2tKCfW8akJRwXKGAcrcg
cjbOP2Mk8zfJGlNxMvUb+Oa4yUqNd/Ybw+ZgSmLvIq2l2njrSGTD9aaz02PJF/p2
gu5JxExTJOACL/LTCB9yIn3/6d16UAeF5yELZmEtCx32N+zqtVv60t5MN0cPDe2a
qGghwH/NJ96pSFpbwulV6y9DGHTNO/PPLWEa5VqZoRF9RWIQxY7kuXgdKrUusYBs
GOV5csxTGk2OdzqWAjaUMr9vqCWlxw6qI4GN7PbkSzn8uwZtuSCKshMeamw8p/Ec
HmFLu+eAQVVk5GDuCoOfuc4APeVlXJNRyfrv42OlzMxpwXHuTTGzOZeqwwNhN4s=
=vFk+
-----END PGP SIGNATURE-----
Hash: SHA256
On Mon, May 16, 2016 at 11:46:25AM -0700, 'Jacek Palczewski' via qubes-devel wrote:
> Hi,
>
> There's a flaw(or a feature ;) ) in specific circumstances: while connected
> to a Wi-Fi with very restricted policy(even DNS queries to external servers
> are blocked) I wasn't able to import Qubes master key - it failed with
> message:
> > System exit!
> > RAN: '/usr/bin/gpg --keyserver (...)
> > STDOUT:
keys in qubes-developers-keys.asc file, do not require any keyserver
access.
> But using KGpg I was able to connect to
> hkp://hkps.pool.sks-keyservers.net:80 and search for Qubes certificate(I
> wasn't brave enough to try it that way.) so I suppose that the problem was
> the hkp protocol based on +1000 tcp port which sometimes can be blocked.
>
> But few hours later, with less restricted network I'm stuck with another
> problem: I can't make arch template - it's exits at make qubes-vm with
> > Makefile.generic:20: *** Building packages for archlinux not supported by
> any of configured plugins. Stop.
> > Makefile:208: recipe for target 'vmm-xen-vm' failed
> I had edited both files(screenshots from orange AppVM at
> https://www.qubes-os.org/doc/templates/archlinux/ differs from the
> instruction) in example-config, added line with git repo to builder.conf
> and don't know what gone wrong. What can I do?
- - using `setup` tool).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXOhcWAAoJENuP0xzK19csYygH/jk/2tKCfW8akJRwXKGAcrcg
cjbOP2Mk8zfJGlNxMvUb+Oa4yUqNd/Ybw+ZgSmLvIq2l2njrSGTD9aaz02PJF/p2
gu5JxExTJOACL/LTCB9yIn3/6d16UAeF5yELZmEtCx32N+zqtVv60t5MN0cPDe2a
qGghwH/NJ96pSFpbwulV6y9DGHTNO/PPLWEa5VqZoRF9RWIQxY7kuXgdKrUusYBs
GOV5csxTGk2OdzqWAjaUMr9vqCWlxw6qI4GN7PbkSzn8uwZtuSCKshMeamw8p/Ec
HmFLu+eAQVVk5GDuCoOfuc4APeVlXJNRyfrv42OlzMxpwXHuTTGzOZeqwwNhN4s=
=vFk+
-----END PGP SIGNATURE-----
Jacek Palczewski
May 16, 2016, 3:53:06 PM5/16/16
to qubes-devel, jpalc...@protonmail.ch
On Monday, May 16, 2016 at 8:53:17 PM UTC+2, Marek Marczykowski-Górecki wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, May 16, 2016 at 11:46:25AM -0700, 'Jacek Palczewski' via qubes-devel wrote:
> Hi,
>
> There's a flaw(or a feature ;) ) in specific circumstances: while connected
> to a Wi-Fi with very restricted policy(even DNS queries to external servers
> are blocked) I wasn't able to import Qubes master key - it failed with
> message:
> > System exit!
> > RAN: '/usr/bin/gpg --keyserver (...)
> > STDOUT:
What exactly have you done? Standard Qubes builder have all the required
keys in qubes-developers-keys.asc file, do not require any keyserver
access.
I used builder from https://www.qubes-os.org/doc/templates/archlinux/ - the one difference is that I didn't created new AppVM - I used a renamed and resized "work".
I took two screenshots while fighting with it - they might help.
I took two screenshots while fighting with it - they might help.
> But using KGpg I was able to connect to
> hkp://hkps.pool.sks-keyservers.net:80 and search for Qubes certificate(I
> wasn't brave enough to try it that way.) so I suppose that the problem was
> the hkp protocol based on +1000 tcp port which sometimes can be blocked.
>
> But few hours later, with less restricted network I'm stuck with another
> problem: I can't make arch template - it's exits at make qubes-vm with
> > Makefile.generic:20: *** Building packages for archlinux not supported by
> any of configured plugins. Stop.
> > Makefile:208: recipe for target 'vmm-xen-vm' failed
> I had edited both files(screenshots from orange AppVM at
> https://www.qubes-os.org/doc/templates/archlinux/ differs from the
> instruction) in example-config, added line with git repo to builder.conf
> and don't know what gone wrong. What can I do?
It looks like you haven't enabled builder-archlinux plugin (on that page
- - using `setup` tool).
Weird, I'm sure that I done it - https://gist.github.com/jpalczewski/0682b7356fb531ddde29d53242ea324f contains builder.conf & whole log of first three make output at the bottom. Should `make get-sources` clone builder-archlinux repo?
Regards,
Jacek
Regards,
Jacek
Marek Marczykowski-Górecki
May 16, 2016, 3:59:40 PM5/16/16
to Jacek Palczewski, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
On Mon, May 16, 2016 at 12:53:05PM -0700, 'Jacek Palczewski' via qubes-devel wrote:
>
>
> On Monday, May 16, 2016 at 8:53:17 PM UTC+2, Marek Marczykowski-Górecki
> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On Mon, May 16, 2016 at 11:46:25AM -0700, 'Jacek Palczewski' via
> > qubes-devel wrote:
> > > Hi,
> > >
> > > There's a flaw(or a feature ;) ) in specific circumstances: while
> > connected
> > > to a Wi-Fi with very restricted policy(even DNS queries to external
> > servers
> > > are blocked) I wasn't able to import Qubes master key - it failed with
> > > message:
> > > > System exit!
> > > > RAN: '/usr/bin/gpg --keyserver (...)
> > > > STDOUT:
> >
> > What exactly have you done? Standard Qubes builder have all the required
> > keys in qubes-developers-keys.asc file, do not require any keyserver
> > access.
> >
> I used builder from https://www.qubes-os.org/doc/templates/archlinux/ - the
> one difference is that I didn't created new AppVM - I used a renamed and
> resized "work".
Ah, indeed setup script download the keys from keyservers...
>
>
> On Monday, May 16, 2016 at 8:53:17 PM UTC+2, Marek Marczykowski-Górecki
> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On Mon, May 16, 2016 at 11:46:25AM -0700, 'Jacek Palczewski' via
> > qubes-devel wrote:
> > > Hi,
> > >
> > > There's a flaw(or a feature ;) ) in specific circumstances: while
> > connected
> > > to a Wi-Fi with very restricted policy(even DNS queries to external
> > servers
> > > are blocked) I wasn't able to import Qubes master key - it failed with
> > > message:
> > > > System exit!
> > > > RAN: '/usr/bin/gpg --keyserver (...)
> > > > STDOUT:
> >
> > What exactly have you done? Standard Qubes builder have all the required
> > keys in qubes-developers-keys.asc file, do not require any keyserver
> > access.
> >
> I used builder from https://www.qubes-os.org/doc/templates/archlinux/ - the
> one difference is that I didn't created new AppVM - I used a renamed and
> resized "work".
Running `make get-sources` first should avoid this.
> > > But using KGpg I was able to connect to
> > > hkp://hkps.pool.sks-keyservers.net:80 and search for Qubes
> > certificate(I
> > > wasn't brave enough to try it that way.) so I suppose that the problem
> > was
> > > the hkp protocol based on +1000 tcp port which sometimes can be blocked.
> > >
> > > But few hours later, with less restricted network I'm stuck with another
> > > problem: I can't make arch template - it's exits at make qubes-vm with
> > > > Makefile.generic:20: *** Building packages for archlinux not supported
> > by
> > > any of configured plugins. Stop.
> > > > Makefile:208: recipe for target 'vmm-xen-vm' failed
> > > I had edited both files(screenshots from orange AppVM at
> > > https://www.qubes-os.org/doc/templates/archlinux/ differs from the
> > > instruction) in example-config, added line with git repo to
> > builder.conf
> > > and don't know what gone wrong. What can I do?
> >
> > It looks like you haven't enabled builder-archlinux plugin (on that page
> > - - using `setup` tool).
> >
> > Weird, I'm sure that I done it -
> https://gist.github.com/jpalczewski/0682b7356fb531ddde29d53242ea324f
> contains builder.conf & whole log of first three make output at the bottom.
> Should `make get-sources` clone builder-archlinux repo?
Check `make build-info` - builder-archlinux should be in both
BUILDER_PLUGINS and COMPONENTS. If not, add to COMPONENTS manually.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
WB/3cfBKpDxCmQZXVqbqL2E6HHZ6F1+vauKkdCefv12KXJbosUZamx5ERLLWu4/3
TYwajOjXKA9x3PyBqXxPeEORWJ2zbgdq6MbqDV62gM/ewGnJKvAvIGvpvyzlix7R
+RcMJyYf2382s7WTbvOYOKji/nWqIMuahv9x/vz1kXYj00vRWMIgRMKTtWEqL6gy
EM1KEuC0Lm8Ulbi/l5vGyOWGWpXur6uiV3qZKWuTq80q+6U5VLz0pulDHWsxia7R
7TcD4tKViD67akYPupFh0gVyg+AltvtOPReMFGpWieQN1UvFl2DfQ5ByUq1Wdb8=
=1rRV
-----END PGP SIGNATURE-----
Jacek Palczewski
May 16, 2016, 4:38:45 PM5/16/16
to qubes-devel, jpalc...@protonmail.ch
That was it - `make build-info` showed that builder-archlinux was automatically removed by configuration file, so adding it to TEMPLATE array fixed problem and it's downloading bootstrap right now.
Thanks a lot!
Regards,
Jacek
Reply all
Reply to author
Forward
0 new messages