Re: [Qubes Forum] [qubes-users] Issues building dom0, "Package rpm-devel is not signed" [Mailing Lists/qubes-users]

7 views
Skip to first unread message

ydi...@free.fr

unread,
Jul 6, 2021, 11:47:20 AM7/6/21
to qubes...@googlegroups.com

De: "mailinglist_bot via Qubes OS Forum" <qube...@forum.qubes-os.org>
À: ydi...@free.fr
Envoyé: Lundi 5 Juillet 2021 16:20:57
Objet: [Qubes Forum] [qubes-users] Issues building dom0, "Package rpm-devel is not signed" [Mailing Lists/qubes-users]

mailinglist_bot
July 5

ydi...@free.fr:

Hi all,

(resent here since something seems to block with qubes-devel)

I'm probably missing something in how the build is supposed to work:

Following the build instructions at Qubes ISO Building | Qubes OS,
configuring with ./setup, first with NO_SIGN=1. The build of rpm-dom0-fc25
succeeds, and then the build of linux-dom0-updates-dom0-fc25 fails with:

  Downloading Packages:
  [SKIPPED] perl-Fedora-VSP-0.001-4.fc25.noarch.rpm: Already downloaded
  [SKIPPED] perl-generators-1.10-1.fc25.noarch.rpm: Already downloaded
  Package rpm-devel-4.14.2.1-5.fc25.x86_64.rpm is not signed

Plugging that error into a search engine suggests adding a "--nogpgcheck" flag to yum to work around it, but it seems odd/suspicious that would be needed if the other packages are passing the signature check. Are you building a 4.0 ISO?

Yes, for a start I'm trying to build 4.0, next planned step being updating
some packages for better support for my hardware.

Is 4.0 supposed to be immune to the problem described in

At first I thought that maybe the NO_SIGN=1 case was not being as much used
as the NO_SIGN=0 one, so I went generating a key and configure it as
explained in Qubes Builder | Qubes OS.

You should be able to complete the entire build without signing it. The error is saying the downloaded package is not signed, not your build.

What is strange then, is that if I remove "rpm" from the packages to build (the same
way it is suggested to remove gcc to save build time) I get rid of the error (and then
it fails with the same problem for "drpm", but at least linux-firmware was built first,
so while not satisfying it looks like a viable workaround for my immediate needs)

Also, is it really a good thing to have 2 separate pages talking about roughly the
same thing, with /doc/qubes-builder/ telling about NO_SIGN (which we see in templates)
and .rpmmacros, and /doc/qubes-iso-building/ talking about "fully signed build" using
SIGN_KEY (which we don't see in templates) ?

Probably not the best, but when I last looked at it I couldn't figure out a way to consolidate them without making it overly cluttered. Please submit a pull request if you have an idea, though.

I'll happily try once I've understood those signing issues :)

Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

                                                           

awokd

unread,
Jul 6, 2021, 9:37:15 PM7/6/21
to qubes...@googlegroups.com
ydi...@free.fr:
> Is 4.0 supposed to be immune to the problem described in
> https://github.com/QubesOS/qubes-issues/issues/6522 ?

Good find, that is probably it. I haven't tried to do a build since
before April.

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
Reply all
Reply to author
Forward
0 new messages