"guix import gnu" says public key is not in keyring

Done

Details

2 participants

Jesse Gibbons
Ludovic Courtès

Owner: unassigned

Submitted by: Jesse Gibbons

Severity: normal

Jesse Gibbons wrote on 2 Jun 2019 05:33

Recipients:(address . bug-guix@gnu.org)

Message-ID:20190601213351.5548038c@gmail.com

I am trying to define the gnurobots package using guix import. I try

the following and get the corresponding results:

~$ guix import gnu gnurobots

Starting download of /tmp/guix-file.sRnZ4I

From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz...

gnurobots-1.2.0.tar.gz 173KiB 163KiB/s 00:01

[##################] 100.0%

Starting download of /tmp/guix-file.cZoC7H

From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz.sig...

….0.tar.gz.sig 72B 170KiB/s 00:00

[##################] 100.0% In execvp of gpgv: No such file or directory

guix import: warning: signature verification failed for

`ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz' guix import:

warning: (could be because the public key is not in your keyring) guix

import: error: 'gnu' import failed

~$ guix import gnu --key-download=interactive gnurobots

Starting download of /tmp/guix-file.e0KAGy

From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz...

gnurobots-1.2.0.tar.gz 173KiB 162KiB/s 00:01

[##################] 100.0%

Starting download of /tmp/guix-file.lStU1V

From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz.sig...

….0.tar.gz.sig 72B 111KiB/s 00:00

[##################] 100.0% In execvp of gpgv: No such file or directory

guix import: warning: signature verification failed for

`ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz' guix import:

warning: (could be because the public key is not in your keyring) guix

import: error: 'gnu' import failed

~$ guix import gnu --key-download=always gnurobots

Starting download of /tmp/guix-file.DtCU1Y

From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz...

gnurobots-1.2.0.tar.gz 173KiB 178KiB/s 00:01

[##################] 100.0%

Starting download of /tmp/guix-file.QOlbzN

From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz.sig...

….0.tar.gz.sig 72B 48KiB/s 00:00

[##################] 100.0% In execvp of gpgv: No such file or directory

guix import: warning: signature verification failed for

`ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz' guix import:

warning: (could be because the public key is not in your keyring) guix

import: error: 'gnu' import failed

~$ guix import gnu --key-download=never gnurobots

Starting download of /tmp/guix-file.fgTq6E

From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz...

gnurobots-1.2.0.tar.gz 173KiB 132KiB/s 00:01

[##################] 100.0%

Starting download of /tmp/guix-file.v4rsPY

From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz.sig...

….0.tar.gz.sig 72B 51KiB/s 00:00

[##################] 100.0% In execvp of gpgv: No such file or directory

guix import: warning: signature verification failed for

`ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz' guix import:

warning: (could be because the public key is not in your keyring) guix

import: error: 'gnu' import failed

It appears the --key-download option does nothing, even though the

documentation says --key-download=always should automatically

install the missing keys, and there should be a prompt if the option

is omitted. This is fixed when I install gnupg. It appears guix needs

gnupg as a propagated input for this function to work statelessly.

If anyone has a contrary opinion, please express it. I will

make, test, and submit a patch on Monday if nobody beats me to it.

--Jesse

Ludovic Courtès wrote on 2 Jun 2019 18:13

Recipients:(name . Jesse Gibbons)(address . jgibbons2357@gmail.com)(address . 36051@debbugs.gnu.org)

Message-ID:87tvd87yoz.fsf@gnu.org

Hi,

Jesse Gibbons <jgibbons2357@gmail.com> skribis:

Toggle quote (5 lines)

> Starting download of /tmp/guix-file.cZoC7H

> From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz.sig...

> ….0.tar.gz.sig 72B 170KiB/s 00:00

> [##################] 100.0% In execvp of gpgv: No such file or directory

The real issue here is that ‘gpgv’ cannot be found in $PATH.

I think you have to run “guix install gnupg” to fix it.

HTH,

Ludo’.

Jesse Gibbons wrote on 2 Jun 2019 20:43

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20190602124356.2202614c@gmail.com

On Sun, 02 Jun 2019 18:13:16 +0200

Ludovic Courtès <ludo@gnu.org> wrote:

Toggle quote (17 lines)> Hi,
> 
> Jesse Gibbons <jgibbons2357@gmail.com> skribis:
> 
> > Starting download of /tmp/guix-file.cZoC7H
> > From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz.sig...
> >  ….0.tar.gz.sig  72B                  170KiB/s 00:00
> > [##################] 100.0% In execvp of gpgv: No such file or
> > directory  
> 
> The real issue here is that ‘gpgv’ cannot be found in $PATH.
> 
> I think you have to run “guix install gnupg” to fix it.
> 
> HTH,
> Ludo’.

I pointed that out at the end of my bug report. I thought guix was
supposed to be stateless, with behavior independent on what the user has
installed, so I recommended adding gnupg as a propagated input so it
wouldn't be dependant on a user (or administrator) installing gnupg.
If it is preferrable not to install gnupg alongside guix, then I will
note in the docs that gnupg must be found in $PATH for "guix import
gnu", "guix import elpa" and "guix refresh" to be successful, and then
we can close this issue.

Thanks,
-Jessez

Ludovic Courtès wrote on 2 Sep 2019 21:41

Recipients:(name . Jesse Gibbons)(address . jgibbons2357@gmail.com)(address . 36051-done@debbugs.gnu.org)

Message-ID:87mufm7afn.fsf@gnu.org

Hi Jesse,

Jesse Gibbons <jgibbons2357@gmail.com> (by way of Jesse Gibbons

<jgibbons2357@gmail.com>) skribis:

Toggle quote (29 lines)> On Sun, 02 Jun 2019 18:13:16 +0200
> Ludovic Courtès <ludo@gnu.org> wrote:
>
>> Hi,
>> 
>> Jesse Gibbons <jgibbons2357@gmail.com> skribis:
>> 
>> > Starting download of /tmp/guix-file.cZoC7H
>> > From ftp://ftp.gnu.org/gnu/gnurobots/gnurobots-1.2.0.tar.gz.sig...
>> >  ….0.tar.gz.sig  72B                  170KiB/s 00:00
>> > [##################] 100.0% In execvp of gpgv: No such file or
>> > directory  
>> 
>> The real issue here is that ‘gpgv’ cannot be found in $PATH.
>> 
>> I think you have to run “guix install gnupg” to fix it.
>> 
>> HTH,
>> Ludo’.
>
> I pointed that out at the end of my bug report. I thought guix was
> supposed to be stateless, with behavior independent on what the user has
> installed, so I recommended adding gnupg as a propagated input so it
> wouldn't be dependant on a user (or administrator) installing gnupg.
> If it is preferrable not to install gnupg alongside guix, then I will
> note in the docs that gnupg must be found in $PATH for "guix import
> gnu", "guix import elpa" and "guix refresh" to be successful, and then
> we can close this issue.

I finally went ahead and mentioned it in the manual in commit

d34e9114e679666dfbf7caf577117010eca20520.

Thanks,

Ludo’.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 36051@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date